7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
IBM Security Access Manager Appliance has addressed the following vulnerabilities.
CVEID:CVE-2017-6464
DESCRIPTION: NTP is vulnerable to a denial of service. A remote authenticated attacker could exploit this vulnerability using a malformed mode configuration directive to cause the application to crash.
CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123610> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2017-6463
DESCRIPTION: NTP is vulnerable to a denial of service. By sending an invalid setting, a remote authenticated attacker could exploit this vulnerability using the :config directive to cause the daemon to crash.
CVSS Base Score: 4.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123612> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H)
CVEID:CVE-2017-6462
DESCRIPTION: NTP is vulnerable to a denial of service, caused by a buffer overflow in the legacy Datum Programmable Time Server refclock driver. By sending specially crafted packets, a local authenticated attacker could exploit this vulnerability to overflow a buffer and cause a denial of service.
CVSS Base Score: 1.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/123611> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L)
Affected IBM Security Access Manager Appliance
|
Affected Versions
โ|โ
IBM Security Access Manager for Web | 7.0 - 7.0.0.33
IBM Security Access Manager for Web | 8.0 - 8.0.1.7
IBM Security Access Manager for Mobile | 8.0 - 8.0.1.7
IBM Security Access Manager | 9.0 - 9.0.5.0
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Security Access Manager for Web | 7.0 - 7.0.0.32 (appliance) | IJ03473 | Apply Interim Fix 34: |
7.0.0-ISS-WGA-IF0034 | |||
IBM Security Access Manager for Web | 8.0.0.0 - | ||
8.0.1.7 | IJ03471 |
1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-WGA-FP0007_ _
2. Apply 8.0.1.7 IF1:
8.0.1.7-ISS-WGA-IF0001
IBM Security Access Manager for Mobile | 8.0.0.0 -
8.0.1.7 | IJ03472 |
1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-ISAM-FP0007
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-ISAM-IF0001
IBM Security Access Manager | 9.0 -
9.0.5.0 | IJ03471 |
1. For versions prior to 9.0.5.0, upgrade to 9.0.5.0:
2. Upgrade to 9.0.5.0 IF 1:
9.0.5.0-ISS-ISAM-IF0001
None.
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P