Lucene search

K
ibmIBM39D4A3024CD82E0AB1412C8F0B7DE6C9C896CC59E99FBAB7A5A61175586A3211
HistoryJan 17, 2023 - 5:35 p.m.

Security Bulletin: Multiple security vulnerabilities has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2014-0114, CVE-2012-1007, CVE-2016-1182, CVE-2016-1181)

2023-01-1717:35:00
www.ibm.com
25
websphere application server
ibm tivoli system automation application manager
security bulletin
cve-2014-0114
cve-2012-1007
cve-2016-1182

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

7.4

Confidence

High

EPSS

0.973

Percentile

99.9%

Summary

WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about multiple security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section.

Affected Products and Versions

IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with IBM Tivoli System Automation Application Manager.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Tivoli System Automation Application Manager 4.1 WebSphere Application Server 8.5 Security Bulletin: Multiple vulnerabilities in Apache Struts and Apache Commons that is used by WebSphere Application Server UDDI

Workarounds and Mitigations

None.

Affected configurations

Vulners
Node
ibmtivoli_system_automation_application_managerMatch4.1
VendorProductVersionCPE
ibmtivoli_system_automation_application_manager4.1cpe:2.3:a:ibm:tivoli_system_automation_application_manager:4.1:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

AI Score

7.4

Confidence

High

EPSS

0.973

Percentile

99.9%