You are here

V-180: IBM Application Manager For Smart Business Multiple Vulnerabilities

June 18, 2013 - 12:38am

Addthis

PROBLEM:

IBM Application Manager For Smart Business Multiple Vulnerabilities

PLATFORM:

IBM Application Manager For Smart Business 1.x

ABSTRACT:

A security issue and multiple vulnerabilities have been reported in IBM Application Manager For Smart Business

REFERENCE LINKS:

Security Bulletin  1640752
Secunia Advisory  SA53844
CVE-2012-1531
CVE-2012-1532
CVE-2012-1533
CVE-2012-2190
CVE-2012-2191
CVE-2012-2203
CVE-2012-3143
CVE-2012-3159
CVE-2012-3216
CVE-2012-4820
CVE-2012-4821
CVE-2012-4822
CVE-2012-4823
CVE-2012-5068
CVE-2012-5069
CVE-2012-5071
CVE-2012-5072
CVE-2012-5073
CVE-2012-5075
CVE-2012-5079
CVE-2012-5083
CVE-2012-5084
CVE-2012-5089
CVE-2013-0548
CVE-2013-0551
CVE-2013-0576
CVE-2013-2960
CVE-2013-2961

IMPACT ASSESSMENT:

Medium

DISCUSSION:

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Some errors when processing URLs can be exploited to cause an AbEnd (Abnormal End) in an IBM Tivoli Monitoring process.

3) Certain unspecified input is not properly sanitised before being returned to the user.

4) An error during HTTP processing of URLs can be exploited to cause a segmentation fault within KDSMAIN.

5) Some errors within the Tivoli Monitoring internal web server can be exploited to conduct spoofing attacks.

6) An error when processing ClientHello message in the TLS Handshake Protocol can be exploited to crash the daemon.

7) A security issue and two vulnerabilities are caused due to a bundled vulnerable version of the IBM Global Security Toolkit (GSKit).

8) Multiple vulnerabilities are caused due to a bundled vulnerable version of Java.

IMPACT:

IBM Application Manager For Smart Business can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.

SOLUTION:

The vendor has issued a fix: Apply 1.2.1.0-TIV-IAMSB-FP0004.

Addthis