CVE-2015-5003

HIGH

IBM Tivoli Monitoring 6.2.2-6.2.2 FP9, 6.2.3-6.2.3 FP5, 6.3.0 < FP7 - Command Injection via Take Action View

Title source: llm
STIX 2.1

Description

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input.

References (3)

Core 3
Core References
Various Sources vendor-advisory x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=swg1IV77742
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034924
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21970361

Scores

CVSS v3 8.5
EPSS 0.0335
EPSS Percentile 87.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (3)
ibm/tivoli_monitoring 6.2.2
ibm/tivoli_monitoring 6.2.3
ibm/tivoli_monitoring 6.3.0
Published Jan 03, 2016
Tracked Since Feb 18, 2026