9.8
CVE-2025-3356
- EPSS 0.17%
- Veröffentlicht 30.10.2025 19:22:37
- Zuletzt bearbeitet 07.11.2025 02:10:58
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Update-
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp1
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp10
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp11
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp12
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp13
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp14
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp15
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp16
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp17
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp18
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp19
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp2
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp20
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp21
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp3
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp4
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp5
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp6
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp7
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp8
Ibm ≫ Tivoli Monitoring Version6.3.0.7 Updatesp9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.384 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.