9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM Tivoli Access Manager for e-business and IBM Security Access Manager have addressed the following vulnerability.
CVEID: CVE-2017-11462 DESCRIPTION: A double free vulnerability in MIT Kerberos 5 (aka krb5) has an unknown impact and attack vector involving automatic deletion of security contexts on error.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/132060 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Software releases
Affected****product
|
Affected Versions
—|—
IBM Tivoli Access Manager for e-business | 6.1 - 6.1.0.35
IBM Tivoli Access Manager for e-business | 6.1.1 - 6.1.1.34
IBM Security Access Manager (software) | 7.0-7.0.0.34
Appliance releases
Affected IBM Security Access Manager Appliance
|
Affected Versions
—|—
IBM Security Access Manager for Web | 7.0-7.0.0.34
IBM Security Access Manager for Web | 8.0-8.0.1.7
IBM Security Access Manager for Mobile | 8.0-8.0.1.7
IBM Security Access Manager | 9.0.3.0 - 9.0.4.0
The table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Tivoli Access Manager for e-business | 6.1 - 6.1.0.35 | IJ03462 | Apply Interim Fix 36: |
6.1.0-ISS-TAM-IF0036 | |||
IBM Tivoli Access Manager for e-business | 6.1.1 - 6.1.1.34 | IJ03462 | Apply Interim Fix 35: |
6.1.1-ISS-TAM-IF0035 | |||
IBM Security Access Manager for Web (software) | 7.0 - 7.0.0.34 (software) | IJ03462 | Apply Interim Fix 35: |
7.0.0-ISS-SAM-IF0035 | |||
IBM Security Access Manager for Web (appliance) | 7.0 - 7.0.0.34 (appliance) | IJ03469 |
Apply Interim Fix 35:
IBM Security Access Manager for Web (appliance) | 8.0 - 8.0.1.7 | IJ03467 |
1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-WGA-FP0007_ _
2. Apply 8.0.1.7 IF 1:
8.0.1.7-ISS-WGA-IF0001
IBM Security Access Manager for Mobile (appliance) | 8.0 - 8.0.1.7 | IJ03468 |
1. For versions prior to 8.0.1.7, upgrade to 8.0.1.7:
8.0.1-ISS-ISAM-FP0007
2. Upgrade to 8.0.1.7 IF 1:
8.0.1.7-ISS-ISAM-IF0001
IBM Security Access Manager (appliance) | 9.0 - 9.0.4.0 | IJ03467 |
1. For versions prior to 9.0.4.0, upgrade to 9.0.4.0:
2. Upgrade to 9.0.4.0 IF 2:
9.0.4.0-ISS-ISAM-IF0002
For IBM Tivoli Access Manager for e-business 6.0 and earlier, IBM recommends upgrading to a fixed, supported release of the product.
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P