7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Tivoli Netcool/OMNIbus WebGUI is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting Tivoli Netcool/OMNIbus WebGUI has been published in a security bulletin.
Please consult the security bulletin Security Bulletin: Vulnerability in Apache Struts affect Tivoli Netcool/OMNIbus WebGUI (CVE-2015-0899) for vulnerability details and information about fixes.
Tivoli Business Service Manager v6.1.0
Tivoli Business Service Manager v6.1.1
Product
| VRMF|Remediation/Fix
—|—|—
Tivoli Business Service Manager| 6.1.0| TBSM v6.1.0 bundles Tivoli Netcool/OMNIbus WebGUI v7. As per bulletin above, Tivoli Netcool/OMNIbus WebGUI v8 portlets should be used to avoid vulnerability CVE-2015-0899.
However, there is no supported interface between Tivoli Business Service Manager v6.1.0 and WebGUI v8. TBSM v6.1.0 customers must first upgrade to v6.1.1 and then follow advice below for v6.1.1.
Tivoli Business Service Manager| 6.1.1| TBSM v6.1.1 bundles Tivoli Netcool/OMNIbus WebGUI v7. As per bulletin above, Tivoli Netcool/OMNIbus WebGUI v8 portlets should be used to avoid vulnerability CVE-2015-0899.
WebGUI v8 is DASH based. TBSM 6.1.1 is TIP based. To use WebGUI v8 portlets with TBSM v 6.1.1 configuration is required.
Documentation is available here (see “TBSM Data + WebGUI Widgets” and “TBSM: How To Get Event Viewer onWebGUI 8.1.0 For AEL Replacement”): <https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli Business Service Manager1/page/Advanced Topics>
The mechanics of launching from a TBSM menu item to a DASH page are in this document (see 6.1 - Navigating to an External DASH page.):
https://www.ibm.com/developerworks/community/groups/service/html/communityview?communityUuid=7d5ebce8-2dd8-449c-a58e-4676134e3eb8#fullpageWidgetId=Wea1cb2531f10_4ccd_99d7_6ab0334cb21f&file=519bead5-8dad-4af5-8aa1-745c5c9f74f6
CPE | Name | Operator | Version |
---|---|---|---|
tivoli business service manager | eq | 6.1 | |
tivoli business service manager | eq | 6.1.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N