IBMEC04C84423EE0C4E734038A3305029BA46FF47C7662107F5FFC07C3ACF2F1F61Security Bulletin: Multiple security vulnerabilities have been identified in WebSphere Application Server and IBM Tivoli Monitoring shipped with IBM Service Delivery Manager (CVE-2016-3426, CVE-2016-3427)
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
WebSphere Application Server and IBM Tivoli Monitoring are shipped as components of IBM Service Delivery Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.
Vulnerability Details
CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2016-3427** *DESCRIPTION: An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Affected Products and Versions
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27
IBM Tivoli Monitoring version 6.2.2 through 6.2.3
Remediation/Fixes
Principal Product and Version(s)
| Affected Supporting Product and Version|Affected Supporting Product Security Bulletin
—|—|—
IBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27| Consult the security bulletin Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427) for fix information.
IBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM Tivoli Monitoring 6.2.2 through 6.2.3| Consult the security bulletin IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427) for fix information.
Related
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C