Lucene search

K
ibmIBM9235ED396A90BB944C2B22072DE6B91B22155C3982DDD732067344CA700C0ADE
HistorySep 23, 2020 - 4:29 a.m.

Security Bulletin: Multiple vulnerabilities in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230)

2020-09-2304:29:58
www.ibm.com
17

EPSS

0.953

Percentile

99.4%

Summary

Fix is available for vulnerabilities in Apache Struts affecting Tivoli Netcool/OMNIbus WebGUI (CVE-2019-0233, CVE-2019-0230).

Vulnerability Details

CVEID:CVE-2019-0233
**DESCRIPTION:**Apache Struts is vulnerable to a denial of service, caused by an access permission override when performing a file upload. By sending a specially crafted request, an attacker could exploit this vulnerability to cause subsequent upload actions to fail.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186699 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2019-0230
**DESCRIPTION:**Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a forced double OGNL evaluation on raw user input in tag attributes. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/186702 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool/OMNIbus_GUI 8.1.x

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
Tivoli Netcool/OMNIbus WebGUI 8.1.0 IJ27034 Apply Fix Pack 20
(Fix Pack for WebGUI 8.1.0 Fix Pack 20)

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/omnibuseq8.1.0