CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
93.5%
SBLIM and Apache Commons used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2008-7230, CVE-2010-1937 and CVE-2012-2328
CVEID:CVE-2008-7230
**DESCRIPTION:**An unspecified vulnerability in SBLIM-SFCB (Small Footprint CIM Broker) has an unknown impact and attack vector.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/48821 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2010-1937
**DESCRIPTION:**SBLIM-SFCB is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the getPayload() function when verifying the provided size value using the Content-Length header. By sending a specially-crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/59025 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVEID:CVE-2012-2328
**DESCRIPTION:**SBLIM is vulnerable to a denial of service, caused by insufficient randomization of hash data structures. By sending multiple specially-crafted HTTP POST requests to an affected application containing conflicting hash key values, a remote attacker could exploit this vulnerability to cause the consumption of CPU resources.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/76522 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Application Dependency Discovery Manager | 7.3.0.0 -7.3.0.11 |
In order to fix this vulnerability, Please follow below steps:
**For TADDM 7.3.0.0-7.3.0.9,**Please upgrade your TADDM environment to latest versions (preferably 7.3.0.11) and then download the e-fix given in Table-1 and apply the e-fix.
**For TADDM 7.3.0.10 - 7.3.0.11,**Please download the e-fix given in Table-1 and apply the e-fix.
Table-1
Fix|
VRMF
| APAR|How to acquire fix
—|—|—|—
efix_sblim_ApacheCommons_FP11230825.zip|
7.3.0.11
| None| Download eFix
efix_sblim_ApacheCommons_FP10221123.zip|
7.3.0.10
| None| Download eFix
Please refer to the table below to download TADDM FixPack 7.3.0.11.
Fix | How to acquire fix |
---|---|
7.3-TIV-ITADDM-FP00011 | Download FixPack |
Please refer to the URL for TADDM FixPack 7.3.0.11 Release Notes containing more information about the update.
https://www.ibm.com/docs/en/taddm/7.3.0?topic=release-notes#relnotes__fp11
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_application_dependency_discovery_manager | 7.3.0.0 | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* |
ibm | tivoli_application_dependency_discovery_manager | 7.3.0.9 | cpe:2.3:a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.9:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
High
EPSS
Percentile
93.5%