IBMCF290EFF4C7173AEEFF7402645BDB2A194F0F98628CB6A0696A28729A7B0CA1DSecurity Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%
Abstract
IBM Tivoli Composite Application Manager for Transactions is shipped with two IBM JREs that are based on Oracle Java. It is also dependent on ITM 6.2.1 Framework, which also has its own JRE. Oracle has released an April 2013 Critical Patch Update (CPU) that contains security vulnerability fixes and IBM Java is affected.
Content
VULNERABILITY DETAILS:
| CVE ID | DESCRIPTION |
|---|---|
| CVE-2013-0401 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82823> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via vectors related to AWT |
| CVE-2013-0402 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82822> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Heap-based buffer overflow in the JRE component allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX |
| CVE-2013-1488 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82821> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via unspecified vectors involving reflection and Libraries |
| CVE-2013-1491 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82822> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | The JRE component allows remote attackers to execute arbitrary code via vectors related to 2D |
| CVE-2013-1518 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83566> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP |
| CVE-2013-1537 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83571> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI |
| CVE-2013-1540 | |
| CVSS Base Score: 4.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83590> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-1557 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83572> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI |
| CVE-2013-1558 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83561> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans |
| CVE-2013-1561 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83583> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to JavaFX |
| CVE-2013-1563 | |
| CVSS Base Score: 7.6 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83579> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install |
| CVE-2013-1564 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83584> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component in llows remote attackers to affect integrity via unknown vectors related to JavaFX |
| CVE-2013-1569 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83557> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2383 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83555> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2384 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83556> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2394 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83576> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2414 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83567> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX |
| CVE-2013-2415 | |
| CVSS Base Score: 2.1 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83592> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows local users to affect confidentiality via vectors related to JAX-WS |
| CVE-2013-2416 | |
| CVSS Base Score: 4.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83588> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-2417 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83586> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to Networking |
| CVE-2013-2418 | |
| CVSS Base Score: 4.6 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83587> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P | Unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-2419 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83581> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via unknown vectors related to 2D |
| CVE-2013-2420 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83560> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2421 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83573> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in JRE component llows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot |
| CVE-2013-2422 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83570> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-2423 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83591> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to HotSpot |
| CVE-2013-2424 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83582> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JMX |
| CVE-2013-2425 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83564> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install |
| CVE-2013-2426 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83574> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-2427 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83569> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX |
| CVE-2013-2428 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83568> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX |
| CVE-2013-2429 | |
| CVSS Base Score: 7.6 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83578> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO |
| CVE-2013-2430 | |
| CVSS Base Score: 7.6 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83577> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO |
| CVE-2013-2431 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83564> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot |
| CVE-2013-2432 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83559> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2433 | |
| CVSS Base Score: 4.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83589> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
| CVE-2013-2434 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83558> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
| CVE-2013-2435 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83563> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
| CVE-2013-2436 | |
| CVSS Base Score: 9.3 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83575> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
| CVE-2013-2438 | |
| CVSS Base Score: 5 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83585> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to JavaFX |
| CVE-2013-2439 | |
| CVSS Base Score: 6.9 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83580> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install |
| CVE-2013-2440 | |
| CVSS Base Score: 10 | |
| CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/83562> | |
| CVSS Environmental Score*: Undefined | |
| CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
AFFECTED PRODUCTS AND VERSIONS:
Versions 7.1.x.x to 7.3.x.x are affected.
REMEDIATION:
_Remediation is done in two parts. _
_ITCAM for Transactions users may be affected due to its dependency on ITM framework. On machines with other ITM agents, please ensure the latest updates has been applied. On machines with only ITCAM for Transactions Agent, they should obtain the ITM OS Agent and install that. Refer to _
http://www-01.ibm.com/support/docview.wss?uid=swg21634920
Additionally for Robotics Response Time (T6) Agent users:
Appropriate maintenance can be tracked by APAR IV43371. Apply maintenance patch 7.3.0.1-TIV-CAMRT-IF0021 (applicable for versions 7.1, 7.2 and 7.3), it will address above issues by updating the JREs shipped. The maintenance package will be available on Fix Central.
| _Fix_* | VRMF | APAR | How to acquire fix |
|---|---|---|---|
| 7.3.0.1-TIV-CAMRT-IF0021 | 7.3.0.1.20 | IV43371 | FixCentral |
Workaround(s):
None
Mitigation(s):
None
REFERENCES:
Complete CVSS v2 Guide
On-line Calculator V2
__X-Force Vulnerability Database
__CVE-2013-0401 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/82822>_ _
_CVE-2013-0402 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/82823>_ _
_CVE-2013-1488 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/82820>_ _
_CVE-2013-1491 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/82821>_ _
_CVE-2013-1518 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83566>_ _
_CVE-2013-1537 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83571>_ _
_CVE-2013-1540 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83590>_ _
_CVE-2013-1557 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83572>_ _
_CVE-2013-1558 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83561>_ _
_CVE-2013-1561 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83583>_ _
_CVE-2013-1563 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83579>_ _
_CVE-2013-1564 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83584>_ _
_CVE-2013-1569 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83557>_ _
_CVE-2013-2383 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83555>_ _
_CVE-2013-2384 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83556>_ _
_CVE-2013-2394 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83576>_ _
_CVE-2013-2414 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83567>_ _
_CVE-2013-2415 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83592>_ _
_CVE-2013-2416 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83588>_ _
_CVE-2013-2417 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83586>_ _
_CVE-2013-2418 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83587>_ _
_CVE-2013-2419 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83581>_ _
_CVE-2013-2420 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83560>_ _
_CVE-2013-2421 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83573>_ _
_CVE-2013-2422 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83570>_ _
_CVE-2013-2423 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83591>_ _
_CVE-2013-2424 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83582>_ _
_CVE-2013-2425 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83565>_ _
_CVE-2013-2426 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83574>_ _
_CVE-2013-2427 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83569>_ _
_CVE-2013-2428 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83568>_ _
_CVE-2013-2429 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83578>_ _
_CVE-2013-2430 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83577>_ _
_CVE-2013-2431 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83564>_ _
_CVE-2013-2432 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83559>_ _
_CVE-2013-2433 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83589>_ _
_CVE-2013-2434 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83558>_ _
_CVE-2013-2435 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83563>_ _
_CVE-2013-2436 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83575>_ _
_CVE-2013-2438 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83585>_ _
_CVE-2013-2439 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83580>_
CVE-2013-2440 _- __<https://exchange.xforce.ibmcloud.com/vulnerabilities/83562>_
_*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. _
_Note: _According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Related Information
[{“Product”:{“code”:“SS5MD2”,“label”:“Tivoli Composite Application Manager for Transactions”},“Business Unit”:{“code”:“BU059”,“label”:“IBM Software w/o TPS”},“Component”:“ITCAM TRANSACT RRT 5724S79RR v710”,“Platform”:[{“code”:“PF002”,“label”:“AIX”},{“code”:“PF016”,“label”:“Linux”},{“code”:“PF033”,“label”:“Windows”}],“Version”:“7.1;7.2;7.3”,“Edition”:“All Editions”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.8%