You are here

V-205: IBM Tivoli System Automation for Multiplatforms Java Multiple Vulnerabilities

July 29, 2013 - 4:20am

Addthis

PROBLEM:

IBM has acknowledged a weakness and multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.

PLATFORM:

The weakness and the vulnerabilities are reported in versions 3.1 through 3.2.2 running on AIX, Linux, Solaris, and Windows.

ABSTRACT:

The weakness and the vulnerabilities are caused due to a bundled vulnerable version of Java.

REFERENCE LINKS:
CVE-2012-1541

CVE-2013-0169

http://secunia.com/advisories/53347/

IMPACT ASSESSMENT:

High

DISCUSSION:

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation for Multiplatforms which may affect the product.
 

IMPACT:

Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access

SOLUTION:
Update to version 3.2.2 and apply fix pack 3.2.2-TIV-ITSAMP-FP0006

Addthis