Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By sending a specially-crafted network packet, an attacker could exploit this vulnerability to boot a database whose location and contents are under the user’s control.
CVEID:CVE-2018-1313
**DESCRIPTION:*Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By sending a specially-crafted network packet, an attacker could exploit this vulnerability to boot a database whose location and contents are under the user’s control.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/142898> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Cloud Application Performance Management Base Private 8.1.4
IBM Cloud Application Performance Management Advanced Private 8.1.4
Remediation/Fixes Product | VRMF | Remediation |
---|---|---|
IBM Cloud Application Performance Management Base Private | ||
IBM Cloud Application Performance Management Advanced Private | 8.1.4 | The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0006 server patch to the system where the Cloud APM server is installed: https://www.ibm.com/support/docview.wss?rs=0&uid=isg400004027 |
IBM Monitoring | ||
IBM Application Diagnostics | ||
IBM Application Performance Management | ||
IBM Application Performance Management Advanced | 8.1.3 | The vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0013 server patch to the system where the APM server is installed: http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400004068 |
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli monitoring | eq | 8.1.3 | |
tivoli monitoring | eq | 8.1.4 |