CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS
Percentile
82.4%
Smack API is used by IBM Tivoli Netcool Impact as part of the Jabber service component. IBM Tivoli Netcool Impact has addressed the applicable CVEs.
CVEID:CVE-2014-0363
**DESCRIPTION:**Ignite Realtime Smack API could allow a remote attacker to conduct spoofing attacks, caused by the failure to properly verify the basicConstraints and nameConstraints of a certificate within a certificate chain within the ServerTrustManager implementation. An attacker could exploit this vulnerability using man-in-the-middle techniques to conduct a spoofing attack.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92954 for the current score.
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVEID:CVE-2014-0364
**DESCRIPTION:**Ignite Realtime Smack API could allow a remote attacker to bypass security restrictions, caused by the failure to properly verify the from attribute for roster queries within the ParseRoster implementation. An attacker could exploit this vulnerability to add roster entries or spoof IQ responses.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/92955 for the current score.
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool Impact | 7.1.0 |
** IBM strongly recommends addressing the vulnerability now.**
Product | VRMF | APAR | Remediation |
---|---|---|---|
IBM Tivoli Netcool Impact 7.1.0 | 7.1.0.0 - 7.1.0.27 | IJ41497 | Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP28 |
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | tivoli_netcool\/impact | 7.1.0 | cpe:2.3:a:ibm:tivoli_netcool\/impact:7.1.0:*:*:*:*:*:*:* |