IBM52872D302B842C4A6C345CBE2C3C9E2D68EEA537DE4EF18B29E858793CEB27C2Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Netcool Configuration Manager (CVE-2023-35890)
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM WebSphere Application Server is a required product for IBM Tivoli Netcool Configuration Manager version 6.4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| ITNCM | 6.4.2 |
Remediation/Fixes
| Affected Product(s) | Version(s) | Remediation |
|---|---|---|
| ITNCM | 6.4.2 |
Upgrade to ITNCM 6.4.2 Fix Pack 19 (6.4.2.19)
ITNCM 6.4.2 Fix Pack 19 can be downloaded from Fix Central: 6.4.2-TIV-ITNCM-FP019
IBM WebSphere Application Server could provide weaker than expected security (CVE-2023-35890)
See section: For V8.5.5.23:
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli netcool configuration manager | eq | 6.4.2 |
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%