5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
A vulnerability has been addressed in the GSKit component of Tivoli Network Manager IP Edition.
CVEID: CVE-2016-0201**
DESCRIPTION:** IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a MD5 collision. An attacker could exploit this vulnerability to obtain authentication credentials.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109310 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Please consult the security bulletin for Informix Dynamic Server for vulnerability details and information about fixes.
Please use below chart to upgrade appropriate IBM HTTP Server.
Information about a GSkit security vulnerability affecting IBM HTTP server has been published in a security bulletin.
Vulnerabilities in the GSKit component of IBM HTTP Server (CVE-2016-0201 and CVE-2015-7420)
Principal Product and Version(s) | Affected Supporting Product and Version |
---|---|
IBM Tivoli Network Manager 3.9 | Bundled the TIP version 2.1.0.x, which bundles IBM WebSphere version 7.0.0.x. |
IBM Tivoli Network Manager 4.1 and 4.1.1 | Bundled the TIP version 2.2.0.x, which bundles IBM WebSphere version 7.0.0.x. |
Tivoli Network Manager IP Edition Interim Fixes for GSKit:**
Note: **The SSL connection between Tivoli Network Manager IP Edition and Tivoli Netcool/OMNIbus is affected.
Single server SSL users, who have OMNIbus and the Network Manager core component on the same server, should upgrade to an appropriate OMNIbus fixpack to obtain the GSKit fix. Users with a remote OMNIbus SSL connection should upgrade to IBM GSKit 8.0.50.57 by applying the Interim Fix below on the Network Manager core server.
AffectedProduct | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
Tivoli Network Manager IP Edition | 3.9.0.4 | IV81159 | IBM Tivoli Network Manager IP Edition 3.9 FP4 GSkit Interim Fix |
Tivoli Network Manager IP Edition | 4.1 | IV81159 | IBM Tivoli Network Manager IP Edition 4.1.0 GSkit Interim Fix |
Tivoli Network Manager IP Edition | 4.1.1.1 | IV81159 | IBM Tivoli Network Manager IP Edition 4.1.1 GSkit Interim Fix |
Tivoli Network Manager IP Edition | 4.2 | IV81159 | IBM Tivoli Network Manager IP Edition 4.2 GSkit Interim Fix |
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N