9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
IBM Algo One - Algo Risk Application could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. (Advsory 8335)
CVE-ID:CVE-2017-5648
Description: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the failure to use the appropriate facade object by certain application listener calls. An attacker could exploit this vulnerability to access and modify data on the system.
CVSS Base Score: 5.3
Upgrade to the latest version of Tomcat (7.0.76, 8.0.42, 8.5.12, 9.0.0.M18 or later), available from the Apache Web site
Algo One - Algo Risk Application (ARA) versions 5.1.0, 5.0.0, 4.9.1.
Apache Tomcat is not packaged with Algo One - Algo Risk Application 5.1.0.
Product Name
| iFix Name|Remediation/First Fix
—|—|—
Algo One - ARA| 5.1.0 (no ARA ifix)| If you are using Algo One - Algo Risk Application 5.1.0, update to Apache Tomcat 7.0.77 or greater to address and remediate this vulnerability.
Algo One - ARA| 5.0.0.6-18| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=5.0.0.6-19-Algo-One-ARA-if0371:0&includeSupersedes=0&source=fc&login=true
Algo One - ARA| 4.9.1.1-24| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.1-24-Algo-One-ARA-if0052:0&includeSupersedes=0&source=fc&login=true
Algo One - ARA| 4.9.1.0-19| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Information+Management&product=ibm/Information+Management/Algo+One&release=All&platform=All&function=fixId&fixids=4.9.1.0-19-Algo-One-ARA-if0053:0&includeSupersedes=0&source=fc&login=true
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N