A vulnerability has been identified in the Apache Commons FileUpload shipped with IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Apache Commons FileUpload has been published in a security bulletin.
CVEID:CVE-2014-0034
**DESCRIPTION:**Apache CXF could allow a remote attacker to bypass security restrictions, caused by the improper handling of invalid SAML tokens by the SecurityTokenService. An attacker could exploit this vulnerability using a specially-crafted token to bypass the authentication process and gain unauthorized access to the system.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/94337 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-0050
**DESCRIPTION:**Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/90987 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2013-2186
**DESCRIPTION:**Apache commons-fileupload could allow a remote attacker to overwrite arbitrary files on the system, caused by a NULL byte in the implementation of the DiskFileItem class. By sending a serialized instance of the DiskFileItem class, an attacker could exploit this vulnerability to write or overwrite arbitrary files on the system.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/88133 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P)
CVEID:CVE-2016-3092
**DESCRIPTION:**Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/114336 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Business Service Manager | 6.2.0 |
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Tivoli Business Service Manager 6.2.0 | 6.2.0.3 IF | IJ32982 | Upgrade to Upgrade to IBM Tivoli Business Service Manager 6.2.0.3 IF2 |
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli business service manager | eq | 6.2.0 |