Main Vulnerability Database SB2022090131

SB2022090131 - Unsafe reflection in IBM Tivoli Business Service Manager

Published: September 1, 2022 Updated: October 22, 2022

Security Bulletin ID SB2022090131

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Unsafe reflection (CVE-ID: CVE-2014-0114)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to Apache Commons BeanUtils does not suppress the class property. A remote unauthenticated attacker can manipulate the ClassLoader and execute arbitrary code via the class parameter

Remediation

Install update from vendor's website.

References

https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-has-been-identified-in-apache-commons-beanutils-affects-ibm-tivoli-business-service-manager-cve-2014-0114/
https://www.ibm.com/support/pages/node/6494701