CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
83.6%
IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of JRuby (CVE-2011-4838) and cross site scripting due to use of Hyperic HQ (CVE-2009-2907, CVE-2009-2899)
CVEID:CVE-2009-2907
**DESCRIPTION:**Hyperic HQ is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the description and other various fields to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/57121 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2009-2899
**DESCRIPTION:**SpringSource Hyperic HQ could allow a local attacker to obtain sensitive information, caused by an error in the monitor perl script in the Sybase database plug-in. By listing the process, an attacker could exploit this vulnerability to obtain the database password and other sensitive information.
CVSS Base score: 2.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/80569 for the current score.
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVEID:CVE-2011-4838
**DESCRIPTION:**JRuby is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/72019 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0-7.3.0.9 |
TADDM FixPack 7.3.0.10 has been released, Please upgrade to 7.3.0.10 to resolve known vulnerabilities at the date of release.
Please refer to below URL to download TADDM FixPack 7.3.0.10.
Fix | How to acquire fix |
---|---|
7.3-TIV-ITADDM-FP00010 | Download FixPack |
Please refer to below URL for TADDM FixPack 7.3.0.10 for more information.
<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_application_dependency_discovery_manager | 7.3.0.0 | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* |
ibm | tivoli_application_dependency_discovery_manager | 7.3.0.9 | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.9:*:*:*:*:*:*:* |