Published: 31/12/2015 Updated: 31/12/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Subscribe to Uptime Infrastructure Monitor

The up.time client in Idera Uptime Infrastructure Monitor up to and including 7.6 allows remote malicious users to obtain potentially sensitive version, OS, process, and event-log information via a command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
idera uptime infrastructure monitor

Downtime for Up.Time: time to patch some bugs

The Register • Richard Chirgwin • 09 Dec 2015

Server crash monitor easy to crash

Popular sysadmin tool Up.Time from Idera software needs patching, with bugs exposing it to denial-of-service attacks and possible remote code execution. The bugs in the server monitoring tool (now known as Uptime Infrastructure Monitor), outlined by the Carnegie-Mellon CERT here, cover three CVEs: CVE-2015-2894, CVE-2015-2895 and CVE-2015-2896. The first of these is an uncontrolled format string, in Up.Time 6.0 and 7.2, allowing an attacker to crash the application by sending %n or %s as format ...

CVE-2015-2896

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect