Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0E6C36AA0AE26A92B3320E10EB0FF0C10724B1CFCCE3BCA426B32FFB32CA660D
HistoryJun 28, 2023 - 10:07 p.m.

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Network Manager IP Edition (CVE-2018-1656, CVE-2018-12539)

2023-06-2822:07:45
www.ibm.com
7
ibm
websphere
tivoli
network manager
ip edition
security vulnerabilities
2018
fixes
java sdk
end of support

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.5%

JSON

Summary

IBM WebSphere Application Server is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about security vulnerabilities affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU for vulnerability details and information about fixes.

Affected Products and Versions

IBM Tivoli Network Manager IP Edition 3.9, 4.1.1 and 4.2.

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server, which is shipped with IBM Tivoli Network Manager IP Edition versions 3.9 and 4.1.1; and a product required by IBM Tivoli Network Manager IP Edition version 4.2.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Tivoli Network Manager IP Edition 3.9 Bundled the TIP version 2.1.0.x, which bundles IBM WebSphere version 7.0.0.x. Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU
See Section “For V7.0.0.0 through 7.0.0.45 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:
IBM Tivoli Network Manager IP Edition 4.1.1 Bundled the TIP version 2.2.0.x, which bundles IBM WebSphere version 7.0.0.x. Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU
See Section “For V7.0.0.0 through 7.0.0.45 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:
IBM Tivoli Network Manager IP Edition 4.2 IBM Tivoli Network Manager IP Edition 4.2 requires the installation of IBM WebSphere Application Server Version 8.5.5.5 or later version separately. Users are recommended to apply IBM WebSphere version 8.5.5.5 Security Interim Fixes. Multiple Vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2018 CPU
See Section “For V8.5.0.0 through 8.5.5.14 WebSphere Application Server Traditional and WebSphere Application Server Hypervisor Edition:

Please also note the** end of support announcement from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the Netcool End of Support Knowledge Collection. ** If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmtivoli_storage_managerMatch3.9
OR
ibmtivoli_storage_managerMatch4.1.1
OR
ibmtivoli_storage_managerMatch4.2

Related

ibm 126
veracode 2
cvelist 2
nvd 2
redhatcve 2
prion 2
osv 1
cve 2
ubuntucve 1
nessus 15
openvas 7
redhat 6
aix 1
oracle 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester
2018-09-27 05:10:01
Security Bulletin: Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio (CVE-2018-1656 and CVE-2018-12539)
2018-09-13 10:06:11
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-1656, CVE-2018-12539)
2019-01-16 22:05:01
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:24:36
Directory Traversal
2019-05-16 03:24:18
cvelist
cvelist
CVE-2018-12539
2018-08-14 19:00:00
CVE-2018-1656
2018-08-16 00:00:00
nvd
nvd
CVE-2018-12539
2018-08-14 19:29:00
CVE-2018-1656
2018-08-20 21:29:01
redhatcve
redhatcve
CVE-2018-12539
2019-10-10 23:34:49
CVE-2018-1656
2018-08-17 20:49:15
prion
prion
Default configuration
2018-08-14 19:29:00
Path traversal
2018-08-20 21:29:00
osv
osv
CVE-2018-12539
2018-08-14 19:29:00
cve
cve
CVE-2018-12539
2018-08-14 19:29:00
CVE-2018-1656
2018-08-20 21:29:01
ubuntucve
ubuntucve
CVE-2018-1656
2018-08-20 00:00:00
nessus
nessus
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2583-1)
2018-09-04 00:00:00
RHEL 6 : java-1.7.1-ibm (RHSA-2018:2712)
2018-09-18 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:2649-1)
2018-09-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:2574-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2649-2)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:2583-1)
2021-06-09 00:00:00
redhat
redhat
(RHSA-2018:2569) Important: java-1.7.1-ibm security update
2018-08-27 14:10:03
(RHSA-2018:2576) Important: java-1.7.1-ibm security update
2018-08-28 19:07:03
(RHSA-2018:2712) Moderate: java-1.7.1-ibm security update
2018-09-17 14:42:53
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2018-09-19 08:42:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2019
2019-04-16 00:00:00

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

58.5%

JSON
Related for 0E6C36AA0AE26A92B3320E10EB0FF0C10724B1CFCCE3BCA426B32FFB32CA660D
ibm126veracode2cvelist2nvd2redhatcve2prion2osv1cve2ubuntucve1nessus15openvas7redhat6aix1oracle1