Security Bulletin: TADDM affected by multiple vulnerabilities due to IBM Java and its runtime

Summary

IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes (CVE-2009-3852, CVE-2011-0311)

Vulnerability Details

CVEID:CVE-2009-3852
**DESCRIPTION:**An unspecified error in the IBM Runtimes for Java Technology related to the parsing of XML code by the XML4J component has an unknown impact and attack vector.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/54069 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2011-0311
**DESCRIPTION:**IBM Runtimes for Java Technology is vulnerable to a denial of service, caused by an error in the class file parser. A remote authenticated attacker could exploit this vulnerability using a specially-crafted class file containing an invalid attribute length field to cause a segmentation fault.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/65189 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Affected Products and Versions

Remediation/Fixes

TADDM FixPack 7.3.0.10 has been released. Please upgrade to 7.3.0.10 to resolve known vulnerabilities at the date of release.

Please refer to below URL to download TADDM FixPack 7.3.0.10.

Please refer to URL below for more information on TADDM FixPack 7.3.0.10.

<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10&gt;

Workarounds and Mitigations

None