WebSphere Application Server and IBM Tivoli Monitoring are shipped as components of IBM Service Delivery Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.
CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2016-3427** *DESCRIPTION: An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Principal Product and Version(s)
| Affected Supporting Product and Version
—|—
IBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27
IBM Tivoli Monitoring version 6.2.2 through 6.2.3
Principal Product and Version(s)
| Affected Supporting Product and Version|Affected Supporting Product Security Bulletin
—|—|—
IBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM WebSphere Application Server version 7.0.0.0 through 7.0.0.27| Consult the security bulletin Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427) for fix information.
IBM Service Delivery Manager version 7.2.1 through 7.2.4| IBM Tivoli Monitoring 6.2.2 through 6.2.3| Consult the security bulletin IBM Tivoli Monitoring embedded WebSphere Application Server (CVE-2016-3426, CVE-2016-3427) for fix information.