Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli Service Automation Manager (CVE-2016-3485)

Summary

WebSphere Application Server is shipped as components of Tivoli Service Automation Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

CVEID: CVE-2016-3485** *DESCRIPTION: An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Tivoli Service Automation Manager Version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version|Affected Supporting Product Security Bulletin
—|—|—
IBM Tivoli Service Automation Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27| Consult the security bulletin Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server July 2016 CPU (CVE-2016-3485) for fix information.

Workarounds and Mitigations

None