IBM5AB7C5317E6E4D84174BB8C187F10FDCA16906834043D64981ED07D790312C85Security Bulletin: A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent (CVE-2018-25032)
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
68.4%
Summary
A vulneraqbility in Zlib affects IBM Cloud Application Performance Managment R esponse Time Monitoring Agent and IBM Tivoli Composite Application Manager for Transactions Web Response Time agent.
Vulnerability Details
CVEID:CVE-2018-25032
**DESCRIPTION:**Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 |
| IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 |
| IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 |
Remediation/Fixes
| Product | Product Version | APAR | Remediation / First Fix |
|---|---|---|---|
| IBM Cloud Application Performance Management - Response Time Monitoring Agent | 8.1.4 | If you use the Response Time Monitoring Agent, the vulnerabilities can be remediated by applying the Response Time Monitoring Agent 8.1.4.0-IBM-APM-RT-AGENT-IF0013 patch to all systems where this agent is installed: | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Application+Performance+Management+Advanced&fixids=8.1.4.0-IBM-APM-RT-AGENT-IF0013&source=SAR | |||
| IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.1 | 7.4.0.1-TIV-CAMRT-IF0059 | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-IF0059&source=SAR | |||
| IBM Tivoli Composite Application Manager for Transactions (Response Time) | 7.4.0.2 | 7.4.0.2-TIV-CAMRT-IF0018 | |
| http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.2-TIV-CAMRT-IF0018&source=SAR |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli monitoring for transaction performance | eq | 7.4.0. | |
| tivoli monitoring for transaction performance | eq | 8.1.4 |
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
68.4%