9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
IBM Tivoli Workload Scheduler is not vulnerable to CVE-2014-6271 or CVE-2014-7169 Bash vulnerability as shipped out of the box, but action could be required because Tivoli Workload Scheduler installation on AIX through Launchpad requires bash.
CVE-2014-6271 and CVE-2014-7169 vulnerabilities (also called Shellshock) affects Bash that is delivered in Unix platforms. Fixes for Bash will come from Unix distribution. IBM Tivoli Workload Scheduler does not ship bash.
Even if Tivoli Workload Scheduler doesn’t ship bash in some cases bash is required:
- Tivoli Workload Scheduler installation for all releases through Lauchpad requires bash on AIX and Firefox.
- Tivoli Workload Scheduler 9.1 GA level requires bash for the prerequisite check: TWS 9.1 FP01 removes thsi requirement.
- the “version” command for the following releases:
8.4 (all fixpacks), 8.5 (all fixpacks but FP05), 8.5.1 (all fixpacks but FP05), 8.6 (GA only). This command is manually issued to display the current version of the product.
- The Tivoli Dynamic Workload Console wastools commands backupConfig.sh and restoreConfig.sh commands require bash in the 9.1 FP01 and 9.2 GA level version. These commands are used to create backups of the current Tivoli Dynamic Workload Console configuration and/or clone it.
IBM highly recommends upgrading your bash from your operating system vendor. If you cannot apply the fixes for bash please consider the above limitations.
none
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C