Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM Java Runtime Environment Java Technology Edition, Version 5.0 and the IBM Tivoli Directory Server
CVE-ID:CVE-2014-3065
**
DESCRIPTION**: IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users
CVSS Base Score: 6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)
CVE-ID: CVE-2014-8730 **
DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused by the failure to check the contents of the padding bytes when using CBC cipher suites of some TLS implementations. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) like attack to decrypt sensitive information and calculate the plaintext of secure connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99216> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
These vulnerabilities affect Tivoli Netcool Service Quality Manager 4.1.4
IBM has provided patches for all affected versions.
The IBM Java Runtime Environment can be downloaded from the IBM Fix Central site:
<https://delivery04.dhe.ibm.com/sar/CMA/WSA/04x1e/0/jre564redist.tar.gz>
To install the patch the following procedure has to be performed on TNSQM servers:
$ sap stop
$ sapmon stop
$ sapmgr stop
$ cd ${WMCROOT}/java
$ mv jre jre.old
$ gunzip -c <location of patch>/jre564redist.tar.gz | tar -xf -
$ sapmon start
$ sapmgr start
$ sap start
The patch for the IBM Tivoli Directory Server can be downloaded from the IBM Fix Central Site:
<http://www-01.ibm.com/support/docview.wss?uid=swg21692906>
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool service quality manager | eq | 4.1.4 |