CVE-2025-3356

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-3356
IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 21 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view, overwrite, or append to arbitrary files on the system.

8.6 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.ibm.com/support/pages/node/7249694 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*
History

07 Nov 2025, 02:10

Type Values Removed Values Added
First Time Ibm tivoli Monitoring
Ibm
References () https://www.ibm.com/support/pages/node/7249694 - () https://www.ibm.com/support/pages/node/7249694 - Vendor Advisory
CPE cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp2:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp11:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp14:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp15:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp1:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp13:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp19:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp18:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp21:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp20:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp5:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp16:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp17:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp8:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp7:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:-:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp3:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp6:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp10:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp4:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp9:*:*:*:*:*:*
cpe:2.3:a:ibm:tivoli_monitoring:6.3.0.7:sp12:*:*:*:*:*:*

30 Oct 2025, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-10-30 20:15

Updated : 2025-11-07 02:10

NVD link : CVE-2025-3356

Mitre link : CVE-2025-3356

CVE.ORG link : CVE-2025-3356

JSON object : View

Products Affected

ibm

  • tivoli_monitoring
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')