IBM Application Manager For Smart Business Multiple Vulnerabilities
IBM Application Manager For Smart Business 1.x
A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business
Security Bulletin 1640752
Secunia Advisory SA53844
1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Some errors when processing URLs can be exploited to cause an AbEnd (Abnormal End) in an IBM Tivoli Monitoring process.
3) Certain unspecified input is not properly sanitised before being returned to the user.
4) An error during HTTP processing of URLs can be exploited to cause a segmentation fault within KDSMAIN.
5) Some errors within the Tivoli Monitoring internal web server can be exploited to conduct spoofing attacks.
6) An error when processing ClientHello message in the TLS Handshake Protocol can be exploited to crash the daemon.
7) A security issue and two vulnerabilities are caused due to a bundled vulnerable version of the IBM Global Security Toolkit (GSKit).
8) Multiple vulnerabilities are caused due to a bundled vulnerable version of Java.
IBM Application Manager For Smart Business can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.
The vendor has issued a fix: Apply 18.104.22.168-TIV-IAMSB-FP0004.