Lucene search

K
ibmIBM486524FDC107BB0BF3D15FD823B34F106FAADC8E357AA871D3D093B7D7E6B0F1
HistoryJul 16, 2019 - 5:10 a.m.

Security Bulletin: IBM Netcool Agile Service Manager is affected by a Jetty vulnerability (CVE-2018-12545)

2019-07-1605:10:02
www.ibm.com
9

EPSS

0.041

Percentile

92.3%

Summary

IBM Netcool Agile Service Manager has addressed the following vulnerability.

Vulnerability Details

CVEID:CVE-2018-12545
DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs frames container containing many settings, or many small SETTINGs frames, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/161491&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected IBM Netcool Agile Service Manager Affected Versions
IBM Netcool Agile Service Manager 1.1

Remediation/Fixes

Download IBM Netcool Agile Service Manager 1.1.5

Workarounds and Mitigations

None

EPSS

0.041

Percentile

92.3%