Lucene search

IBMF04E1D72981716138ECFA88F186C8E726517F21454986A22149962A84F4A0A54

HistoryAug 17, 2018 - 9:25 a.m.

Security Bulletin: IBM Security Access Manager and IBM Tivoli Access Manager for e-business are affected by an information exposure vulnerability (CVE-2017-1474)

2018-08-1709:25:47

www.ibm.com

0.001 Low

EPSS

Percentile

48.3%

JSON

Summary

IBM Security Access Manager and IBM Tivoli Access Manager for e-business have addressed the following vulnerability due to the disclosure of sensitive information.

Vulnerability Details

CVEID: CVE-2017-1474 DESCRIPTION: IBM Security Access Manager Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected product

Affected Versions

Remediation/Fixes

S****oftware releases

Product	VRMF	APAR	Remediation
IBM Tivoli Access Manager for e-business	6.1 - 6.1.0.34	IJ06424	Apply Interim Fix 35:
6.1.0-ISS-TAM-IF0035
IBM Tivoli Access Manager for e-business	6.1.1 - 6.1.1.33	IJ06424	Apply Interim Fix 34:
6.1.1-ISS-TAM-IF0034
IBM Security Access Manager for Web (software)	7.0 - 7.0.0.33 (software)	IJ06424	Apply Interim Fix 34:
7.0.0-ISS-SAM-IF0034

Appliance releases

Product

VRMF

APAR

Remediation

—|—|—|—
IBM Security Access Manager for Web | 7.0 - 7.0.0.32 | IJ01936 | Upgrade to 7.0.0.34:
7.0.0-ISS-WGA-IF0034
IBM Security Access Manager for Web | 8.0 - 8.0.1.6 | IJ01934 | Upgrade to 8.0.1.7:
8.0.1-ISS-WGA-FP0007
IBM Security Access Manager for Mobile | 8.0 - 8.0.1.6 | IJ01937 | Upgrade to 8.0.1.7:
8.0.1-ISS-ISAM-FP0007
IBM Security Access Manager | 9.0 - 9.0.3.1 | IJ01934 | Upgrade to 9.0.4.0:
9.0.4-ISS-ISAM-FP0000

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security access managereq7.0.0
ibm security access managereq8.0.0
ibm security access managereq8.0.0.1
ibm security access managereq8.0.0.2
ibm security access managereq8.0.0.3
ibm security access managereq8.0.0.4
ibm security access managereq8.0.0.5
ibm security access managereq8.0.1
ibm security access managereq8.0.1.2
ibm security access managereq8.0.1.3

Name	Operator	Version
ibm security access manager	eq	7.0.0
ibm security access manager	eq	8.0.0
ibm security access manager	eq	8.0.0.1
ibm security access manager	eq	8.0.0.2
ibm security access manager	eq	8.0.0.3
ibm security access manager	eq	8.0.0.4
ibm security access manager	eq	8.0.0.5
ibm security access manager	eq	8.0.1
ibm security access manager	eq	8.0.1.2
ibm security access manager	eq	8.0.1.3

Rows per page:

1-10 of 441

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for F04E1D72981716138ECFA88F186C8E726517F21454986A22149962A84F4A0A54