Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM26556509127A96D62391D18DF0E3A969E8A9093CCF49B27E06C90A71E8905C9B
HistoryJan 04, 2023 - 4:41 p.m.

Security Bulletin: Due to use of Oracle JDBC component, ITNM is vulnerable to an unspecified vulnerability (CVE-2016-3506)

2023-01-0416:41:22
www.ibm.com
19

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON

Summary

IBM Tivoli Network Manager (ITNM) IP Edition uses the JDBC component of Oracle Database Server for connecting to supported Oracle databases when the product is deployed to use Oracle as a data store. An unspecified vulnerability has been reported in the Oracle JDBC component (CVE-2016-3506)

Vulnerability Details

CVEID:CVE-2016-3506
**DESCRIPTION:**An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/115131 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
ITNM 4.2 GA through to 4.2.0.15

Remediation/Fixes

The issue has been fixed in ITNM 4.2 Fix Pack 16 (i.e. 4.2.0.16). Upgrade ITNM 4.2 to Fix Pack 16 from Fix Central.

IBM strongly recommends addressing the vulnerability now by upgrading.

4.2.0-TIV-ITNMIP-Linux-FP0016

4.2.0-TIV-ITNMIP-zLinux-FP0016

4.2.0-TIV-ITNMIP-AIX-FP0016

Workarounds and Mitigations

None

Related

atlassian 3
prion 1
ibm 4
veracode 1
cve 1
f5 2
nessus 1
openvas 1
oracle 6
atlassian
atlassian
Oracle Security Patched DB Driver Not Working
2016-10-05 14:12:31
Oracle Security Patched DB Driver Not Working
2016-10-05 14:12:31
Oracle Security Patched DB Driver Not Working
2016-10-05 14:12:31
prion
prion
Code injection
2016-07-21 10:12:00
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2016-3506)
2020-05-27 08:25:50
Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities (CVE-2016-3506, CVE-2020-13692)
2021-09-30 17:52:51
Security Bulletin: IBM Security Information Queue uses database components with known vulnerabilities (CVE-2016-3506, CVE-2018-1058, CVE-2018-10936, CVE-2019-9193)
2020-01-22 22:30:41
veracode
veracode
Remote Code Execution (RCE)
2020-08-20 03:04:18
cve
cve
CVE-2016-3506
2016-07-21 10:12:00
f5
f5
K11100332 : Multiple Oracle Database Server vulnerabilities
2016-09-15 00:00:00
SOL11100332 - Multiple Oracle Database Server vulnerabilities
2016-09-15 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)
2016-07-22 00:00:00
openvas
openvas
Oracle Database Server Multiple Unspecified Vulnerabilities -01 (Jan 2016)
2016-01-22 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00
Oracle Critical Patch Update Advisory - July 2017
2018-03-20 00:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.5%

JSON
Related for 26556509127A96D62391D18DF0E3A969E8A9093CCF49B27E06C90A71E8905C9B
atlassian3prion1ibm4veracode1cve1f52nessus1openvas1oracle6