Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Monitoring shipped with IBM Cloud Orchestrator Enterprise

2018-06-1722:33:29

www.ibm.com

8.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

JSON

Summary

IBM Tivoli Monitoring is shipped as a component of IBM Cloud Orchestrator Enterprise.
Information about security vulnerabilities affecting IBM Tivoli Monitoring has been published in the security bulletins below.

Vulnerability Details

Consult the following security bulletins for IBM Tivoli Monitoring for vulnerability details and information about fixes.

CVE-IDs	Security Bulletin
CVE-2017-1121
CVE-2016-8919
CVE-2016-5546
CVE-2016-5548
CVE-2016-5549
CVE-2016-5547
CVE-2016-2183	Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
CVE-2017-1183
CVE-2017-1182	Security Bulletin: IBM Tivoli Monitoring TEP Server vulnerabilities
CVE-2016-6083	Security Bulletin: IBM Tivoli Monitoring Soap Server (CVE-2016-6083)
CVE-2016-5573
CVE-2016-5597
CVE-2016-8934
CVE-2016-9736	Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server
CVE-2016-5933	Security Bulletin: IBM Tivoli Monitoring Basic Services Vulnerability (CVE-2016-5933)

Affected Products and Versions

Principal Product and Versions

| Affected Supporting Product and Version
—|—
IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.4

IBM Cloud Orchestrator Enterprise 2.4 through 2.4.0.4

| IBM Tivoli Monitoring 6.3.0.2
IBM Cloud Orchestrator Enterprise 2.3 and 2.3.0.1| IBM Tivoli Monitoring 6.3.0.1

CPENameOperatorVersion
ibm smartcloud orchestratoreq2.3
ibm smartcloud orchestratoreq2.3.0.1
ibm smartcloud orchestratoreq2.4
ibm smartcloud orchestratoreq2.4.0.1
ibm smartcloud orchestratoreq2.4.0.2
ibm smartcloud orchestratoreq2.4.0.3
ibm smartcloud orchestratoreq2.4.0.4
ibm smartcloud orchestratoreq2.5
ibm smartcloud orchestratoreq2.5.0.1
ibm smartcloud orchestratoreq2.5.0.2

Name	Operator	Version
ibm smartcloud orchestrator	eq	2.3
ibm smartcloud orchestrator	eq	2.3.0.1
ibm smartcloud orchestrator	eq	2.4
ibm smartcloud orchestrator	eq	2.4.0.1
ibm smartcloud orchestrator	eq	2.4.0.2
ibm smartcloud orchestrator	eq	2.4.0.3
ibm smartcloud orchestrator	eq	2.4.0.4
ibm smartcloud orchestrator	eq	2.5
ibm smartcloud orchestrator	eq	2.5.0.1
ibm smartcloud orchestrator	eq	2.5.0.2