7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Fix is available for vulnerability in Apache Struts affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2015-0899).
CVEID: CVE-2015-0899**
DESCRIPTION:** Apache Struts could allow a remote attacker to bypass security restrictions, caused by an error in the MultiPageValidator implementation. An attacker could exploit this vulnerability using a modified page parameter to bypass restrictions and launch further attacks on the system. This vulnerability also affects other products.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101770 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Tivoli Netcool/OMNIbus WebGUI 8.1.0
Tivoli Netcool/OMNIbus WebGUI 7.4.0
Product
| VRMF|APAR|Remediation/Fix
β|β|β|β
Tivoli Netcool/OMNIbus WebGUI| 8.1.0| IV98709| Apply Fix Pack 11
(Fix Pack for WebGUI 8.1.0 Fix Pack 11)
Tivoli Netcool/OMNIbus WebGUI| 7.4.0| IV98709| Upgrade to WebGUI 8.1.0 and then apply Fix Pack 11
(Fix Pack for WebGUI 8.1.0 Fix Pack 11)
For unsupported versions IBM recommends upgrading to a fixed, supported version of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/omnibus | eq | 7.4.0 | |
tivoli netcool/omnibus | eq | 8.1.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N