Lucene search

K
ibmIBM93FB7B07B9D98006143CF959A87E67D503CE37466D0862592D5F1FFE7BEB3DD7
HistoryJan 22, 2024 - 7:15 p.m.

Security Bulletin: IBM Tivoli Application Dependency Discovery Manager affected by multiple vulnerabilities.

2024-01-2219:15:06
www.ibm.com
22
denial of service
http header injection
cross-site scripting
cache poisoning
session hijacking
credentials disclosure
unauthorized api access
fixpack
upgrade
taddm

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

31.9%

Summary

IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to multiple vulnerabilities.

Vulnerability Details

CVEID:CVE-2023-47143
**DESCRIPTION:**IBM Tivoli Application Dependency Discovery Manager is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2023-47144
**DESCRIPTION:**IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270271 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2023-47142
**DESCRIPTION:**IBM Tivoli Application Dependency Discovery Manager could allow an attacker on the organization’s local network to escalate their privileges due to unauthorized API access.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/270267 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 -7.3.0.10

Remediation/Fixes

IBM strongly recommends addressing the vulnerabilities now by upgrading.

Please refer to the table below to download TADDM FixPack 7.3.0.11.

Fix How to acquire fix
7.3-TIV-ITADDM-FP00011 Download FixPack

Please refer to the URL for TADDM FixPack 7.3.0.10 Release Notes containing more information about the update.

<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp11&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_application_dependency_discovery_managerMatch7.3.0.0
OR
ibmtivoli_application_dependency_discovery_managerMatch7.3.0.9

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

31.9%

Related for 93FB7B07B9D98006143CF959A87E67D503CE37466D0862592D5F1FFE7BEB3DD7