Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Configuration Manager(CVE-2015-1283)

Summary

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Configuration Manager (ITNCM). A vulnerability reported in IBM Websphere 7.0.0.37 has been addressed by IBM Tivoli Netcool Configuration Manager.

Vulnerability Details

CVEID: CVE-2015-1283**
DESCRIPTION:** Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104964 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

Product version

ITNCM 6.4.1.3 and earlier
ITNCM 6.3.0.6 and earlier

Remediation/Fixes

<Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
ITNCM| 6.4.1.3 IF001| None| http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm%2FTivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=6.4.1.3&platform=All&function=fixId&fixids=ITNCM_6.4.1.3_IF001&includeRequisites=1&includeSupersedes=0&downloadMethod=http
ITNCM| 6.3.0.6 IF004| None| http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=6.3.0.6&platform=All&function=fixId&fixids=ITNCM_6.3.0.6-IF004&includeRequisites=1&includeSupersedes=0&downloadMethod=http

Workarounds and Mitigations

None