CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
87.6%
Castor Library used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2014-3004
CVEID:CVE-2014-3004
**DESCRIPTION:**Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/93519 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0 - 7.3.0.10 |
In order to fix this vulnerability, Please follow below steps:
**For TADDM 7.3.0.0-7.3.0.9,**Please upgrade your TADDM environment to 7.3.0.10 and then download the e-fix given in Table-1 and apply the e-fix.
**For TADDM 7.3.0.10,**Please download the e-fix given in Table-1 and apply the e-fix.
Table-1
Fix|
VRMF
| APAR|How to acquire fix
β|β|β|β
efix_castorlatest_FP10221123.zip|
7.3.0.10
| None| Download eFix
Please refer to the table below to download TADDM FixPack 7.3.0.10.
Fix | How to acquire fix |
---|---|
7.3-TIV-ITADDM-FP00010 | Download FixPack |
Please refer to the URL for TADDM FixPack 7.3.0.10 Release Notes containing more information about the update.
<https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp10>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_application_dependency_discovery_manager | 7.3.0.0 | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* |
ibm | tivoli_application_dependency_discovery_manager | 7.3.0.9 | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.9:*:*:*:*:*:*:* |