The default file folder permissions on ITM windows installation allow for non-privileged access which could allow for exploits such as dll planting.
IBM Tivoli Monitoring could allow a local attacker to execute arbitrary code on the system. By placing a specially crafted file, an attacker could exploit this vulnerability to load other DLL files located in the same directory and execute arbitrary code on the system.
Technical details 🔗
A complete article will be shared later. Stay tuned! 😉
External references 🔗
- IBM Security Bulletin: IBM Tivoli Monitoring insufficient default file/folder permissions on windows.
- IBM Security Patch: 6.3.0-TIV-ITM-FP0007-CVE-2020-4311
- MITRE CVE: CVE-2020-4311
- NIST NVD: CVE-2020-4311