IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array.
The vulnerability results from improper validation of dynamically allocated array index values (CWE-1285, CWE-129). An attacker can supply specially crafted input data that causes access to an incorrect array index. This leads to memory corruption or other undefined behavior, which can subsequently be exploited to execute arbitrary code (RCE) without authentication.
An attacker can remotely execute arbitrary code on the affected system, potentially resulting in complete server compromise, violation of confidentiality, integrity, and data availability.
Apply patches available from the vendor according to the references — detailed information about available fixes can be found at: https://www.ibm.com/support/pages/node/7234923
IBM Tivoli Monitoring in versions 6.3.0.7 through 6.3.0.7 Service Pack 19 (inclusive).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIBM Tivoli Monitoring
APPIbm6.3.0.7
Related vulnerabilities
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through ...
The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 a...
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse direct...
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse direct...
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, c...