Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME5A5217145DAA0C5FADB3AD5EB42E32992B8C1302A8FD821CF187AB85EABCC8C
HistoryJun 17, 2018 - 2:54 p.m.

Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM JRE and Tivoli Directory Server

2018-06-1714:54:35
www.ibm.com
5

0.917 High

EPSS

Percentile

98.9%

JSON

Summary

Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM Java Runtime Environment Java Technology Edition, Version 5.0 and the IBM Tivoli Directory Server

Vulnerability Details

CVE-ID:CVE-2014-3065
**
DESCRIPTION**: IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users

CVSS Base Score: 6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)

CVE-ID: CVE-2014-8730 **
DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.

CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99216&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

These vulnerabilities affect Tivoli Netcool Service Quality Manager 4.1.4

Remediation/Fixes

IBM has provided patches for all affected versions.
The IBM Java Runtime Environment can be downloaded from the IBM Fix Central site:
<https://delivery04.dhe.ibm.com/sar/CMA/WSA/04x1e/0/jre564redist.tar.gz&gt;

To install the patch the following procedure has to be performed on TNSQM servers:

$ sap stop
$ sapmon stop
$ sapmgr stop
$ cd ${WMCROOT}/java
$ mv jre jre.old
$ gunzip -c <location of patch>/jre564redist.tar.gz | tar -xf -
$ sapmon start
$ sapmgr start
$ sap start

The patch for the IBM Tivoli Directory Server can be downloaded from the IBM Fix Central Site:
<http://www-01.ibm.com/support/docview.wss?uid=swg21692906&gt;

Workarounds and Mitigations

None

Related

ibm 83
fortinet 1
nessus 13
securityvulns 2
f5 3
threatpost 1
paloalto 1
thn 1
cve 2
cvelist 2
veracode 1
prion 2
nvd 2
lenovo 2
cisco 1
redhat 6
openvas 11
suse 7
aix 1
ibm
ibm
Security Bulletin: TLS padding vulnerability affects IBM HTTP Server shipped with IBM Business Process Manager family products (CVE-2014-8730)
2018-06-15 07:02:17
Security Bulletin: TLS padding vulnerability affects IBM Netezza Performance Portal (CVE-2014-8730)
2019-10-18 03:10:29
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with WebSphere Remote Server (CVE-2014-8730)
2018-06-15 07:02:46
fortinet
fortinet
CVE-2014-8730 "Poodle for TLS" vulnerability
2014-12-18 00:00:00
nessus
nessus
F5 Networks BIG-IP : TLS1.x padding vulnerability (K15882)
2014-12-09 00:00:00
IBM HTTP Server 8.5.0.0 <= 8.5.5.4 / 8.0.0.0 <= 8.0.0.10 / 7.0.0.0 <= 7.0.0.35 / 6.1.0.0 <= 6.1.0.47 / 6.0.0.0 <= 6.0.2.43 (521711)
2021-01-06 00:00:00
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)
2014-11-21 00:00:00
securityvulns
securityvulns
[oss-security] CVE question: Return of POODLE
2014-12-09 00:00:00
OpenSSL multiple security vulnerabilities
2014-12-09 00:00:00
f5
f5
K15882 : TLS1.x padding vulnerability CVE-2014-8730
2015-09-25 00:00:00
SOL15882 - TLS1.x padding vulnerability CVE-2014-8730
2014-12-08 00:00:00
SOL15702 - SSLv3 vulnerability CVE-2014-3566
2014-10-14 00:00:00
threatpost
threatpost
Two Cisco Products Vulnerable to POODLE Attack on TLS
2014-12-16 09:10:44
paloalto
paloalto
Padding-oracle attack on TLS CBC cipher mode
2015-01-12 08:00:00
thn
thn
POODLE SSL Vulnerability Now Attacking TLS Security Protocol
2014-12-09 04:03:00
cve
cve
CVE-2014-3065
2014-12-02 01:59:01
CVE-2014-8730
2014-12-10 00:59:01
cvelist
cvelist
CVE-2014-3065
2014-12-02 01:00:00
CVE-2014-8730
2014-12-10 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:03:04
prion
prion
Design/Logic Flaw
2014-12-02 01:59:00
Code injection
2014-12-10 00:59:00
nvd
nvd
CVE-2014-3065
2014-12-02 01:59:01
CVE-2014-8730
2014-12-10 00:59:01
lenovo
lenovo
POODLE: SSLv3 Vulnerability - Lenovo Support US
2016-07-22 00:00:00
POODLE: SSLv3 Vulnerability
2016-07-22 00:00:00
cisco
cisco
SSL-TLS Implementations Cipher Block Chaining Padding Information Disclosure Vulnerability
2014-12-11 19:21:05
redhat
redhat
(RHSA-2014:1881) Important: java-1.5.0-ibm security update
2014-11-20 00:00:00
(RHSA-2014:1877) Critical: java-1.6.0-ibm security update
2014-11-19 00:00:00
(RHSA-2014:1876) Critical: java-1.7.0-ibm security update
2014-11-19 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2014:1541-1)
2021-06-09 00:00:00
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:1526-1)
2015-10-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0376-1)
2021-06-09 00:00:00
suse
suse
Security update for java-1_6_0-ibm (important)
2015-02-21 01:07:10
Security update for java-1_5_0-ibm (important)
2015-02-25 19:05:32
Security update for IBM Java (important)
2014-12-02 19:04:43
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48

0.917 High

EPSS

Percentile

98.9%

JSON
Related for E5A5217145DAA0C5FADB3AD5EB42E32992B8C1302A8FD821CF187AB85EABCC8C
ibm83fortinet1nessus13securityvulns2f53threatpost1paloalto1thn1cve2cvelist2veracode1prion2nvd2lenovo2cisco1redhat6openvas11suse7aix1