CVE-2025-3356

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 8.6

CVSS3: 9.8

EPSS Низкий

Описание

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.

Ссылки

https://www.ibm.com/support/pages/node/7249694
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*

cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00237

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-fw76-qjj6-w857

CVSS3: 8.6

github

3 месяца назад

EPSS

Процентиль: 46%

0.00237

Низкий

8.6 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-22