Security Bulletin: A vulnerability exists in the IBM® SDK, Java™ Technology Edition affecting IBM Tivoli Network Manager (CVE-2023-22045, CVE-2023-22049).

Summary Vulnerabilities CVE-2023-22045, CVE-2023-22049 exist in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Manager IP Edition v4.2. Vulnerability Details CVEID: CVE-2023-22045 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component...

Security Bulletin: Due to use of Expat library, IBM Tivoli Network Manager (ITNM) is vulnerable to arbitrary code execution [CVE-2022-40674]

Summary Vulnerabilities found within libExpat CVE-2022-40674 that is used by IBM Tivoli Network Manager ITNM IP Edition. The fix contains the updated libExpat that resolves the vulnerability. Vulnerability Details CVEID:CVE-2022-40674 DESCRIPTION: libexpat could allow a remote attacker to execute...

Security Bulletin: ITNM is vulnerable to redirect vulnerabilities due to use of nitely/spirit libraries prior to 0.12.3 (CVE-2022-0869)

Summary Vulnerability CVE-2022-0869 found related to Spirit libraries used in IBM Tivoli Network Manager ITNM IP Edition. The fix contains the removal of vulnerable libraries. Vulnerability Details CVEID:CVE-2022-0869 DESCRIPTION: Spirit could allow a remote attacker to conduct phishing attacks,...

Security Bulletin: IBM Tivoli Network Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2019-1757)

Summary Apache log4j V1 is used by IBM Tivoli Network Manager as part of its logging infrastructure. This fix removed Apache log4j V1CVE-2019-1757 Vulnerability Details CVEID:CVE-2019-17571 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by...

Security Bulletin: Due to use of Apache Storm IBM Tivoli Network Manager is vulnerable to arbiraty code execution ( CVE-2021-38294, CVE-2021-40865 )

Summary Apache Storm is used by IBM Tivoli Network Manager ITNM within Pollar and Reporting. Apache Strom has been upgraded to 2.2.1 Vulnerability Details CVEID: CVE-2021-38294 DESCRIPTION: Apache Storm could allow a remote attacker to execute arbitrary code on the system, caused by a command...

Security Bulletin: IBM Tivoli Network Manager IP Edition is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Multiple vulnerabilities identified within the Apache Log4j CVE-2021-45105 and CVE-2021-45046 library that is used by IBM Tivoli Network Manager ITNM IP Edition to provide logging functionality. The fix includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION:...

Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager (CVE-2020-1954).

Summary Apache CXF is shipped with IBM Tivoli Network Manager version 4.2; Information about a security vulnerability affecting IBM WebSphere Application Server is published in this bulletin. Vulnerability Details CVEID: CVE-2020-1954 DESCRIPTION: Apache CXF is vulnerable to a man-in-the-middle...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager (CVE-2019-4271)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager version 4.2. Information about IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletinss listed in the Remediation/Fixes section...