CVE-2017-1183

Опубликовано: 17 июл. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5.4

EPSS Низкий

Описание

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg22003402
Patch
Vendor Advisory
http://www.securityfocus.com/bid/99610
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038913
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/123494
VDB Entry
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg22003402
Patch
Vendor Advisory
http://www.securityfocus.com/bid/99610
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038913
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/123494
VDB Entry
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.2.3.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00911

Низкий

7.5 High

CVSS3

5.4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-66vv-9pj3-6mfw