Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1

Summary

Several vulnerabilities have been addressed for: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016; OpenSource OpenSSL; and Opensource Apache Tomcat Vulnerabilities

Vulnerability Details

CVEID: CVE-2016-3427 DESCRIPTION: An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111140 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2016-0799 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a memory error in the BIO_printf() functions. An attacker could exploit this vulnerability using specially crafted data to trigger an out-of-bounds read.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111143 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive information, caused by a side-channel attack against a system based on the Intel Sandy-Bridge microarchitecture. An attacker could exploit this vulnerability to recover RSA keys.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111144 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-2842 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the failure to verify that a certain memory allocation succeeds by the doapr_outch function. A remote attacker could exploit this vulnerability using a specially crafted string to cause an out-of-bounds write or consume an overly large amount of resources.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111304 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2107 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error when the connection uses an AES CBC cipher and the server support AES-NI. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt traffic.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112854 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-2176 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, By sending an overly long ASN.1 string to the X509_NAME_oneline() function, an attacker could exploit this vulnerability to return arbitrary stack data in the buffer.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112858 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2015-3197 DESCRIPTION: OpenSSL could allow a remote attacker to conduct man-in-the-middle attacks, caused by an error related to the negotiation of disabled SSLv2 ciphers by malicious SSL/TLS clients. An attacker could exploit this vulnerability to conduct man-in-the-middle attacks.
CVSS Base Score: 5.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110235 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVEID: CVE-2015-5345 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by an error when accessing a protected directory. By redirecting to the URL, an attacker could exploit this vulnerability to determine the presence of a directory.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110857 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0706 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the loading of the StatusManagerServlet during the configuration of a security manager. An attacker could exploit this vulnerability to obtain deployed applications and other sensitive information.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110855 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2016-0714 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by an error in multiple session persistence mechanisms. By placing a malicious object into a session, an attacker could exploit this vulnerability to bypass a security manager and possibly execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110856 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-5174 DESCRIPTION: Apache Tomcat could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/…/) in the getResource(), getResourceAsStream() and getResourcePaths() ServletContext methods to obtain a directory listing for the directory.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110860 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

• • IBM Cognos TM1 10.1
• IBM Cognos TM1 10.2
• IBM Cognos TM1 10.2.2

Remediation/Fixes

The recommended solution is to apply the fix for versions listed as soon as practical.

Cognos TM1 10.1.1.2 Interim Fix 7

Link: http://www.ibm.com/support/docview.wss?uid=swg24042432

Cognos TM1 10.2.0.2 Interim Fix 7

Link: http://www.ibm.com/support/docview.wss?uid=swg24042431

Cognos TM1 10.2.2 Fix Pack 6

Link: http://www.ibm.com/support/docview.wss?uid=swg24042414