Vulnerability has been addressed in the libcURL component of Tivoli Netcool/OMNIbus.
CVEID: CVE-2017-1000100**
DESCRIPTION:** cURL could allow a remote attacker to obtain sensitive information, caused by a TFTP URL Processing flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/130190 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Tivoli Netcool/OMNIbus 8.1.0, Tivoli Netcool/OMNIbus 7.4.0
Product
| VRMF| APAR| Remediation/First Fix
β|β|β|β
OMNIbus| 7.4.0.16| IV99760| http://www-01.ibm.com/support/docview.wss?uid=swg24044022
OMNIbus| 8.1.0.15| IV99760| <http://www-01.ibm.com/support/docview.wss?uid=swg24044023>
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/omnibus | eq | 7.4.0 | |
tivoli netcool/omnibus | eq | 8.1.0 |