9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
IBM WebSphere Application Server is shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Additionally, IBM Business Process Manager is shipped with IBM Cloud Orchestrator. The IBM SmartCloud Cost Management and IBM Tivoli Monitoring are shipped with Cloud Orchestrator Enterprise.
Information about a potential security vulnerability affecting IBM WebSphere Application Server, IBM SmartCloud Cost Management, IBM Business Process Manager, and Tivoli Monitoring are published in a security bulletin.
Note: IBM Cloud Orchestrator V2.4 FixPack 4 is not affected as it ships with IBM WebSphere Application Server V8.5.5.10.
Consult the Security Bulletin: Vulnerability in Apache Standard Taglibs affects IBM WebSphere Application Server (CVE-2015-0254) for vulnerability details.
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.01, V2.4.0.2, V2.4.0.3|
IBM WebSphere Application Server V8.5.5 through V8.5.5.7 Traditional Full profile
IBM Business Process Manager Standard V8.5.5 - V8.5.6.2
IBM Cloud Orchestrator V2.3, V2.3.0.1 through Interim Fix 9|
IBM WebSphere Application Server V8.0, V8.0.11
IBM Business Process Manager Standard V8.5.0.1
|
IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.01, V2.4.0.2, V2.4.0.3|
IBM WebSphere Application Server V8.5.5 through V8.5.5.7 Traditional Full and Liberty profile
IBM SmartCloud Cost Management V2.1.0.4 through V2.1.0.5
IBM Tivoli Monitoring V6.3.0.2
IBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1 through Interim Fix 9|
IBM WebSphere Application Server V8.0, V8.0.11
IBM SmartCloud Cost Management V2.1.0.3
IBM Tivoli Monitoring V6.3.0.1
Refer to the following security bulletins for information about fixes addressed by IBM WebSphere Application Server and IBM Business Process Manager, which is shipped with IBM Cloud Orchestrator.
Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
IBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.01, V2.4.0.2,V2.4.0.3, |
Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2015-0254)
IBM Cloud Orchestrator V2.3, V2.3.0.1 through Interim Fix 9|
Refer to the following security bulletins for information about fixes addressed by IBM WebSphere Application Server, IBM SmartCloud Cost Management, and Tivoli Monitoring, which are shipped with IBM Cloud Orchestrator Enterprise edition. Principal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin |
---|---|---|
IBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2,V2.4.0.3 |
Tivoli Monitoring V6.3.0.2
| Security Bulletin: IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427, CVE-2016-0306, CVE-2015-0254)
IBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1 through Interim Fix 9|
IBM WebSphere Application Server V8.0, V8.0.11
IBM SmartCloud Cost Management V2.1.0.3
Tivoli Monitoring V6.3.0.1
| Contact IBM Support
None
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C