fkie_nvd - fkie_cve-2015-7411

fkie_cve-2015-7411

Vulnerability from fkie_nvd

Published

2016-03-12 02:59

Modified

2025-04-12 10:46

Severity ?

9.9 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.

References

URL	Tags
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg1IV77992
psirt@us.ibm.com	http://www-01.ibm.com/support/docview.wss?uid=swg21973559	Vendor Advisory
psirt@us.ibm.com	http://www.securitytracker.com/id/1035240
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg1IV77992
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21973559	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035240

Impacted products

Vendor	Product	Version
ibm	tivoli_monitoring	6.2.2
ibm	tivoli_monitoring	6.2.2.1
ibm	tivoli_monitoring	6.2.2.2
ibm	tivoli_monitoring	6.2.2.3
ibm	tivoli_monitoring	6.2.2.4
ibm	tivoli_monitoring	6.2.2.5
ibm	tivoli_monitoring	6.2.2.6
ibm	tivoli_monitoring	6.2.2.7
ibm	tivoli_monitoring	6.2.2.8
ibm	tivoli_monitoring	6.2.2.9
ibm	tivoli_monitoring	6.2.3
ibm	tivoli_monitoring	6.3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E20435-C3A0-4A57-B82A-595A48BB0991",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5010AB5-0932-4F05-9D6A-9D4C49151E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7299B1C8-7BC2-4F42-B19E-4D0D2E599D02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FC98EF0-EDCA-47D8-A4CE-083E3AA0376C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6522CFEE-4368-4596-8DB9-18247AB19C67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E386E16-9F8F-4444-A190-EF964CA339F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC24B012-A887-4A3F-A32C-80435C64BC10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0B310DC-21E5-4A0D-A3D6-B0FD21C6C4F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "499FAEEF-0533-44FE-8249-AE40C6233E06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E8B4310-F5D2-4448-89C1-E6D656351E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "88380637-715A-49CB-A9B6-0F8411225E9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:tivoli_monitoring:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBDE2E0B-6F98-4289-A3AF-EF4105782C7B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "El portal cliente en IBM Tivoli Monitoring (ITM) 6.2.2 hasta la versi\u00f3n FP9, 6.2.3 hasta la versi\u00f3n FP5 y 6.3.0 hasta la versi\u00f3n FP6 permite a usuarios remotos autenticados obtener privilegios a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-7411",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-12T02:59:01.517",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV77992"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973559"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1035240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV77992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973559"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035240"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-7411 (GCVE-0-2015-7411)

Vulnerability from cvelistv5

Published

2016-03-12 02:00