CNNVD-202510-4182 Information

CNNVD ID

CNNVD-202510-4182

Related CVE

CVE-2025-3356

• CNNVD Published: 2025-10-30

Description (Chinese)

IBM Tivoli Monitoring是美国国际商业机器（IBM）公司的一套系统监控软件。该软件支持检测系统瓶颈和潜在的问题、对基本系统资源进行性能监控、自动从危急情况中恢复等。 IBM Tivoli Monitoring 6.3.0.7版本至6.3.0.7 Service Pack 21版本存在路径遍历漏洞，该漏洞源于未正确处理特制URL请求中的点序列，可能导致路径遍历攻击。

Description (English)

IBM Tivoli Monitoring is a system monitoring software for the United States International Business Machinery (IBM). The software supports detection of system bottlenecks and potential problems, performance monitoring of basic system resources, automatic recovery from crisis situations, etc. Versions IBM Tivoli Monitoring 6.3.0.7 to 6.3.0.7 Service Pack 21 contain a loophole, which stems from the incorrect handling of the point sequence in the specially designed URL request and may lead to a routing attack.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

国际商业机器

Published

2025-10-30

Last Modified

2026-02-24

References

https://www.ibm.com/support/pages/node/7249694

Patch

https://www.ibm.com/support/pages/node/7249694