Lucene search

K
ibmIBMBB939C9EED3F1E8AC0F7ACB6889E158799E8E81F8ACADB3BCD740DF65E95DE5B
HistoryDec 13, 2022 - 1:10 a.m.

Security Bulletin: Multiple vulnerabilities have been identified in Smack API shipped with IBM Tivoli Netcool Impact (CVE-2014-0363, CVE-2014-0364)

2022-12-1301:10:48
www.ibm.com
6
ibm tivoli netcool impact
smack api
ignite realtime
cve-2014-0363
cve-2014-0364
spoofing
security restrictions

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

82.4%

Summary

Smack API is used by IBM Tivoli Netcool Impact as part of the Jabber service component. IBM Tivoli Netcool Impact has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2014-0363
**DESCRIPTION:**Ignite Realtime Smack API could allow a remote attacker to conduct spoofing attacks, caused by the failure to properly verify the basicConstraints and nameConstraints of a certificate within a certificate chain within the ServerTrustManager implementation. An attacker could exploit this vulnerability using man-in-the-middle techniques to conduct a spoofing attack.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92954 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID:CVE-2014-0364
**DESCRIPTION:**Ignite Realtime Smack API could allow a remote attacker to bypass security restrictions, caused by the failure to properly verify the from attribute for roster queries within the ParseRoster implementation. An attacker could exploit this vulnerability to add roster entries or spoof IQ responses.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92955 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0

Remediation/Fixes

** IBM strongly recommends addressing the vulnerability now.**

Product VRMF APAR Remediation
IBM Tivoli Netcool Impact 7.1.0 7.1.0.0 - 7.1.0.27 IJ41497 Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP28

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtivoli_netcool\/impactMatch7.1.0
CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

EPSS

0.009

Percentile

82.4%

Related for BB939C9EED3F1E8AC0F7ACB6889E158799E8E81F8ACADB3BCD740DF65E95DE5B