There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Netcool Configuration Manager IP Edition v6.4.1 and v6.4.2, which were disclosed in the Oracle January 2019 Critical Patch Update.
CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)
CVEID: CVE-2019-2426 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM Tivoli Network Manager IP Edition v6.4.1, v6.4.2
Product
|
VRMF
|
Remediation/First Fix
—|—|—
ITNCM
|
6.4.2
|
Upgrade to ITNCM 6.4.2 FP008: ITNCM 6.4.2 Fix Pack 8
ITNCM
|
6.4.1
|
Contact IBM Support and quote the bulletin title to request a fix
None