IBM Tivoli Application Dependency Discovery Manager CVE-2016-8925 Remote File Include Vulnerability

IBM Tivoli Application Dependency Discovery Manager is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to obtain potentially sensitive information; other attacks are also possible.

Information

Bugtraq ID: 97625
Class: Input Validation Error
CVE: CVE-2016-8925

Remote: Yes
Local: No
Published: Apr 12 2017 12:00AM
Updated: Apr 12 2017 12:00AM
Credit: Lukasz Plonka
Vulnerable: IBM Tivoli Application Dependency Discovery Manager 7.3.0.3
IBM Tivoli Application Dependency Discovery Manager 7.3.0.2
IBM Tivoli Application Dependency Discovery Manager 7.3.0.1
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0
IBM Tivoli Application Dependency Discovery Manager 7.2.2.5
IBM Tivoli Application Dependency Discovery Manager 7.2.2.4
IBM Tivoli Application Dependency Discovery Manager 7.2.2.3
IBM Tivoli Application Dependency Discovery Manager 7.2.2.2
IBM Tivoli Application Dependency Discovery Manager 7.2.2.1
IBM Tivoli Application Dependency Discovery Manager 7.2.0

Not Vulnerable:

Exploit

Attackers can use a browser to exploit this issue.

References:

• IBM Homepage (IBM)
  
• swg22001579:Multiple vulnerabilities in IBM Tivoli Application Dependency Discov (IBM)
  

Source: www.securityfocus.com