Lucene search

K
ibmIBMD5A66CF2D7203294935E51CCC293D11C48AB2DEB03784B8468171D08CB2F79D3
HistoryJan 30, 2019 - 10:40 a.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Business Service Manager (CVE-2014-7810)

2019-01-3010:40:01
www.ibm.com
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

IBM WebSphere Application Server is shipped as a component of Tivoli Business Service Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.

Vulnerability Details

Please consult the Security Bulletin: Potential bypass security vulnerability in Expression Language library used by WebSphere Application Server (CVE-2014-7810) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Business Service Manager 6.1.x | IBM WebSphere Application Server 7.0
Tivoli Business Service Manager 6.2 | IBM WebSphere Application Server 8.5

Remediation/Fixes

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
Tivoli Business Service Manager 6.1.x | For IBM WebSphere Application Server V7.0.0.0 through 7.0.0.45:
This vulnerability requires IBM WebSphere Application Server fix pack levels as required by interim fix and then apply Interim Fix PH02063.
For instruction on how to upgrade IBM WebSphere Application Server see the latest 6.1.* Tivoli Business Service Manager Fix Pack readme.
Tivoli Business Service Manager 6.2 | For IBM WebSphere Application Server V8.5.0.0 through 8.5.5.14:
This vulnerability requires IBM WebSphere Application Server fix pack levels as required by interim fix and then apply Interim Fix PH02063.
--OR–
Apply Fix Pack 8.5.5.15 or later (targeted availability 1Q 2019).

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Related for D5A66CF2D7203294935E51CCC293D11C48AB2DEB03784B8468171D08CB2F79D3