Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2015-0254)

2018-06-1715:25:18

www.ibm.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

Apache Standard Taglibs integrated within WebSphere Application Server is shipped as a component of IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin

Vulnerability Details

Please consult the security bulletin Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254) for vulnerability details and information about fixes.

Affected Products and Versions

Affected Product and Version(s)	Product and Version shipped as a component
IBM Tivoli Network Manager 3.8	IBM WebSphere version 6.1.0.x.
IBM Tivoli Network Manager 3.9	IBM WebSphere version 7.0.0.x
IBM Tivoli Network Manager 4.1	IBM WebSphere version 7.0.0.x
IBM Tivoli Network Manager 4.1.1	IBM WebSphere version 7.0.0.x
IBM Tivoli Network Manager 4.2	IBM WebSphere version 8.5.5.7 is not shipped as a component but Tivoli Network Manager 4.2 required IBM WebSphere version 8.5.5.7 to run.

CPENameOperatorVersion
tivoli network manager ip editioneq3.8
tivoli network manager ip editioneq3.9
tivoli network manager ip editioneq4.1
tivoli network manager ip editioneq4.1.1
tivoli network manager ip editioneq4.2

Name	Operator	Version
tivoli network manager ip edition	eq	3.8
tivoli network manager ip edition	eq	3.9
tivoli network manager ip edition	eq	4.1
tivoli network manager ip edition	eq	4.1.1
tivoli network manager ip edition	eq	4.2