Lucene search

K
ibmIBME7BF30E90642EA099BF91A02E679050FF4C2AFB516872D8D23F86F6D2BCEB123
HistoryJun 13, 2022 - 12:47 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms Oct 2021 CPU (CVE-2021-35550)

2022-06-1312:47:57
www.ibm.com
29

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

58.5%

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by 4.1.0.4 to 4.1.0.7 of IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in Oct 2021.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli System Automation for Multiplatforms 4.1

Remediation/Fixes

The recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on ‘Download link’ in the table below.

  • If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.4, please apply interim fix “4.1.0.4-TIV-ITSAMP-<OS>-IF0015” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.4.

  • If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.5, please apply interim fix “4.1.0.5-TIV-ITSAMP-<OS>-IF0009” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.5.

  • If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.6, please apply interim fix “4.1.0.6-TIV-ITSAMP-<OS>-IF0004” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.6.

  • If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.7, please apply interim fix “4.1.0.7-TIV-ITSAMP-<OS>-IF0002” where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.7.
    Product| VRMF| APAR
    —|—|—
    IBM Tivoli System Automation for Multiplatforms| 4.1| Download Link

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmtxseries_for_multiplatformsMatch4.1

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.002 Low

EPSS

Percentile

58.5%