Lucene search

IBMDE1F157EBE7E7F006D558032FBBEC2DAE20F24883C6F27F6FD7F815DB04E6D19

HistoryNov 08, 2021 - 12:59 p.m.

Security Bulletin: IBM Tivoli Netcool Impact is affected by an Apache Ant vulnerability (CVE-2021-36373)

2021-11-0812:59:38

www.ibm.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.8%

JSON

Summary

A vulnerability has been identified in the Apache Ant shipped with IBM Tivoli Netcool/Impact 7.1.0.22 and below.

Vulnerability Details

CVEID:CVE-2021-36373
**DESCRIPTION:**Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when large amounts of memory are allocated. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/205311 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Netcool Impact	7.1.0

Remediation/Fixes

Product	VRMF	APAR	Remediation
IBM Tivoli Netcool Impact 7.1.0	7.1.0.23	IJ34306	Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP23

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli netcool/impacteq7.1.0

CPE	Name	Operator	Version
	tivoli netcool/impact	eq	7.1.0

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.8%

JSON

Related for DE1F157EBE7E7F006D558032FBBEC2DAE20F24883C6F27F6FD7F815DB04E6D19