IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVEID:CVE-2018-1455**
DESCRIPTION: *IBM Tivoli Application Dependency Discovery Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/140090 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
TADDM 7.2.2.5
TADDM 7.3.0 (7.3.0.0-7.3.0.4)
For the affected TADDM release (7.2.2, 7.3.0), there is an eFix prepared on top of the latest FixPack:
Fix
|
VRMF
|
APAR
|
How to acquire fix
—|—|—|—
efix_Cross_Site_forgery_FP420171214.zip
|
7.3.0.4
|
None
|
efix_test_csrf_cve_2018_1455_FP520160209.zip
|
7.2.2.5
|
None
|
Details of the eFix are in etc/<efix_name>_readme.txt
If an eFix is required on any other TADDM version, please contact IBM Support. This fix contains TADDM code, if you have existing eFixes (ls -rlt etc/efix*), open a case for a custom version of this eFix. Include your current eFix level, TADDM version and a link to this bulletin.
The eFix is created to be installed on the above FixPack without any previously applied eFixes.