The IBM WebSphere Application Server component provided with Tivoli Key Lifecycle Manager is vulnerable to potential denial of service.
CVEID:
CVE-2014-0964
**DESCRIPTION:**The version IBM WebSphere Application Server used by Tivoli Key Lifecycle Manager is subject to a potential denial of service when running Heartbleed scanning tools or if sending specially-crafted Heartbeat messages.
The attack does not require local network access or authentication, but a moderate degree of specialized knowledge and techniques are required. An exploit can affect the availability of the system, but it would not impact the confidentiality of information or the integrity of data.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/92877> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)
The following versions are affected:
Update your IBM WebSphere Application Server (WAS) with the appropriate Interim Fix based on information in the WebSphere security bulletin link below:
tklmVersionInfo
CLI command. java -fullversion
Affected versions | Websphere Application Server Version | APAR fix |
---|---|---|
TKLM 1.0 | 6.1.0.0 through 6.1.0.47 | PI16981 (Java 5 SR 16 FP 5) |
or | ||
Upgrade to WebSphere Application Server Fix Pack 6.1.0.47 | ||
Then apply Interim Fix PI51445: Will upgrade you to IBM SDK, Java 2 Technology Edition, (Java 5 SR 16 FP 14) | ||
TKLM 2.0 | 6.1.0.0 through 6.1.0.47 | PI16981 (Java 5 SR 16 FP 5) |
or | ||
Upgrade to WebSphere Application Server Fix Pack 6.1.0.47 | ||
Then apply Interim Fix PI51445: Will upgrade you to IBM SDK, Java 2 Technology Edition, (Java 5 SR 16 FP 14) | ||
TKLM 2.0.1 | 6.1.0.0 through 6.1.0.47 | PI16981 (Java 5 SR 16 FP 5) |
or | ||
Upgrade to WebSphere Application Server Fix Pack 6.1.0.47 | ||
Then apply Interim Fix PI51445: Will upgrade you to IBM SDK, Java 2 Technology Edition, (Java 5 SR 16 FP 14) |
None