A vulnerability in javax.management API allows for remote code execution on IBM License Metric Tool and IBM Tivoli Asset Discovery for Distributed servers.
CVEID: CVE-2015-1920**
DESCRIPTION:** WebSphere Application Server could allow a remote attacker to execute arbitrary code by connecting to a management port and executing a specific sequence of instructions.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102404 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
IBM License Metric Tool v7.5 & v7.2.2
IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2
Apply the fixes available in the following WebSphere Application Server security bulletin: <http://www-01.ibm.com/support/docview.wss?uid=swg21883573>. Please mind, that servers in version 7.5 use WebSphere Application Server 7, and servers in version 7.2.2 use WebSphere Application Server 6.1.
None
Subscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.
Complete CVSS v2 Guide
On-line Calculator v2
Off
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
[{βProductβ:{βcodeβ:βSS8JFYβ,βlabelβ:βIBM License Metric Toolβ},βBusiness Unitβ:{βcodeβ:βBU053β,βlabelβ:βCloud & Data Platformβ},βComponentβ:βββ,βPlatformβ:[{βcodeβ:βPF002β,βlabelβ:βAIXβ},{βcodeβ:βPF010β,βlabelβ:βHP-UXβ},{βcodeβ:βPF016β,βlabelβ:βLinuxβ},{βcodeβ:βPF027β,βlabelβ:βSolarisβ},{βcodeβ:βPF033β,βlabelβ:βWindowsβ}],βVersionβ:β7.2.2;7.5β,βEditionβ:ββ,βLine of Businessβ:{βcodeβ:βLOB45β,βlabelβ:βAutomationβ}},{βProductβ:{βcodeβ:βSSHT5Tβ,βlabelβ:βTivoli Asset Discovery for Distributedβ},βBusiness Unitβ:{βcodeβ:βBU058β,βlabelβ:βIBM Infrastructure w/TPSβ},βComponentβ:" β,βPlatformβ:[{βcodeβ:βPF002β,βlabelβ:βAIXβ},{βcodeβ:βPF033β,βlabelβ:βWindowsβ},{βcodeβ:βPF010β,βlabelβ:βHP-UXβ},{βcodeβ:βPF016β,βlabelβ:βLinuxβ},{βcodeβ:βPF027β,βlabelβ:βSolarisβ}],βVersionβ:β7.5β,βEditionβ:β",βLine of Businessβ:{βcodeβ:βLOB26β,βlabelβ:βStorageβ}}]
CPE | Name | Operator | Version |
---|---|---|---|
ibm license metric tool | eq | 7.2.2 | |
ibm license metric tool | eq | 7.5 | |
tivoli asset discovery for distributed | eq | 7.5 |