IBM3F13790AE76EB10E572A7130BA813E4E5C4DB5295F3A42B203AC0D2F87527E8BSecurity Bulletin: IBM TRIRIGA Application Platform is vulneraible to multiple vunerabilities [CVE-2016-0003], [CVE-2016-1000031] and [CVE-2016-0248]
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%
Summary
IBM TRIRIGA Application Platform updated the apache commons open source to latest version to fix the fulnerabilities in [CVE-2016-0003], [CVE-2016-1000031] and [CVE-2016-0248].
Vulnerability Details
CVEID:CVE-2016-0003
**DESCRIPTION:**Microsoft Edge could allow a remote attacker to execute arbitrary code on the system, caused by improper access of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/109299 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2016-1000031
**DESCRIPTION:**Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2016-0248
**DESCRIPTION:**IBM Security Guardium transmits query perameters in SSL requests, that could be intercepted by a remote attacker using man in the middle techniques.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/110458 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM TRIRIGA | All |
Remediation/Fixes
IBM strongly recommends addressing these vulnerabilities now.
Product|VRMF|
Remediation/First Fix
—|—|—
IBM TRIRIGA Application Platform| 3.6.1.3| The fix is available for download on FixCentral.
IBM TRIRIGA Application Platform| 3.7.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 3.8.0.1| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.0.2| The fix is available for download on FixCentral
IBM TRIRIGA Application Platform| 4.1.1| The fix is available for download on FixCentral
Workarounds and Mitigations
None
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.949 High
EPSS
Percentile
99.3%