CVE-2017-1181

IBM Tivoli Monitoring Portal V6 client could allow a local attacker to gain elevated privileges for IBM Tivoli Monitoring, caused by the default console connection not being encrypted. IBM X-Force ID: 123487.

Weakness

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Affected Software

Name	Vendor	Start Version	End Version
Tivoli_monitoring	Ibm	6.2.2.9 (including)	6.2.2.9 (including)
Tivoli_monitoring	Ibm	6.2.3.5 (including)	6.2.3.5 (including)
Tivoli_monitoring	Ibm	6.3.0.7 (including)	6.3.0.7 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/102.html
https://cwe.mitre.org/data/definitions/117.html
https://cwe.mitre.org/data/definitions/383.html
https://cwe.mitre.org/data/definitions/477.html
https://cwe.mitre.org/data/definitions/65.html

References

http://www.ibm.com/support/docview.wss?uid=swg22003402
http://www.securityfocus.com/bid/99596
http://www.securitytracker.com/id/1038913
https://exchange.xforce.ibmcloud.com/vulnerabilities/123487
http://www.ibm.com/support/docview.wss?uid=swg22003402
http://www.securityfocus.com/bid/99596
http://www.securitytracker.com/id/1038913
https://exchange.xforce.ibmcloud.com/vulnerabilities/123487

NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-1181
CWE	https://cwe.mitre.org/data/definitions/319.html

Cleartext Transmission of Sensitive Information

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References