CVE Vulnerability

CVE-2007-2137

Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://www-1.ibm.com/support/docview.wss?uid=swg24012341 Patch
http://www.zerodayinitiative.com/advisories/ZDI-07-018.html Vendor Advisory
http://www.securityfocus.com/bid/23558 Patch
http://www.securitytracker.com/id?1017933
http://secunia.com/advisories/24938
http://securityreason.com/securityalert/2597
http://www.vupen.com/english/advisories/2007/1456
https://exchange.xforce.ibmcloud.com/vulnerabilities/33746
http://www.securityfocus.com/archive/1/466216/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:ibm:tivoli_monitoring_express:6.1.0:*:*:*:*:*:*:*
Information

Published : 2007-04-22 07:19

Updated : 2018-10-16 04:42

NVD link : CVE-2007-2137

Mitre link : CVE-2007-2137

Products Affected
No products.
CWE
NVD-CWE-Other