News
Abstract
Security Bulletin: Asset and Service Mgmt Products - Potential security exposure when using JavaTM based applications due to vulnerabilities in Java Software Developer Kits. See Vulnerability Details for CVE IDs.
Content
VULNERABILITY DETAILS:
Customers who have Java based applications, such as Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, SmartCloud Control Desk, Intelligent Building Management, or TRIRIGA for Energy Optimization are potentially impacted by these vulnerabilities, which can cause issues related to confidentiality, integrity, and availability. For additional information including the most current description and CVSS for each vulnerability, please refer to developerWorks JavaTM Technology Security Alerts.
CVE ID | DESCRIPTION |
CVE-2012-1541 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81761 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to Deployment |
CVE-2012-3174 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81200 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors |
CVE-2012-3213 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81769 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting |
CVE-2012-3342 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/78334 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to Deployment |
CVE-2013-0169 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/74380 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets |
CVE-2013-0351 CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81786 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P | Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
CVE-2013-0409 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81793 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX |
CVE-2013-0419 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81783 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
CVE-2013-0422 CVSS Base Score: 9.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81117 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code by (1) using public methods to obtain a reference to a private object, then retrieving arbitrary Class references, and (2) using the Reflection API with recursion in a way that bypasses a security check |
CVE-2013-0423 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81784 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
CVE-2013-0424 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81798 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via vectors related to RMI |
CVE-2013-0425 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81766 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
CVE-2013-0426 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81767 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
CVE-2013-0427 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81795 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
CVE-2013-0428 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81768 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
CVE-2013-0429 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81782 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component in allows remote attackers to affect confidentiality via vectors related to CORBA |
CVE-2013-0431 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81794 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows user-assisted remote attackers to bypass the Java security sandbox via unspecified vectors related to JMX |
CVE-2013-0432 CVSS Base Score: 6.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81788 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to AWT |
CVE-2013-0433 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81797 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Networking |
CVE-2013-0434 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81792 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAXP |
CVE-2013-0435 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81791 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via vectors related to JAX-WS |
CVE-2013-0437 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81753 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
CVE-2013-0438 CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81800 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment |
CVE-2013-0440 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81799 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P | Unspecified vulnerability in the JRE component allows remote attackers to affect availability via vectors related to JSSE |
CVE-2013-0441 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81758 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA |
CVE-2013-0442 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81755 CVSS Environmental Score*: Undefined CVSS Vector: AV:/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT |
CVE-2013-0443 CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81801 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality and integrity via vectors related to JSSE |
CVE-2013-0444 CVSS Base Score: 7.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81781 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C | Unspecified vulnerability in JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans |
CVE-2013-0445 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81756 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT |
CVE-2013-0446 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81762 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
CVE-2013-0449 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81789 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality via unknown vectors related to Deployment |
CVE-2013-0450 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81764 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX |
CVE-2013-0809 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82515 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to execute arbitrary code via unknown vectors |
CVE-2013-1473 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81790 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Deployment |
CVE-2013-1475 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81759 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA |
CVE-2013-1476 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81760 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA |
CVE-2013-1478 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81754 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability, related to JMX |
CVE-2013-1480 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81757 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D |
CVE-2013-1481 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81770 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound |
CVE-2013-1484 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82179 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries |
CVE-2013-1485 CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82180 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N | Unspecified vulnerability in the JRE component allows remote attackers to affect integrity via unknown vectors related to Libraries |
CVE-2013-1486 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82178 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX |
CVE-2013-1487 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82177 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | Unspecified vulnerability in the JRE component allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment |
CVE-2013-1489 CVSS Base Score: 0 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/81802 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:N | Unspecified vulnerability in the JRE component allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user |
CVE-2013-1493 CVSS Base Score: 10 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/82514 CVSS Environmental Score*: Undefined CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C | The color management (CMM) functionality in the 2D component allows remote attackers to execute arbitrary code or cause a denial of service via an image with crafted raster parameters, which triggers an out-of-bounds read or memory corruption in the JVM |
The developerWorks JavaTM Technology Security Alerts includes a link to Oracle's February 2013 Critical Patch Update and March 2013 Security Alert.
VERSIONS AFFECTED:
The following Oracle Java versions, which are not IBM products, are affected:
· Java SE JDK and JRE Version 7 Update 7 and earlier***
· Java SE JDK and JRE Version 6 Update 35 and earlier
· Java SEJDK and JRE Version 5 Update 36 and earlier
· Java SE JDK and JRE Version 1.4.2_38 and earlier
The following IBM Java versions are affected:
· IBM SDK Java Technology Edition Version 7***
· IBM SDK Java Technology Edition Version 6
· IBM SDK Java Technology Edition Version 5
· IBM SDK Java Technology Edition Version 1.4.2
IBM supplied the Java Runtime Environment (JRE) from the IBM SDK Java Technology Edition Versions with the following:
The 6.x versions of Maximo Asset Management, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, Tivoli Asset Management for IT, and Maximo Service Desk bundled the JRE from IBM SDK Java Technology Edition Version 1.4.2.
The 7.1.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java Technology Edition Version 5.
The 7.2.x versions of Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java Technology Edition Version 5.
The 7.5.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, and SmartCloud Control Desk bundled the JRE from IBM SDK Java Technology Edition Version 6.
Intelligent Building Management 1.1.x and TRIRIGA for Energy Optimization 1.2.x bundled the JRE from IBM SDK Java Technology Edition Version 6.
It is likely that earlier versions of affected products are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities.
***Please note that the versions of the IBM products listed above do not bundle JRE Version 7 or IBM SDK Java Technology Edition Version 7; however, JRE Version 7 and IBM SDK Java Technology Edition Version 7 are listed here because JRE Version 7 is relatively prevalent on the browser and therefore can potentially impact access to these IBM product versions.
REMEDIATION:
Fix:
There are two areas where the vulnerabilities in the Java SDK/JDK or JRE may require remediation:
1. Application Server – Update the Websphere Application Server. Refer to JDK Fixes for Websphere Application Server for additional information on updating and maintaining the JDK component within Websphere. Customers with Oracle Weblogic Server, which is not an IBM product and is not shipped by IBM, will also want to update their server.
2. Browser Client - Update the Java plug-in used by the browser on client systems, using the remediated JRE version referenced on developerWorks JavaTM Technology Security Alerts or referenced on Oracle’s latest Critical Patch Update (which can be accessed via developerWorks JavaTM Technology Security Alerts). Updating the browser Java plug-in may impact some applets such as Maximo Asset Management Scheduler. Download from IBM FixCentral the latest Maximo Asset Management Scheduler Interim Fix for Version 7.1 or the latest Maximo Asset Management Fix Pack for Version 7.5, which includes the resolution for APAR IV11560.
Due to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.
Workaround:
Until you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.
Mitigation:
None Known
REFERENCES:
Complete CVSS Guide
On-line Calculator V2
CVE-2012-1541 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81761
CVE-2012-3174 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81200
CVE-2012-3213 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81769
CVE-2012-3342 - https://exchange.xforce.ibmcloud.com/vulnerabilities/78334
CVE-2013-0169 - https://exchange.xforce.ibmcloud.com/vulnerabilities/74380
CVE-2013-0351 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81786
CVE-2013-0409 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81793
CVE-2013-0419 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81783
CVE-2013-0422 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81117
CVE-2013-0423 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81784
CVE-2013-0424 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81798
CVE-2013-0425 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81766
CVE-2013-0426 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81767
CVE-2013-0427 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81795
CVE-2013-0428 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81768
CVE-2013-0429 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81782
CVE-2013-0431 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81794
CVE-2013-0432 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81788
CVE-2013-0433 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81797
CVE-2013-0434 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81792
CVE-2013-0435 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81791
CVE-2013-0437 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81753
CVE-2013-0438 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81800
CVE-2013-0440 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81799
CVE-2013-0441 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81758
CVE-2013-0442 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81755
CVE-2013-0443 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81801
CVE-2013-0444 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81781
CVE-2013-0445 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81756
CVE-2013-0446 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81762
CVE-2013-0449 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81789
CVE-2013-0450 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81764
CVE-2013-0809 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82515
CVE-2013-1473 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81790
CVE-2013-1475 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81759
CVE-2013-1476 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81760
CVE-2013-1478 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81754
CVE-2013-1480 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81757
CVE-2013-1481 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81770
CVE-2013-1484 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82179
CVE-2013-1485 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82180
CVE-2013-1486 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82178
CVE-2013-1487 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82177
CVE-2013-1489 - https://exchange.xforce.ibmcloud.com/vulnerabilities/81802
CVE-2013-1493 - https://exchange.xforce.ibmcloud.com/vulnerabilities/82514
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Change History | |
2 Apr 2013 | Flash published |
CROSS REFERENCE INFORMATION:
Segment | Product | Component/Platform | Version |
Systems and Asset Management | Maximo Asset Management | All | 6.2.0 – 6.2.8 7.1.1.0 – 7.1.1.10 7.5.0.0 – 7.5.0.3 |
Systems and Asset Management | Maximo Asset Management Essentials | All | 7.1.1.0 – 7.1.1.10 7.5.0.0 – 7.5.0.3 |
Systems and Asset Management | Maximo Asset Management for Energy Optimization | All | 7.1.0.0 – 7.1.1.0 |
Systems and Asset Management | Maximo for Government | All | 6.1.0.0 7.1.0.0 |
Systems and Asset Management | Maximo for Nuclear Power | All | 6.3.0 7.1.0.0 – 7.1.1.0 7.5.0.0 – 7.5.1.0 |
Systems and Asset Management | Maximo for Transportation | All | 6.3.0 7.1.0.0 – 7.1.1.0 7.5.0.0 |
Systems and Asset Management | Maximo for Life Sciences | All | 6.4.0 – 6.5.0 7.1.0.0 – 7.1.2.0 7.5.0.0 |
Systems and Asset Management | Maximo for Oil and Gas | All | 6.3.0 – 6.4.0 7.1.0.0 – 7.1.2.0 7.5.0.0 – 7.5.1.0 |
Systems and Asset Management | Maximo for Utilities | All | 6.3.0 7.1.0.0 – 7.1.2.0 7.5.0.0 |
Systems and Asset Management | Tivoli Service Request Manager Maximo Service Desk | All | 7.1.0.0 – 7.1.1.10 7.2.0.0 – 7.2.1.3 6.2.0 – 6.2.8 |
Systems and Asset Management | Tivoli Asset Management for IT | All | 6.2.0 – 6.2.8 7.1.0.0 – 7.1.1.10 7.2.0.0 – 7.2.2.1 |
Systems and Asset Management | Change and Configuration Management Database | All | 7.1.0.0 – 7.1.1.10 7.2.0.0 – 7.2.1.2 |
Systems and Asset Management | Intelligent Building Management | All | 1.1.0.0 |
Systems and Asset Management | TRIRIGA for Energy Optimization | All | 1.2.0.0 |
Systems and Asset Management | SmartCloud Control Desk | All | 7.5.0.0 – 7.5.1.0 |
Was this topic helpful?
Document Information
Modified date:
25 September 2022
UID
swg21633170