Lucene search

IBM4A2C5EA12D03EF19F9C0C397C997BE16F865C6BB3B90BF403A2ACD0786A54324

HistoryJan 17, 2023 - 5:34 p.m.

Security Bulletin: A vulnerability in IBM Java SDK affects IBM Tivoli System Automation for Multiplatforms (CVE-2017-10356)

2023-01-1717:34:08

www.ibm.com

ibm

java

oracle

sdk

tivoli system automation

multiplatforms

cve-2017-10356

vulnerability

confidentiality

fix

interim fix

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.7%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Nov 2017.

Vulnerability Details

CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133785 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Tivoli System Automation for Multiplatforms 4.1.0.0 – 4.1.0.3,
IBM Tivoli System Automation for Multiplatforms 3.2.2.9

Remediation/Fixes

The recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on ‘Download link’ in the table below.

If you are running IBM Tivoli System Automation for Multiplatforms 4.1, please apply interim fix “4.1.0.3-TIV-ITSAMP-<OS>-IFS003” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1.
If you are running IBM Tivoli System Automation for Multiplatforms 3.2.2, please first upgrade to fixpack IBM Tivoli System Automation for Multiplatforms 3.2.2.9. Then apply interim fix “3.2.2.9-TIV-ITSAMP-<OS>-IFS004” where <OS> represents the operating system for which you want to install the fix of this product version. Please note that this interim fix can not be applied to fixpack IBM Tivoli System Automation for Multiplatforms 3.2.2.8 or lower.
If you are running IBM Tivoli System Automation for Multiplatforms 3.2.1 or IBM Tivoli System Automation for Multiplatforms 3.2.0, then please contact IBM support.

Product	VRMF	APAR
IBM Tivoli System Automation for Multiplatforms	4.1 and 3.2.2	Download link

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtxseries_for_multiplatformsMatch3.2.2

ibmtxseries_for_multiplatformsMatch4.1

VendorProductVersionCPE
ibmtxseries_for_multiplatforms3.2.2cpe:2.3:a:ibm:txseries_for_multiplatforms:3.2.2:*:*:*:*:*:*:*
ibmtxseries_for_multiplatforms4.1cpe:2.3:a:ibm:txseries_for_multiplatforms:4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	txseries_for_multiplatforms	3.2.2	cpe:2.3:a:ibm:txseries_for_multiplatforms:3.2.2:::::::*
ibm	txseries_for_multiplatforms	4.1	cpe:2.3:a:ibm:txseries_for_multiplatforms:4.1:::::::*