IBMA450602F9D1E9FA336E97EB418DCD0773856EBADD8BA2D19D59D3AEF6F499CFCSecurity Bulletin: A security vulnerability has been identified in Apache Storm, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2019-0202)
0.001 Low
EPSS
Percentile
30.0%
Summary
Apache Storm is shipped with IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting Apache Storm has been published here.
Vulnerability Details
CVE-ID:CVE-2019-0202
**Description:*Apache Storm could allow a remote attacker to obtain sensitive information, caused by improper access control by the Logviewer daemon. By sending a specially-crafted request, an attacker could exploit this vulnerability to read and search log files on hosts system.
CVSS Base Score: 7.5
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/164203 for more information
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
IBM Tivoli Network Manager IP Edition v4.2
Remediation/Fixes
IBM Tivoli Network Manager IP Edition 4.2
|
Upgrade to IBM Tivoli Network Manager 4.2 Fix Pack 8 at IBM Fix Central
—|—
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli network manager ip edition | eq | 4.2 |
Related
0.001 Low
EPSS
Percentile
30.0%