IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Configuration Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.
Please consult the security bulletin Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450) for vulnerability details and information about fixes.
CVEID: CVE-2015-7450**
DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107918 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
ITNCM version 6.4.1.3
ITNCM version 6.3.0.6| Embedded IBM WebSphere Application Server eWAS 7.0
_ <Product_ | _ VRMF_ | _ APAR_ | _ Remediation/First Fix_ |
---|---|---|---|
_ ITNCM_ | _ 6.4.1.3 IF001_ | _ none_ | http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=6.4.1.3&platform=All&function=fixId&fixids=ITNCM_6.4.1.3_IF001&includeRequisites=1&includeSupersedes=0&downloadMethod=http |
_ ITNCM_ | _ 6.3.0.6 IF004_ | _ none_ | http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ETivoli&product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&release=6.3.0.6&platform=All&function=all |
For ITNCM 6.2.x IBM recommends upgrading to a fixed, supported version/release/platform of the product.