7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
WebSphere Application Server, OpenSSL, HTTP server, IBM Tivoli Monitoring, SmartCloud Cost Management, Tivoli Directory Services are shipped as a components of IBM Service Delivery Manager. Information about a security vulnerability affecting WebSphere Application Services, HTTP server, IBM Tivoli Monitoring, SmartCloud Cost Management, Tivoli Directory Services have been published in a security bulletin.
(CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Please consult the security bulletin for vulnerability details and information about fixes:
WebSphere Application Server: http://www-01.ibm.com/support/docview.wss?uid=swg21687173,
HTTP server: http://www-01.ibm.com/support/docview.wss?uid=swg21687172,
IBM Tivoli Monitoring: http://www-01.ibm.com/support/docview.wss?uid=swg21691775,
SmartCloud Cost Management,: http://www-01.ibm.com/support/docview.wss?uid=swg21691886
Tivoli Directory Services: https://www-304.ibm.com/support/docview.wss?uid=swg21687611
OpenSSL- ISDM Customers with OpenSSL 0.9.8 should upgrade to OpenSSL 0.9.8zd.
.
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Service Delivery Manager 7.x | WebSphere Application Server V6.1.0.0 through 6.1.0.47 |
IBM HTTP Server (All versions) |
ITM – IBM Tivoli Monitoring
· Tivoli Enterprise Management Servers (TEMS) - 6.20 through 6.30 FP4 (all releases)
· Agents – IBM Tivoli Monitoring Shared Libraries (ax component on UNIX/Linux) or Tivoli Enterprise Monitoring Agent Framework (GL component on Windows) - 6.20 through 6.30 FP4
· Tivoli Enterprise Portal Server (TEPS) o embedded WebSphere Application Server – 6.20 through 6.30 FP4
o IBM HTTP Server (IHS) - 6.23 through 6.30 FP1 · Portal server communication with portal clients o HTTP – 6.23 through 6.30 FP1
o IIOP - Not affected
o SSL/IIOP – 6.20 through 6.30 FP4 · Situation Update Forwarder (SUF) – 6.20 through 6.30 FP3
SmartCloud Cost Management 2.1
SmartCloud Cost Management 2.1.0.1
SmartCloud Cost Management 2.1.0.2
Tivoli Usage and Accounting Manager 7.3 including all related fix packs Management
IBM Tivoli Directory Server 6.0, 6.1, 6.2, 6.3
IBM Security Directory Server 6.3.1
OpenSSL 0.9.8
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm service delivery manager | eq | 7.2.2 | |
ibm service delivery manager | eq | 7.2.1 | |
ibm service delivery manager | eq | 7.2.4 |