Detailed technical error messages can allow an adversary to gain information about the application and database that could be used to conduct attacks.
CVEID: CVE-2017-1377 DESCRIPTION: IBM Runbook Automation reveals sensitive information in error messages that could be used in further attacks against the system.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126874 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
IBM Runbook Automation
If you run IBM Runbook Automation (RBA) in the IBM Cloud, the fix is already deployed, and you do not need to act yourself.
If you run IBM Runbook Automation Private Deployment (RBA PD), then logon to IBM Marketplace using your subscription, download the latest available RBA PD version, and follow the usual install procedure. The fix is then successfully deployed.
None.
Monitor the security notifications on the IBM Cloud Status page to be advised of future security bulletins.
Complete CVSS v2 Guide
On-line Calculator v2
Complete CVSS v3 Guide
On-line Calculator v3
Off
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
8 August 2017: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
[{“Product”:{“code”:“SSZQDR”,“label”:“IBM Runbook Automation”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Component”:“–”,“Platform”:[{“code”:“PF025”,“label”:“Platform Independent”}],“Version”:“Version Independent”,“Edition”:“All Editions”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]