Skip to main content

Tivoli Monitoring

24 CVEs product

Monthly

CVE-2025-3354 HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-3320 HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-3357 CRITICAL This Week

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Tivoli Monitoring
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2020-4311 HIGH PATCH This Week

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. Rated high severity (CVSS 7.0). This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE IBM Tivoli Monitoring
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2017-1635 HIGH Act Now

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Memory Corruption IBM Use After Free RCE Tivoli Monitoring
NVD
CVSS 3.0
8.0
EPSS
18.2%
CVE-2017-1183 HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Tivoli Monitoring
NVD
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-1182 HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.5
EPSS
2.5%
CVE-2017-1181 HIGH This Week

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
7.0
EPSS
0.0%
CVE-2016-6083 MEDIUM PATCH This Month

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Monitoring
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2016-5933 MEDIUM This Month

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Tivoli Monitoring
NVD
CVSS 3.0
4.6
EPSS
0.2%
CVE-2016-2946 HIGH PATCH This Week

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Tivoli Monitoring
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-7411 CRITICAL Act Now

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Monitoring
NVD
CVSS 3.0
9.9
EPSS
0.8%
CVE-2015-5003 HIGH This Week

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Tivoli Monitoring
NVD
CVSS 3.0
8.5
EPSS
1.3%
CVE-2014-6141 HIGH This Week

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Tivoli Monitoring
NVD
CVSS 2.0
8.5
EPSS
0.3%
CVE-2013-2961 MEDIUM This Month

The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2960 MEDIUM This Month

Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
5.0
EPSS
2.9%
CVE-2013-0551 MEDIUM This Month

The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-0548 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Monitoring Application Manager For Smart Business
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-0576 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Monitoring
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-4823 CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
14.4%
CVE-2012-4822 CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
11.3%
CVE-2012-4821 CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
5.0%
CVE-2012-4820 CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Java Information Disclosure IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
9.4%
CVE-2012-3297 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Monitoring
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 8.1
HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM +2
NVD
EPSS 0% CVSS 8.1
HIGH This Month

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow IBM +2
NVD
EPSS 1% CVSS 9.8
CRITICAL This Week

IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically allocated array. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM RCE Tivoli Monitoring
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute arbitrary code on the system. Rated high severity (CVSS 7.0). This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE IBM Tivoli Monitoring
NVD
EPSS 18% CVSS 8.0
HIGH Act Now

IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free error. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Memory Corruption IBM Use After Free +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi IBM Tivoli Monitoring
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

IBM Information Disclosure Tivoli Monitoring
NVD
EPSS 0% CVSS 7.0
HIGH This Week

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. Rated high severity (CVSS 7.0). No vendor patch available.

IBM Information Disclosure Tivoli Monitoring
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

IBM Tivoli Monitoring V6 could allow an unauthenticated user to access SOAP queries that could contain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Tivoli Monitoring
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could lead to HTTP cache poisoning or firewall bypass. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Authentication Bypass Tivoli Monitoring
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Tivoli Monitoring
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Privilege Escalation Tivoli Monitoring
NVD
EPSS 1% CVSS 8.5
HIGH This Week

The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Command Injection Tivoli Monitoring
NVD
EPSS 0% CVSS 8.5
HIGH This Week

IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Tivoli Monitoring
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The internal web server in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass IBM Tivoli Monitoring +1
NVD
EPSS 3% CVSS 5.0
MEDIUM This Month

Buffer overflow in KDSMAIN in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service IBM +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Tivoli Monitoring +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Tivoli Monitoring +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise Portal browser client in IBM Tivoli Monitoring 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP02. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Monitoring
NVD
EPSS 14% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 11% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 9% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Java Information Disclosure +16
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the embedded HTTP server in the Service Console in IBM Tivoli Monitoring 6.2.2 before 6.2.2-TIV-ITM-FP0009 and 6.3.2 before 6.2.3-TIV-ITM-FP0001 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Tivoli Monitoring
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy