9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
cURL libcURL vulnerabilities were disclosed on April 22, 2015 by the cURL Project. cURL is used by IBM Tivoli Netcool System Service Monitors/Application Service Monitors has addressed the applicable CVEs.
CVE-ID: CVE-2015-3144
DESCRIPTION: libcurl and cURL are vulnerable to a denial of service, caused by improper calculation of index by the fix_hostname function. By using a zero-length host name, an remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.000
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/102886 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID: CVE-2015-3145
DESCRIPTION: libcurl and cURL are vulnerable to a denial of service, caused by improper calculation of index by the sanitize_cookie_path function. By using a double-quote character in a cookie path, an remote attacker could exploit this vulnerability to cause the system to crash.
CVSS Base Score: 5.000
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/102884 for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
SSM 4.0.0 FP1 - FP14 and Interim Fix 14-01 – Interim Fix 14-06
SSM 4.0.1 FP1 – FP2 Interim Fix 02
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
4.0.1.2-TIV-SSM-IF0003| 4.0.1.2| None| http://www-01.ibm.com/support/docview.wss?uid=isg400002351
4.0.0.14-TIV-SSM-IF0007| 4.0.0.14| None| _<http://www-01.ibm.com/support/docview.wss?uid=isg400002356>_
None Known
CPE | Name | Operator | Version |
---|---|---|---|
netcool/system service monitor | eq | 4.0 |