Lucene search

IBM166067D8A3B965DC90ED6FA0CD889846C59C6C0C7F12DD279F1904083A4BE87B

HistoryJun 17, 2018 - 3:40 p.m.

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server Administrative Console shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-1137).

2018-06-1715:40:27

www.ibm.com

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Summary

WebSphere Application Server Administrative Console is shipped with IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting WebSphere Application Server Administrative Console has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin Potential security vulnerability in WebSphere Application Server Administrative Console (CVE-2017-1137) for vulnerability details and information about fixes

Affected Products and Versions

IBM Tivoli Network Manager 3.9, 4.1, 4.1.1 and 4.2

Remediation/Fixes

Refer to the security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with Network Manager IP Edition.

Affected Product and Version(s)	Product and Version shipped as a component
IBM Tivoli Network Manager 3.9	Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. Apply latest IBM WebSphere fixpack.
IBM Tivoli Network Manager 4.1	Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. Apply latest IBM WebSphere fixpack.
IBM Tivoli Network Manager 4.1.1	Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. Apply latest IBM WebSphere fixpack.
IBM Tivoli Network Manager 4.2	IBM WebSphere version 8.5.5.7 is not shipped as a component but Tivoli Network Manager 4.2 required IBM WebSphere version 8.5.5.7 to run.
Apply latest IBM WebSphere fixpack.

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli network manager ip editioneq3.9
tivoli network manager ip editioneq4.1
tivoli network manager ip editioneq4.1.1
tivoli network manager ip editioneq4.2

Name	Operator	Version
tivoli network manager ip edition	eq	3.9
tivoli network manager ip edition	eq	4.1
tivoli network manager ip edition	eq	4.1.1
tivoli network manager ip edition	eq	4.2

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for 166067D8A3B965DC90ED6FA0CD889846C59C6C0C7F12DD279F1904083A4BE87B