Lucene search

K
ibmIBM666F24C8DBF4014A69735968E09FF5A01952E6AD6A72CA8D1BA4E1EDEFD1D038
HistorySep 29, 2020 - 5:40 p.m.

Security Bulletin: IBM Tivoli Common Reporting: TCR, a part of IBM Jazz for Service Management (JazzSM) is vulnerable to a remote code execution vulnerability (CVE-2020-4464)

2020-09-2917:40:06
www.ibm.com
4

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

Summary

WebSphere Application Server is vulnerable to a remote code execution vulnerability. This has been addressed.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
Tivoli Common Reporting All

Remediation/Fixes

The recommended solution is to apply the fix for versions listed as soon as practical.

**Jazz for Service Management Releases ** Remediation
1.1.3 - 1.1.3.8

Security Bulletin: WebSphere Application Server is vulnerable to a remote code execution vulnerability (CVE-2020-4464)

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli common reportingeq3.1.3

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

Related for 666F24C8DBF4014A69735968E09FF5A01952E6AD6A72CA8D1BA4E1EDEFD1D038