Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB841B2955870BB49D774FDCCA2923A4D56971DC8F35A4A1A38B87A4C35A52969
HistoryDec 01, 2023 - 10:38 a.m.

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to remote code execution due to Apache ActiveMQ (CVE-2022-41678)

2023-12-0110:38:06
www.ibm.com
14
ibm tivoli netcool impact
remote code execution
apache activemq
vulnerability
cve-2022-41678
ibm
security bulletin

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.4%

JSON

Summary

Apache ActiveMQ is shipped with IBM Tivoli Netcool Impact as part of the data provider interface in the GUI server. Information about a security vulnerability affecting Apache ActiveMQ has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2022-41678
**DESCRIPTION:**Apache ActiveMQ could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Jolokia component. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/272445 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0

Remediation/Fixes

** IBM strongly recommends addressing the vulnerability now.**

Product VRMF APAR Remediation
IBM Tivoli Netcool Impact 7.1.0.0 - 7.1.0.30 7.1.0.31 IJ47712 Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP31 or later

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_netcool\/impactMatch7.1.0
CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

Related

cve 1
ubuntucve 1
osv 3
nvd 1
cvelist 1
debiancve 1
redhatcve 1
github 1
prion 1
veracode 1
redhat 3
ibm 1
cve
cve
CVE-2022-41678
2023-11-28 16:15:06
ubuntucve
ubuntucve
CVE-2022-41678
2023-11-28 00:00:00
osv
osv
BIT-activemq-2022-41678
2024-03-06 10:50:42
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
2023-11-28 18:30:23
CVE-2022-41678
2023-11-28 16:15:06
nvd
nvd
CVE-2022-41678
2023-11-28 16:15:06
cvelist
cvelist
CVE-2022-41678 Apache ActiveMQ: Insufficient API restrictions on Jolokia allow authenticated users to perform RCE
2023-11-28 15:08:38
debiancve
debiancve
CVE-2022-41678
2023-11-28 16:15:06
redhatcve
redhatcve
CVE-2022-41678
2023-11-30 03:26:34
github
github
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
2023-11-28 18:30:23
prion
prion
Design/Logic Flaw
2023-11-28 16:15:00
veracode
veracode
Deserialization Of Untrusted Data
2023-11-29 06:28:26
redhat
redhat
(RHSA-2024:2945) Important: Red Hat AMQ Broker 7.12.0 release and security update
2024-05-21 14:17:10
(RHSA-2024:3354) Important: Red Hat Fuse 7.13.0 release and security update
2024-05-23 22:44:00
(RHSA-2024:2944) Important: AMQ Broker 7.12.0.OPR.1.GA Container Images release and security update
2024-05-21 13:31:34
ibm
ibm
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
2024-03-14 14:34:53

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.4%

JSON
Related for B841B2955870BB49D774FDCCA2923A4D56971DC8F35A4A1A38B87A4C35A52969
cve1ubuntucve1osv3nvd1cvelist1debiancve1redhatcve1github1prion1veracode1redhat3ibm1