IBMEFBFD5CA425CFD15895A0238B9FCD0666FA623E8BEE98A7B6F3BBB116CD161F1Security Bulletin: A vulnerability in OpenLDAP affects IBM Tivoli Composite Application Manager for Transactions (CVE-2015-6908)
0.947 High
EPSS
Percentile
99.3%
Summary
A vulnerability in OpenLDAP 2.4.42 was disclosed on September 10, 2015 by openldap.org as a fix in OpenLDAP 2.4.43 (ITS#8240). OpenLDAP 2.4.44, used by IBM Tivoli Composite Application Manager for Transactions, has addressed the vulnerability.
Vulnerability Details
CVE-ID:CVE-2015-6908
DESCRIPTION: OpenLDAP is vulnerable to a denial of service, caused by an assertion error in the ber_get_next() function. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause the slapd service to crash.
CVSS Base Score: 5.300
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/106296 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM Tivoli Composite Application Manager (ITCAM) for Transactions is affected. ITCAM for Transactions contains multiple sub components (Agents). Only the Internet Service Monitoring component (ISM β Agent code βISβ) is affected.
Versions:
Β· 7.4 β Affected by CVE (CVE-2015-6908)
Β· 7.3 β Affected by CVE (CVE-2015-6908)
Remediation/Fixes
Product
| VRMF| APAR| Remediation/First Fix
β|β|β|β
7.4.0.1-TIV-CAMIS-IF0003| 7.4.0.1| None| http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002582
7.3.0.1-TIV-CAMIS-IF0037| 7.3.0.1| None| http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002628
For older versions of IBM Tivoli Composite Application manager for Transactions (eg 7.1 & 7.2), IBM recommends upgrading to a fixed, supported version/release/platform of the product.
Workarounds and Mitigations
None known
| CPE | Name | Operator | Version |
|---|---|---|---|
| tivoli composite application manager for transactions | eq | 7.4 |
Related
0.947 High
EPSS
Percentile
99.3%