4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
APM WebSphere Application Server Agent and APM Tomcat Agent are vulnerable to jython-standalone-2.7.0.jar CVE-2013-2027. The workaround includes jython-standalone-2.7.0.jar upgraded to jython-standalone-2.7.3.jar.
CVEID:CVE-2013-2027
**DESCRIPTION:**Jython could allow a local attacker to bypass security restrictions, caused by an error when creating the class cache files. An attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the system or obtain sensitive information.
CVSS Base score: 4.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/102960 for the current score.
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P)
Affected Product(s) | Version(s) |
---|---|
APM WebSphere Application Server Agent and APM Tomcat Agent | all |
None
For APM WebSphere Application Server Agent and APM Tomcat Agent, please follow the below steps as a workaround:
jython-standalone-2.7.0.jar. must be upgraded from Maven Repository: Search/Browse/Explore (mvnrepository.com)
Procedure:
A. For APM WebSphere Application Server Agent:
Step 1: Stop the agent.
Step 2:
i. For Windows- Navigate to the folder $CANDLEHOME\dchome<version>\bin\jython
ii. For Linux/AIX/SOL- Navigate to the directory $CANDLEHOME/yndchome/<version>/bin/jython,
where <dchome>/<yndchome> would be data collector home and <version> would be data collector version for WebSphere Application Server Agent.
Step 3: Take the backup of jython.jar. Replace existing jython.jar with latest version of jython-standalone-2.7.3.jar. Rename jython-standalone-2.7.3.jar as jython.jar.
Step 4: Start the agent.
B. For APM Tomcat Agent:
Step 1: Stop the agent.
Step 2:
i. For Windows: Navigate to the folder $CANDLEHOME<dchome><version>\bin\jython
ii. For Linux Navigate to the directory $CANDLEHOME/<dchome>/<version>/bin/jython
where <dchome> would be otdchome and <version> would be 7.3.0.15.0 for Tomcat Agent.
Step 3: Take the backup of jython.jar. Replace existing jython.jar with latest version of jython-standalone-2.7.3.jar. Rename jython-standalone-2.7.3.jar as jython.jar.
Step 4: Start the agent.
CPE | Name | Operator | Version |
---|---|---|---|
apm websphere application server agent and apm tomcat agent | eq | any |