Lucene search

IBMF8D38F253CDDCEE1D36B70A8D6E86D7A81E6FEF2D4A7AE27D1B2C786F03CC7C7

HistoryJul 28, 2022 - 6:16 a.m.

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2018-25031, CVE-2021-46708)

2022-07-2806:16:09

www.ibm.com

ibm websphere application server liberty

ibm tivoli netcool impact

remote attacks

spoofing

click hijacking

swagger-ui

npm swagger-ui-dist

cve-2018-25031

cve-2021-46708

upgrade

mitigation

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

71.9%

JSON

Summary

IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2018-25031
**DESCRIPTION:**swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217346 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

CVEID:CVE-2021-46708
**DESCRIPTION:**npm swagger-ui-dist could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217359 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Tivoli Netcool Impact	7.1.0

Remediation/Fixes

Product	VRMF	APAR	Remediation
IBM Tivoli Netcool Impact 7.1.0	7.1.0.26	IJ38189	Upgrade to IBM Tivoli Netcool Impact 7.1.0 FP26

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmtivoli_netcool\/impactMatch7.1.0

VendorProductVersionCPE
ibmtivoli_netcool\/impact7.1.0cpe:2.3:a:ibm:tivoli_netcool\/impact:7.1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	tivoli_netcool\/impact	7.1.0	cpe:2.3:a:ibm:tivoli_netcool\/impact:7.1.0:::::::*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

71.9%

JSON

Related for F8D38F253CDDCEE1D36B70A8D6E86D7A81E6FEF2D4A7AE27D1B2C786F03CC7C7