A vulnerabily has been addressed in the in PCRE component of IBM Tivoli Network Manager IP Edition.
CVEID: CVE-2016-1283**
DESCRIPTION:** PCRE is vulnerable to a heap-based buffer overflow, caused by the improper handling of patterns by the pcre_compile2() function. By using a specially crafted regular expression, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 7.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109363 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
AffectedProduct
| VRMF|APAR|Remediation/First Fix
—|—|—|—
Tivoli Network Manager IP Edition| 3.8.0.7| IV85816| Please call IBM service and reference the APAR to obtain the fix
Tivoli Network Manager IP Edition| 3.9.0.4/IF01| IV85816| Download Tivoli Network Manager IP Edition 3.9.0 Fix Pack 5
Tivoli Network Manager IP Edition | 4.1.0| IV85816| Please call IBM service and reference the APAR to obtain the fix
Tivoli Network Manager IP Edition| 4.1.1.1 | IV85816| Download Tivoli Network Manager IP Edition 4.1.1 PCRE Interim Fix.
Tivoli Network Manager IP Edition| 4.2.0.1| IV85816| Download Tivoli Network Manager IP Edition 4.2.0 Fix Pack 1
None