IBM Dashboard Application Services Hub, a part of IBM Jazz for Service Management (JazzSM), could allow a remote attacker to obtain sensitive information. There is a lack of certificate verification when connecting to remote datastores from WebSphere Admin Console in federation scenarios.
CVEID: CVE-2016-5935**
DESCRIPTION:** IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115821 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Dashboard Application Services Hub 3.1.3, part of IBM Jazz for Service Management 1.1.3
The recommended solution is to apply the fix for versions listed as soon as practical.
Dashboard Application Services Hub** release** | **Remediation ** |
---|---|
3.1.3 | Download and Install 1.1.3.0-TIV-JazzSM-DASH-Cumulative-Patch-0001 |
CPE | Name | Operator | Version |
---|---|---|---|
tivoli components | eq | 1.1.3 |