Security Bulletin: Due to use of Oracle JDBC component, ITNM is vulnerable to an unspecified vulnerability (CVE-2016-3506)

Summary

IBM Tivoli Network Manager (ITNM) IP Edition uses the JDBC component of Oracle Database Server for connecting to supported Oracle databases when the product is deployed to use Oracle as a data store. An unspecified vulnerability has been reported in the Oracle JDBC component (CVE-2016-3506)

Vulnerability Details

CVEID:CVE-2016-3506
**DESCRIPTION:**An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/115131 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Remediation/Fixes

The issue has been fixed in ITNM 4.2 Fix Pack 16 (i.e. 4.2.0.16). Upgrade ITNM 4.2 to Fix Pack 16 from Fix Central.

IBM strongly recommends addressing the vulnerability now by upgrading.

4.2.0-TIV-ITNMIP-Linux-FP0016

4.2.0-TIV-ITNMIP-zLinux-FP0016

4.2.0-TIV-ITNMIP-AIX-FP0016

Workarounds and Mitigations

None