7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
Multiple vulnerabilities in Open Source Apache Tomcat reported by The Apache Software Foundation affect IBM Tivoli Application Dependency Discovery Manager (TADDM)
CVEID:CVE-2021-25122
**DESCRIPTION:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by a flaw when responding to new h2c connection requests. By sending a specially-crafted request, an attacker could exploit this vulnerability to see the request body information from one request to another, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197517 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2021-25329
**DESCRIPTION:**Apache Tomcat could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw with a configuration edge case. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/197519 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0 |
Below eFix is prepared on top of 7.3.0.0 (7.3.0.1 - 7.3.0.8 not affected)
Fix | VRMF | APAR | How to acquire fix |
---|
efix_tomcat70108_201411291020.zip
| 7.3.0.0| None| Download eFix
Please get familiar with eFix readme in etc/<efix_name>_readme.txt
Note that the eFix requires manual deletion of the external/apache-tomcat directory.
The above eFix is applicable only to 7.3.0.0 and can be downloaded and applied directly.
Note: TADDM 7.3.0.1 - 7.3.0.8 are not affected as they use WebSphere Liberty Profile.
CPE | Name | Operator | Version |
---|---|---|---|
tivoli application dependency discovery manager | eq | 7.3.0.0 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N