SB2018042448 - Multiple vulnerabilities in IBM Tivoli Netcool Configuration Manager (ITNCM)
Published: April 24, 2018 Updated: June 30, 2023
Security Bulletin ID
SB2018042448
Severity
Low
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2018-2657)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a flaw in the Java SE, JRockit Serialization component. A remote attacker can cause partial denial of service conditions.
2) Information disclosure (CVE-ID: CVE-2018-2618)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JCE component. A remote attacker can access data.
3) Security restrictions bypass (CVE-ID: CVE-2018-2582)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can modify data.
4) Security restrictions bypass (CVE-ID: CVE-2018-2637)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JMX component. A remote attacker can access and modify data.
5) Privilege escalation (CVE-ID: CVE-2018-2633)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can gain system privileges on the target system.
Remediation
Install update from vendor's website.