CVE-2025-3355

Name of the Vulnerable Software and Affected Versions IBM Tivoli Monitoring versions 6.3.0.7 through 6.3.0.7 Service Pack 21

Description The software potentially allows a remote attacker to access files on the system outside of the intended directories. This is achieved by sending a crafted URL request that includes "dot dot" sequences (/../). The request can be sent to an API endpoint, allowing access to arbitrary files. The vulnerable parameter is the URL itself.

Recommendations Apply updates to versions beyond 6.3.0.7 Service Pack 21.