Apache Storm is shipped with IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting Apache Storm has been published here.
CVE-ID:CVE-2019-0202
**Description:*Apache Storm could allow a remote attacker to obtain sensitive information, caused by improper access control by the Logviewer daemon. By sending a specially-crafted request, an attacker could exploit this vulnerability to read and search log files on hosts system.
CVSS Base Score: 7.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/164203 for more information
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
IBM Tivoli Network Manager IP Edition v4.2
IBM Tivoli Network Manager IP Edition 4.2
|
Upgrade to IBM Tivoli Network Manager 4.2 Fix Pack 8 at IBM Fix Central
—|—
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli network manager ip edition | eq | 4.2 |