Lucene search

K
ibmIBM8A9198697F8388FC75E2DA73A2811AC8903D8787718F479A630B9674D8C0DC03
HistoryJun 15, 2018 - 10:41 p.m.

Security Bulletin: Vulnerability in Apache Commons affects IBM Algo Credit Limits (CVE-2015-7450)

2018-06-1522:41:02
www.ibm.com
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Algo Credit Limits.

Vulnerability Details

CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Algo Credit Limits 4.7 and earlier

Remediation/Fixes

A fix has been created for version 4.5.0.05 and 4.7.0.03 of the named product. Download and install the fix as soon as practicable. Fix and installation instructions are provided at the URL listed below.

Patch Number Download URL
ACLM 4.5.0.05 IF6 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.5.0.5-Algo-CreditLimits-if0006-cs:0&includeSupersedes=0&source=fc&login=true
ACLM 4.7.0.03 FP8 Solaris/Oracle http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-SolOra-fp0008:0&includeSupersedes=0&source=fc&login=true
ACLM 4.7.0.03 FP8 Solaris/DB2 http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-SolDB2-fp0008:0&includeSupersedes=0&source=fc&login=true
ACLM 4.7.0.03 FP8 RHEL/Oracle http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-RHESOra-fp0008:0&includeSupersedes=0&source=fc&login=true
ACLM 4.7.0.03 FP8 AIX/Oracle http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+Credit+Manager&release=All&platform=All&function=fixId&fixids=4.7.0.03-Algo-CreditLimits-AIXOra-fp0008:0&includeSupersedes=0&source=fc&login=true

For other versions IBM recommends upgrading to a fixed, supported version/release/platform of the product.

IBM recommends that you review your entire environment to identify vulnerable releases of the open-source Apache Commons Collections and take appropriate mitigation and remediation actions.

Workarounds and Mitigations

None

CPENameOperatorVersion
algo credit limitseq4.7.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C