Lucene search

K
ibmIBMAF9BF3E55B3D0CD009F2800CA30A7B7CB2515161DA439AF35911506E64C3C13A
HistoryAug 30, 2023 - 8:29 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms - Java deserialization filters (JEP 290) ignored during IBM ORB deserialization - (CVE-2022-40609)

2023-08-3008:29:11
www.ibm.com
3
ibm tivoli system automation
multiplatforms
java vulnerabilities
ibm sdk
orb deserialization
cve-2022-40609

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition used by v4.1.0.4 to v4.1.1.0 of IBM Tivoli System Automation for Multiplatforms. Object Request Broker (ORB) in IBM SDK, Java Technology Edition has been affected.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli System Automation for Multiplatforms 4.1

Remediation/Fixes

The recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on ‘Download link’ in the table below.

If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.4, please apply interim fix “4.1.0.4-TIV-ITSAMP-<OS>-IF0019” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.4.
If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.5, please apply interim fix “4.1.0.5-TIV-ITSAMP-<OS>-IF0013” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.5.
If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.6, please apply interim fix “4.1.0.6-TIV-ITSAMP-<OS>-IF0008” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.6.
If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.7, please apply interim fix “4.1.0.7-TIV-ITSAMP-<OS>-IF0006” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.7.
If you are running IBM Tivoli System Automation for Multiplatforms 4.1.1.0, please apply interim fix “4.1.1.0-TIV-ITSAMP-<OS>-IF0002” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.1.0.

Product VRMF APAR
IBM Tivoli System Automation for Multiplatforms 4.1 Download Link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtxseries_for_multiplatformsMatch4.1

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

65.8%

Related for AF9BF3E55B3D0CD009F2800CA30A7B7CB2515161DA439AF35911506E64C3C13A