7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
WebSphere Application Server is shipped as a component of IBM Tivoli System Automation for Multiplatforms. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.
CVEID: CVE-2015-1283**
DESCRIPTION:** Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products(Apache IHS), allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
CVSS Base Score: 6.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104964 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Please consult the security bulletin “Security Bulletin: Denial of service may affect IBM HTTP Server (CVE-2015-1283)” for further vulnerability details and information about fixes.
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Tivoli System Automation for Multiplatforms 3.2.2, 3.2.1, and 3.2.0| WebSphere Application Server 6.1
You need to install the corresponding APAR from WebSphere Application Server. Please follow the instructions on this link: http://www-01.ibm.com/support/docview.wss?uid=swg21964428. Please see section “Affected Products and Versions” in this bulletin on details which fix of WebSphere Application Server applies to your version of IBM Tivoli System Automation for Multiplatforms.
None