ByteOS Network

Vulnerability Details :

CVE-2007-3537

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-03 Jul, 2007 | 20:00

Updated At-07 Aug, 2024 | 14:21

IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:03 Jul, 2007 | 20:00

Updated At:07 Aug, 2024 | 14:21

▼CVE Numbering Authority (CNA)

IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/25885	third-party-advisory x_refsource_SECUNIA
http://osvdb.org/37792	vdb-entry x_refsource_OSVDB
http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17	vendor-advisory x_refsource_AIXAPAR
https://exchange.xforce.ibmcloud.com/vulnerabilities/35173	vdb-entry x_refsource_XF
http://www.securityfocus.com/bid/24706	vdb-entry x_refsource_BID

Hyperlink: http://secunia.com/advisories/25885

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://osvdb.org/37792

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17

Resource:

vendor-advisory

x_refsource_AIXAPAR

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35173

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.securityfocus.com/bid/24706

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/25885	third-party-advisory x_refsource_SECUNIA x_transferred
http://osvdb.org/37792	vdb-entry x_refsource_OSVDB x_transferred
http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17	vendor-advisory x_refsource_AIXAPAR x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/35173	vdb-entry x_refsource_XF x_transferred
http://www.securityfocus.com/bid/24706	vdb-entry x_refsource_BID x_transferred

Hyperlink: http://secunia.com/advisories/25885

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://osvdb.org/37792

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17

Resource:

vendor-advisory

x_refsource_AIXAPAR

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35173

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.securityfocus.com/bid/24706

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:03 Jul, 2007 | 20:30

Updated At:29 Jul, 2017 | 01:32

IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N

Type: Primary

Version: 2.0

Base score: 7.8

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:N/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://osvdb.org/37792	cve@mitre.org	N/A
http://secunia.com/advisories/25885	cve@mitre.org	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17	cve@mitre.org	N/A
http://www.securityfocus.com/bid/24706	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/35173	cve@mitre.org	N/A

Hyperlink: http://osvdb.org/37792

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/25885

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=nas2742405285431729b86256e620067dc17

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/24706

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/35173

Source: cve@mitre.org

Resource: N/A

Similar CVEs

7Records found

CVE-2021-20354

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-5.9||MEDIUM

EPSS-0.29% / 51.75%

7 Day CHG~0.00%

Published-18 Feb, 2021 | 15:10

Updated-16 Sep, 2024 | 20:57

IBM WebSphere Application Server 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 194883.

Vendor-Microsoft Corporation HP Inc.IBM Corporation Linux Kernel Organization, Inc Oracle Corporation

Product-solaris linux_kernel websphere_application_server i hp-ux windows z\/os aix WebSphere Application Server

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2015-4988

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-8.6||HIGH

EPSS-0.49% / 64.69%

7 Day CHG~0.00%

Published-18 Jan, 2016 | 02:00

Updated-12 Apr, 2025 | 10:46

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.

Vendor-n/a IBM Corporation

Product-tealeaf_customer_experience n/a

CWE ID-CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2015-1941

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-7.8||HIGH

EPSS-4.23% / 88.32%

7 Day CHG~0.00%

Published-30 Jun, 2015 | 15:00

Updated-12 Apr, 2025 | 10:46

The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port.

Vendor-n/a IBM Corporation

Product-tivoli_storage_manager_fastback n/a

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CVE-2014-8892

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-7.8||HIGH

EPSS-1.17% / 77.83%

7 Day CHG~0.00%

Published-06 Mar, 2015 | 23:00

Updated-12 Apr, 2025 | 10:46

Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 5.0 before SR16-FP9, 6 before SR16-FP3, 6R1 before SR8-FP3, 7 before SR8-FP10, and 7R1 before SR2-FP10 allows remote attackers to bypass intended access permissions and obtain sensitive information via unspecified vectors related to the security manager.

Vendor-n/a IBM Corporation

Product-java_sdk n/a

CVE-2014-6154

Matching Score-8

Assigner-IBM Corporation

View Details

Matching Score-8

Assigner-IBM Corporation

CVSS Score-7.8||HIGH

EPSS-0.31% / 53.37%

7 Day CHG~0.00%

Published-13 Feb, 2015 | 02:00

Updated-12 Apr, 2025 | 10:46

Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on Linux, UNIX, and Windows allows remote attackers to access arbitrary files via a .. (dot dot) in a URL.