9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
Multiple security vulnerabilities have been discovered in tiff that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities.
CVEID: CVE-2015-8783**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds read in tif_luv.c. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110372 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-8782**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in tif_luv.c. A remote attacker could exploit this vulnerability using specially-crafted TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110371 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-8781**
DESCRIPTION:** LibTIFF is vulnerable to a denial of service, caused by an out-of-bounds write in tif_luv.c. A remote attacker could exploit this vulnerability using specially-crafted LogL compressed TIFF images to cause the application to crash.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110369 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2015-7554**
DESCRIPTION:** LibTIFF could allow a remote attacker to bypass security restrictions, caused by an error in field_passcount variable. By sending a specially-crafted request, an attacker could exploit this vulnerability to write data.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109280 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Flex System Manager 1.3.4.x
Flex System Manager 1.3.3.x
Flex System Manager 1.3.2.x
IBM recommends updating the FSM using the instructions referenced in this table.
Product |
VRMF |
APAR |
Remediation
—|—|—|—
Flex System Manager|
1.3.4.x |
IT15245
| Install fsmfix_1.3.4.0_IT12598_IT15244_IT15245
Flex System Manager|
1.3.3.x |
IT15245
| Install fsmfix_1.3.3.0_IT12598_IT15244_IT15245
Flex System Manager|
1.3.2.x |
IT15245
| Install fsmfix_1.3.2.0_IT12598_IT15244_IT15245
For 1.1.x.x, 1.2.x.x, 1.3.0.x and 1.3.1.x IBM recommends upgrading to a fixed, supported version/release of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
flex system manager node | eq | any |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P