You are here

V-122: IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

March 29, 2013 - 6:00am

Addthis

PROBLEM:

IBM has acknowledged multiple vulnerabilities in IBM Tivoli Application Dependency Discovery Manager

PLATFORM:

The vulnerabilities are reported in version 7.2.0.0 through 7.2.1.3

ABSTRACT:

Multiple security vulnerabilities exist in the Java Runtime Environments (JREs) that can affect the security of IBM Tivoli Application Dependency Discovery Manager.

REFERENCE LINKS:

Secunia Advisory SA52829
IBM Security Bulletin 1631786
 CVE-2012-1531
CVE-2012-3143
CVE-2012-3216
CVE-2012-4820
CVE-2012-4822
CVE-2012-5069
CVE-2012-5071
CVE-2012-5073
CVE-2012-5075
CVE-2012-5079
CVE-2012-5081
CVE-2012-5083
CVE-2012-5084
CVE-2012-5089
CVE-2013-1475

IMPACT ASSESSMENT:

High

DISCUSSION:

These vulnerabilities can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

The application bundles a vulnerable version of Java Runtime Environment.

IMPACT:

Security Bypass
Manipulation of data
Exposure of sensitive information
DoS
System access

SOLUTION:

The vendor recommends Apply Fix Pack 7.2.1-TIV-ITADDM-FP0004 or update to version 7.2.1.4

Addthis