You are here

V-132: IBM Tivoli System Automation Application Manager Multiple Vulnerabilities

April 12, 2013 - 6:00am

Addthis

PROBLEM:

IBM has acknowledged multiple vulnerabilities in IBM Tivoli System Automation Application Manager

PLATFORM:

The vulnerabilities are reported in IBM Tivoli System Automation Application Manager versions 3.1, 3.2, 3.2.1, and 3.2.2

ABSTRACT:

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation Application Manager which may affect the product

REFERENCE LINKS:

Secunia Advisory: SA53006
IBM Security Bulletin 21633991
IBM Security Bulletin 21633992
CVE-2011-3563
CVE-2012-0497
CVE-2012-0498
CVE-2012-0499
CVE-2012-0501
CVE-2012-0502
CVE-2012-0503
CVE-2012-0505
CVE-2012-0506
CVE-2012-0507
CVE-2012-1713
CVE-2012-1716
CVE-2012-1717
CVE-2012-1718
CVE-2012-1719
CVE-2012-1720
CVE-2012-1721
CVE-2012-1722
CVE-2012-1725
CVE-2012-3325

IMPACT ASSESSMENT:

High

DISCUSSION:

There are multiple security vulnerabilities in the IBM Java Runtime Environment component, and all are applicable to IBM JRE 5.0. The IBM Tivoli System  Automation Application Manager includes an IBM Java Runtime Environment on platforms other than AIX

There is a potential security exposure with IBM WebSphere Application Server that may affect IBM Tivoli System Automation Application Manager

IMPACT:

Security Bypass
Cross Site Scripting
Spoofing
Manipulation of data
Exposure of sensitive information
DoS
System access

SOLUTION:

Update to version 3.2.2.1

Addthis