Lucene search

IBM11C0A54398BDDF9E7E948CAF2FDDDC50328F9DDB116022E845E5F30634D248D4

HistoryJun 17, 2018 - 3:07 p.m.

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects Tivoli Netcool Impact (CVE-2015-1927)

2018-06-1715:07:05

www.ibm.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Summary

IBM WebSphere Application Server is shipped as a component of Tivoli Netcool/Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin PI31622: Potential Security Vulnerability with serveServlets CVE-2015-1927 for vulnerability details and information about fixes.

CVEID: CVE-2015-1927 DESCRIPTION: IBM WebSphere Application Server could allow a remote attacker to gain elevated privileges on the system, caused by an application not having the correct serveServletsbyClassname setting. By a developer not setting the correct property, an attacker could exploit this vulnerability to gain unauthorized access.
CVSS Base Score: 6.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102872> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Netcool/Impact 6.1.x| WebSphere 7.0
Tivoli Netcool/Impact 7.1.0| WebSphere Liberty Profile 8.5.5

Remediation/Fixes

VRMF	Websphere release level	Remediation
7.1.0

| 8.5.5

| Apply 7.1.0-TIV-NCI-FP0003 for Websphere Liberty Profile upgrade to 8.5.5.6

See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083>
6.1.1| 7.0| Apply Fix Pack 39 (7.0.0.39), or later (targeted to be available 26 October 2015).
-- OR

Apply Interim Fix PI31622

See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083>
6.1| 7.0| Apply Fix Pack 39 (7.0.0.39), or later (targeted to be available 26 October 2015).
-- OR

Apply Interim Fix PI31622

See Websphere Application Server Security Bulletin for more details:
<http://www-01.ibm.com/support/docview.wss?uid=swg21959083>

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/impacteq6.1
tivoli netcool/impacteq6.1.1
tivoli netcool/impacteq7.1.0

Name	Operator	Version
tivoli netcool/impact	eq	6.1
tivoli netcool/impact	eq	6.1.1
tivoli netcool/impact	eq	7.1.0

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for 11C0A54398BDDF9E7E948CAF2FDDDC50328F9DDB116022E845E5F30634D248D4