9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
IBM WebSphere Application Server is shipped as a component of Tivoli Netcool/Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Please consult the security bulletin Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450) for vulnerability details and information about fixes.
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
Tivoli Netcool/Impact 6.1.x| WebSphere 7.0
Tivoli Netcool/Impact 7.1.0| WebSphere Liberty Profile 8.5.5
VRMF
| Websphere release level| Remediation
—|—|—
6.1.*| 7.0| Apply Interim Fix PI52103
-- OR
Apply Fix Pack 41 (7.0.0.41), or later (targeted availability 11 April 2016 *)
For instruction on how to upgrade Websphere see the latest 6.1.* Netcool Impact FP readme.
* Note this date is a scheduled date and does not represent a formal commitment by IBM.
7.1.0.0
7.1.0.1
7.1.0.2| 8.5.5.2
8.5.5.4| Move to 7.1.0-TIV-NCI-FP0003 and apply Interim Fix for PI52103. See 8556-wlp-archive-IFPI52103 in <http://www-01.ibm.com/support/docview.wss?uid=swg24041257>[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041152>).[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041152>)
7.1.0-TIV-NCI-FP0003 is available here:
<http://www.ibm.com/support/docview.wss?uid=swg24040149>
7.1.0.3| 8.5.5.6| Apply Interim Fix for PI52103. See 8556-wlp-archive-IFPI52103 in <http://www-01.ibm.com/support/docview.wss?uid=swg24041257>[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041152>).
7.1.0.4 (future release)| 8.5.5.6+PI45266+PI52103| Impact 7.1.0.4 (due Q4 2015 *) will update Websphere Liberty Profile with fix for PI45266+PI52103. No further action is required to manually update WLP.
* Note this date is a scheduled date and does not represent a formal commitment by IBM.
(future release)| 8.5.5.8 (future release)| Plans to update Websphere Liberty Profile to version 8.5.5.8 (planned for release mid-Dec 2015*) are included for the next service release for Impact (due Q2 2016 *)
* Note this date is a scheduled date and does not represent a formal commitment by IBM.
Tivoli Netcool/Impact 5.1.1 is not affected as this ships with WebSphere 6.1.
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/impact | eq | 6.1 | |
tivoli netcool/impact | eq | 6.1.1 | |
tivoli netcool/impact | eq | 7.1.0 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C