‫ IBM Application Manager For Smart Business Multiple Vulnerabilities

IRCAD2013062741
ID: IRCAD2013062741
Release Date: 2013-06-17
Criticality level: Highly critical
 
Software:
IBM Application Manager For Smart Business 1.x
 
Description:
A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Some errors when processing URLs can be exploited to cause an AbEnd (Abnormal End) in an IBM Tivoli Monitoring process.
3) Certain unspecified input is not properly sanitised before being returned to the user.
4) An error during HTTP processing of URLs can be exploited to cause a segmentation fault within KDSMAIN.
5) Some errors within the Tivoli Monitoring internal web server can be exploited to conduct spoofing attacks.
6) An error when processing ClientHello message in the TLS Handshake Protocol can be exploited to crash the daemon.
7) A security issue and two vulnerabilities are caused due to a bundled vulnerable version of the IBM Global Security Toolkit (GSKit).
8) Multiple vulnerabilities are caused due to a bundled vulnerable version of Java.
The security issue and vulnerabilities are reported in IBM Application Manager For Smart Business 1.2.1 (formerly Tivoli Foundations Application Manager 1.2) having ITM base at 6.2.2 FP7 level or 6.2.2 FP2 level.
 
Solution
Apply 1.2.1.0-TIV-IAMSB-FP0004.
 
References:
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 28 خرداد 1392

امتیاز

امتیاز شما
تعداد امتیازها:0