Lucene search

IBM8F9EB25AEAE7AF6842700BA3B1496E7EA15E954596DD37325F8186BD79CCD86D

HistoryJun 17, 2018 - 3:34 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2016-5597)

2018-06-1715:34:14

www.ibm.com

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

79.2%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. IBM Tivoli System Automation Application Manager has addressed the applicable CVEs.

These issues were also addressed by WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager.

Vulnerability Details

CVEID: CVE-2016-5597**
DESCRIPTION:** An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

IBM Tivoli System Automation Application Manager 4.1.0.0 – 4.1.0.1

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Tivoli System Automation Application Manager | 4.1| https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+Application+Manager&release=All&platform=All&function=all

Refer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager.

Principal Product and Version(s)	Affected Supporting Product and Version	Affected Supporting Product Security Bulletin
IBM Tivoli System Automation Application Manager 4.1	WebSphere Application Server 8.5	http://www-01.ibm.com/support/docview.wss?uid=swg21993440
Note that IBM Tivoli System Automation Application Manager 3.2.2, 3.2.1, and 3.2.0 are not affected.

Workarounds and Mitigations

None.

CPENameOperatorVersion
tivoli system automation application managereq4.1

CPE	Name	Operator	Version
	tivoli system automation application manager	eq	4.1

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

79.2%

JSON

Related for 8F9EB25AEAE7AF6842700BA3B1496E7EA15E954596DD37325F8186BD79CCD86D