Lucene search

IBM5FABC793D7CAA03943111DEE40ABF4907F386A246F1486F0E4DA57A3553C76C9

HistoryAug 30, 2023 - 11:06 a.m.

Security Bulletin: ITCAM for Transactions affected by the Security vulnerability CVE-2018-1313 found in derbyclient-10.10.2.0.jar and its perivious versions

2023-08-3011:06:15

www.ibm.com

ibm

itcam

transactions

cve-2018-1313

vulnerability

fix

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

48.7%

JSON

Summary

IBM Tivoli Composite Application Manager (ITCAM) for Transactions - Transaction Tracking has addressed the following derbyclient-10.10.2.0.jar vulnerability and updated derbyclient.jar file form version 10.5.3.0 to 10.11.1.1

Vulnerability Details

CVEID:CVE-2018-1313
**DESCRIPTION:**Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By sending a specially-crafted network packet, an attacker could exploit this vulnerability to boot a database whose location and contents are under the user’s control.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/142898 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
ITCAM for Transactions	7.4.0.2

Remediation/Fixes

ITCAM for Transaction Tracking 7.4.0.2 IFix 22 - 7.4.0.2-TIV-CAMTT-IF0022

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_composite_application_manager_for_wesbsphereMatch7.4.0.2

CPENameOperatorVersion
tivoli composite application manager for applicationseq7.4.0.2

CPE	Name	Operator	Version
	tivoli composite application manager for applications	eq	7.4.0.2

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

48.7%

JSON

Related for 5FABC793D7CAA03943111DEE40ABF4907F386A246F1486F0E4DA57A3553C76C9