IBM911D0C6886006B175F69A13A2B5C60638D2E07876629792DDC538D2AF7C0C596Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server and Tivoli Netcool Performance Manager October 2015 CPU (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Summary
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version that is used by Tivoli Netcool Performance Manager . These issues were disclosed as part of the IBM Java SDK updates for October 2015.
Vulnerability Details
CVEID: CVE-2015-4872** **
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-4734** **
DESCRIPTION: An unspecified vulnerability related to the JGSS component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-5006** **
DESCRIPTION: IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106309 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
Tivoli Netcool Performance Manager 1.4.1
Tivoli Netcool Performance Manager 1.4 Tivoli Netcool Performance Manager 1.3.2
Remediation/Fixes
<Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
Tivoli Netcool Performance Manager 1.4.1| None| None| http://www.ibm.com/support/docview.wss?uid=swg24041031
http://www-01.ibm.com/support/docview.wss?uid=swg21969620
Tivoli Netcool Performance Manager 1.4| None| None|<http://www.ibm.com/support/docview.wss?uid=swg24039500>
http://www-01.ibm.com/support/docview.wss?uid=swg21969620
Tivoli Netcool Performance Manager 1.3.2| None| None|<http://www-01.ibm.com/support/docview.wss?uid=swg24039829>
http://www-01.ibm.com/support/docview.wss?uid=swg21969620
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm netcool performance manager | eq | 1.3.2 | |
| ibm netcool performance manager | eq | 1.4 | |
| ibm netcool performance manager | eq | 1.4.1 |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N