9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
IBM Security Access Manager Appliance has addressed the following vulnerability.
CVEID: CVE-2017-15670 DESCRIPTION: GNU C Library is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the glob function in glob.c. By sending a specially-crafted string, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133915> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM Security Access Manager Appliance 7.0.0.34 and below.
IBM Security Access Manager Appliance 8.0.1.8 and below.
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Security Access Manager for Web Appliance | 7.0 - 7.0.0.34 (appliance) | IJ11015 | Apply Interim Fix 35: |
7.0.0-ISS-WGA-IF0035 | |||
IBM Security Access Manager for Web Appliance | 8.0.0.0 - | ||
8.0.1.8 | IJ11027 |
1. For versions prior to 8.0.1.8, upgrade to 8.0.1.8:
8.0.1-ISS-WGA-FP0008_ _
2. Apply 8.0.1.8 IF1:
8.0.1.8-ISS-WGA-IF0001
None
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P