9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.09 Low
EPSS
Percentile
94.7%
Apache Struts is used by Netcool Operations Insight as part of internal services [CVE-2023-50164] This bulletin identifies the steps to take to address the vulnerability.
CVEID:CVE-2023-50164
**DESCRIPTION:**Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by the handling of file upload parameters, which, if manipulated, can lead to unauthorized path traversal. By uploading a specially crafted archive file containing βdot dotβ sequences (/β¦/), an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/273374 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
Netcool Operations Insight | 1.4 - 1.4.1.2 |
Netcool Operations Insight | 1.5. - 1.5.0.1 |
Netcool Operations Insight | 1.6 - 1.6.11 |
IBM strongly suggests applying the available fix for this issue.
Netcool Operations Insight can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture.
To see if a fix is required for your chosen architecture and configuration and how the fix can be applied please see <https://www.ibm.com/support/pages/node/7107013>
If you are not on version v1.6.11 and a fix is required you will need to upgrade to v1.6.11 first
Please go to <https://www.ibm.com/docs/en/noi/1.6.11?topic=upgrade> to follow the upgrade instructions relevant to your chosen architecture.
IBM Netcool Agile Service Manager component
If you are on v1.1 - v1.1.19, upgrade to v1.1.20.
For v1.1.20, refresh the relevant IBM Netcool Agile Service Manager packages that were uploaded to the IBM Passport Advantage Online website on 12th January 2024.
IBM Tivoli Netcool/OMNIbus_GUI component
If you are on 8.1.0 Fix Pack 32 Apply Fix Pack 33 Build 49 (Fix Pack for WebGUI 8.1.0 Fix Pack 33)
None
CPE | Name | Operator | Version |
---|---|---|---|
netcool operations insight | eq | 1.6.11 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.09 Low
EPSS
Percentile
94.7%