7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%
IBM Tivoli Application Dependency Discovery Manager is vulnerable to denial of service due to use of IBM Java and runtimes (CVE-2009-3852, CVE-2011-0311)
CVEID:CVE-2009-3852
**DESCRIPTION:**An unspecified error in the IBM Runtimes for Java Technology related to the parsing of XML code by the XML4J component has an unknown impact and attack vector.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/54069 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2011-0311
**DESCRIPTION:**IBM Runtimes for Java Technology is vulnerable to a denial of service, caused by an error in the class file parser. A remote authenticated attacker could exploit this vulnerability using a specially-crafted class file containing an invalid attribute length field to cause a segmentation fault.
CVSS Base score: 3.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/65189 for the current score.
CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0-7.3.0.9 |
TADDM FixPack 7.3.0.10 has been released. Please upgrade to 7.3.0.10 to resolve known vulnerabilities at the date of release.
Please refer to below URL to download TADDM FixPack 7.3.0.10.
Fix | How to acquire fix |
---|---|
7.3-TIV-ITADDM-FP00010 | Download FixPack |
Please refer to URL below for more information on TADDM FixPack 7.3.0.10.
<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>
None