Security Bulletin: A security vulnerability has been identified in Oracle MySQL, which is a supported topology database of IBM Tivoli Network Manager IP Edition (CVE-2018-3123)

Summary

Oracle MySQL version 5.6.x is a supported topology database of IBM Tivoli Network Manager IP Edition 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting Oracle MySQL has been published here.

Vulnerability Details

CVE-ID: CVE-2018-3123 Description: An unspecified vulnerability in Oracle MySQL related to the Server Server: libmysqld component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/159652&gt; for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

ITNM 3.9.0.4 and ITNM 3.9.0.5 deployments which use Oracle MySQL v5.6 as their topology database server.

Remediation/Fixes

Product

| VMRF |Remediation/First Fix
—|—|—
IBM Tivoli Network Manager IP Edition |3.9.0.4 and 3.9.0.5 | Upgrade Oracle MySQL v5.6 servers as advised in Oracle’s Critical Patch Update for April 2019.

Workarounds and Mitigations

None.