Security Bulletin: IBM Tivoli Monitoring clients affected by vulnerabilities in IBM JRE executed under a security manager.

Flash (Alert)


Abstract

IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity.

Content

VULNERABILITY DETAILS:

CVE-2013-2436
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/83575 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the usage of MethodHandlers could allow a remote attacker to execute arbitrary code on the system.
CVE-2013-2467
CVSS Base Score: 6.9
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85043 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in theJRE Install component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2448
CVSS Base Score: 7.6
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85040 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Sound component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2459
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85033 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2463
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85029 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2464
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85030 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2465
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85031 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2466
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85035 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2468
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85034 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2469
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85032 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2470
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85025 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2471
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2472
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85027 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2473
CVSS Base Score: 10
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85028 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2460
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85038 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2462
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85037 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact
CVE-2013-3743
CVSS Base Score: 9.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85036 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in the JRE AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVE-2013-2444
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85047 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in the JRE AWT component could allow a remote attacker to cause a denial of service.
CVE-2013-2450
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85057 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
An unspecified vulnerability in the JRE Serialization component could allow a remote attacker to cause a denial of service.
CVE-2013-2400
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85050 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JRE Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2453
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85053 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JRE JMX component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2457
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85052 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JRE JMX component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-3744
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85051 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
An unspecified vulnerability in the JREA Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2412
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85059 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Serviceability component could allow a remote attacker to obtain sensitive information.
CVE-2013-2437
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85049 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Deployment component could allow a remote attacker to obtain sensitive information.
CVE-2013-2443
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85054 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2446
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85048 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE CORBA component could allow a remote attacker to obtain sensitive information.
CVE-2013-2447
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85056 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Networking component could allow a remote attacker to obtain sensitive information
CVE-2013-2452
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85055 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2455
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/84146 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information
CVE-2013-2456
CVSS Base Score: 5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85058 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Serialization component could allow a remote attacker to obtain sensitive information
CVE-2013-2449
CVSS Base Score: 4.3
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85060 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
An unspecified vulnerability in the JRE Libraries component could allow a remote attacker to obtain sensitive information.
CVE-2013-2407
CVSS Base Score: 6.4
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85044 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)
An unspecified vulnerability in the JRE Libraries component has partial confidentiality impact, no integrity impact, and partial availability impact.
CVE-2013-1500
CVSS Base Score: 3.6
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85062 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in the JRE 2D component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2454
CVSS Base Score: 5.8
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85045 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in the JRE JDBC component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2458
CVSS Base Score: 5.8
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85046 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
An unspecified vulnerability in the JRE Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVE-2013-2451
CVSS Base Score: 3.7
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85061 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in the JRE Networking component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2013-2442
CVSS Base Score: 7.5
CVSS Temporal Score: See CVSS Temporal Score: http://xforce.iss.net/xforce/xfdb/85041 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
An unspecified vulnerability in the JRE Deployment component has partial confidentiality impact, partial integrity impact, and partial availability impact.
CVE-2013-4002
CVSS Base Score: 7.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/85260 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
A denial of service vulnerability in IBM Java could result in a complete availability impact on the affected system.
CVEID: CVE-2013-3006
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84147 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3007
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84148 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3008
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84149 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3009
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84150 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3010
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3011
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.
CVEID: CVE-2013-3012
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/84153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)
An unspecified vulnerability in IBM Java could allow a remote attacker to execute arbitrary code on the system. This vulnerability has complete confidentiality, integrity, and availability impact.



AFFECTED PRODUCTS AND VERSIONS:
IBM Tivoli Monitoring version 6.3.0 through 6.3.0 Fix Pack 01
IBM Tivoli Monitoring version 6.2.3 through 6.2.3 Fix Pack 03
IBM Tivoli Monitoring version 6.2.2 through 6.2.2 Fix Pack 09
IBM Tivoli Monitoring version 6.2.1 through 6.2.1 Fix Pack 04
IBM Tivoli Monitoring version 6.2.0 through 6.2.0 Fix Pack 03


REMEDIATION:
These vulnerabilities exist where the affected JRE is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system.

This fix below provides updated JRE packages for the portal which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients.

Fix VRMF APAR How to acquire fix
6.X.X-TIV-ITM_JRE_TEP-20130927 6.2.0 through 6.2.3 FP3 IV47588 http://www-01.ibm.com/support/docview.wss?uid=swg24035796
6.3.0-TIV-ITM-FP0002 6.3.0
through
6.3.0 FP1
IV44422 http://www-01.ibm.com/support/docview.wss?uid=swg24035402


The Fix Pack listed below will include the updated JRE packages from the 6.X.X-TIV-ITM_JRE_TEP-20130927 patch.
Fix VRMF APAR How to acquire fix
6.2.3-TIV-ITM-FP0005 6.2.3 IV47588 http://www-01.ibm.com/support/docview.wss?uid=swg24035801

Refer to the link above for status on availability.


Workaround(s):
None.

Mitigation(s):
None.

REFERENCES:
Complete CVSS Guide
On-line Calculator V2
X-Force Vulnerability Database


In addition, the IBM 1.6 JRE updated in the patches listed in the Remediation section above also include the following CVEs:
CVE-2013-2436 - http://xforce.iss.net/xforce/xfdb/83575
CVE-2013-2467 - http://xforce.iss.net/xforce/xfdb/85043
CVE-2013-2448 - http://xforce.iss.net/xforce/xfdb/85040
CVE-2013-2459 - http://xforce.iss.net/xforce/xfdb/85033
CVE-2013-2463 - http://xforce.iss.net/xforce/xfdb/85029
CVE-2013-2464 - http://xforce.iss.net/xforce/xfdb/85030
CVE-2013-2465 - http://xforce.iss.net/xforce/xfdb/85031
CVE-2013-2466 - http://xforce.iss.net/xforce/xfdb/85035
CVE-2013-2468 - http://xforce.iss.net/xforce/xfdb/85034
CVE-2013-2469 - http://xforce.iss.net/xforce/xfdb/85032
CVE-2013-2470 - http://xforce.iss.net/xforce/xfdb/85025
CVE-2013-2471 - http://xforce.iss.net/xforce/xfdb/85026
CVE-2013-2472 - http://xforce.iss.net/xforce/xfdb/85027
CVE-2013-2473 - http://xforce.iss.net/xforce/xfdb/85028
CVE-2013-2460 - http://xforce.iss.net/xforce/xfdb/85038
CVE-2013-2462 - http://xforce.iss.net/xforce/xfdb/85037
CVE-2013-3743 - http://xforce.iss.net/xforce/xfdb/85036
CVE-2013-2444 - http://xforce.iss.net/xforce/xfdb/85047
CVE-2013-2450 - http://xforce.iss.net/xforce/xfdb/85057
CVE-2013-2400 - http://xforce.iss.net/xforce/xfdb/85050
CVE-2013-2453 - http://xforce.iss.net/xforce/xfdb/85053
CVE-2013-2457 - http://xforce.iss.net/xforce/xfdb/85052
CVE-2013-3744 - http://xforce.iss.net/xforce/xfdb/85051
CVE-2013-1571 - http://xforce.iss.net/xforce/xfdb/84715
CVE-2013-2412 - http://xforce.iss.net/xforce/xfdb/85059
CVE-2013-2437 - http://xforce.iss.net/xforce/xfdb/85049
CVE-2013-2443 - http://xforce.iss.net/xforce/xfdb/85054
CVE-2013-2446 - http://xforce.iss.net/xforce/xfdb/85048
CVE-2013-2447 - http://xforce.iss.net/xforce/xfdb/85056
CVE-2013-2452 - http://xforce.iss.net/xforce/xfdb/85055
CVE-2013-2455 - http://xforce.iss.net/xforce/xfdb/84146
CVE-2013-2456 - http://xforce.iss.net/xforce/xfdb/85058
CVE-2013-2449 - http://xforce.iss.net/xforce/xfdb/85060
CVE-2013-2407 - http://xforce.iss.net/xforce/xfdb/85044
CVE-2013-1500 - http://xforce.iss.net/xforce/xfdb/85062
CVE-2013-2454 - http://xforce.iss.net/xforce/xfdb/85045
CVE-2013-2458 - http://xforce.iss.net/xforce/xfdb/85046
CVE-2013-2451 - http://xforce.iss.net/xforce/xfdb/85061
CVE-2013-2442 - http://xforce.iss.net/xforce/xfdb/85041
CVE-2013-4002 - http://xforce.iss.net/xforce/xfdb/85260
CVE-2013-3006 - http://xforce.iss.net/xforce/xfdb/84147
CVE-2013-3007 - http://xforce.iss.net/xforce/xfdb/84148
CVE-2013-3008 - http://xforce.iss.net/xforce/xfdb/84149
CVE-2013-3009 - http://xforce.iss.net/xforce/xfdb/84150
CVE-2013-3010 - http://xforce.iss.net/xforce/xfdb/84151
CVE-2013-3011 - http://xforce.iss.net/xforce/xfdb/84152
CVE-2013-3012 - http://xforce.iss.net/xforce/xfdb/84153


RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


ACKNOWLEDGEMENT
The vulnerabilities described by the following CVEs were reported to IBM by Adam Gowdiak of Security Explorations: CVE-2013-3006, CVE-2013-3007, CVE-2013-3008, CVE-2013-3009, CVE-2013-3010, CVE-2013-3011, and CVE-2013-3012.


CHANGE HISTORY
27 September 2013 Original Copy Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.


Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Monitoring Version 6

Software version:

6.2.0, 6.2.1, 6.2.2, 6.3.0

Operating system(s):

Linux, Windows

Reference #:

1650778

Modified date:

2013-09-27

Translate my page

Machine Translation

Content navigation