IBM has acknowledged a weakness and multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms, which can be exploited by malicious, local users to disclose certain sensitive information and gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
The weakness and the vulnerabilities are reported in versions 3.1 through 3.2.2 running on AIX, Linux, Solaris, and Windows.
The weakness and the vulnerabilities are caused due to a bundled vulnerable version of Java.
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of IBM Tivoli System Automation for Multiplatforms which may affect the product.
Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access
Update to version 3.2.2 and apply fix pack 3.2.2-TIV-ITSAMP-FP0006