IBM Support

Potential security vulnerability in WAS affecting Asset and Service Mgmt

Flashes (Alerts)


Abstract

Potential Denial of Service (DoS) security exposure when using Web based applications, such as Asset and Service Management Products, on IBM WebSphere Application Server due to Java HashTable implementation vulnerability (CVE-2012-0193)

Content

Content

VULNERABILITY DETAILS:

CVE ID: CVE-2012-0193



DESCRIPTION:
Customers who have Web based applications are impacted by this vulnerability, which can cause performance or Denial of Service (DoS) issues.

CVSS:


CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/72298 for the current score
CVSS Environmental Score*: Undefined
CVSS String: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

VERSIONS AFFECTED:


The following IBM® WebSphere® Application Server Versions for distributed operating systems, IBM i operating systems, and z/OS operating systems are affected:

· Version 8.0 through 8.0.0.2.

· Version 7.0 through 7.0.0.21

· Version 6.1 through 6.1.0.41

· Version 6.0 through 6.0.2.43


IBM supplied WebSphere Application Server versions with the following:

Maximo Asset Management, Maximo Industry Solutions, and Tivoli Asset Management for IT 6.x bundled WebSphere Application Server 6.0.

Maximo Asset Management, Maximo Industry Solutions, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database 7.1 and 7.2 bundled WebSphere Application Server 6.1.

Maximo Asset Management and Maximo Industry Solutions 7.5 bundled WebSphere Application Server 7.0.

Intelligent Building Management 1.1 bundled WebSphere Application Server 7.0.

TRIRIGA Application Platform 3.2 bundled Websphere Application Server 8.0.


REMEDIATION:


Determine the specific version of WebSphere that you have installed, then go to the WebSphere Security Flash for PM53930 to download the appropriate Interim Fix or a Fix Pack containing this APAR. On this page the various Interim Fixes and Fix Packs are separated by the specific WebSphere version. Locate the version of WebSphere that matches your installed version and click the appropriate link to take you to the download page for the fix.

To Determine your WebSphere Version:

1. Access the Administrative Console for WebSphere. Sign into Console.

2. Locate the Welcome Page contains the WebSphere Application Server Version (in this example the version is 6.1.0.35):




(in this example the version is 6.0.2.43)




(in this example the version is 7.0.0.13)


REFERENCES:
Complete CVSS Guide
On-line Calculator V2
X-Force Vulnerability Database- IBM WebSphere Application Server Java hash data structure denial of service
CVE-2012-0193

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Change History
03 Feb 2012Flash published.

CROSS REFERENCE INFORMATION:

SegmentProductComponent/PlatformVersion
Systems and Asset ManagementMaximo Asset ManagementAll6.2.0 – 6.2.8

7.1.1.0 – 7.1.1.10

7.5.0.0 – 7.5.0.2

Systems and Asset ManagementMaximo Asset Management EssentialsAll7.1.1.0 – 7.1.1.10

7.5.0.0 – 7.5.0.2

Systems and Asset ManagementMaximo Asset Management for Energy OptimizationAll7.1.0.0 – 7.1.1.0
Systems and Asset ManagementMaximo for GovernmentAll6.1.0.0

7.1.0.0

7.5.0.0

Systems and Asset ManagementMaximo for Nuclear PowerAll6.3.0

7.1.0.0 – 7.1.1.0

Systems and Asset ManagementMaximo for TransportationAll6.3.0

7.1.0.0 – 7.1.1.0

7.5.0.0

Systems and Asset ManagementMaximo for Life SciencesAll6.4.0 – 6.5.0

7.1.0.0 – 7.1.2.0

7.5.00

Systems and Asset ManagementMaximo for Oil and GasAll6.3.0 – 6.4.0

7.1.0.0 – 7.1.2.0

7.5.0.0

Systems and Asset ManagementMaximo for UtilitiesAll6.3.0

7.1.0.0 – 7.1.2.0

7.5.0.0

Systems and Asset ManagementTivoli Service Request ManagerAll7.1.0.0 – 7.1.1.10

7.2.0.0 – 7.2.1.3

Systems and Asset ManagementTivoli Asset Management for IT All6.2.0 – 6.2.8

7.1.0.0 – 7.1.1.10

7.2.0.0 – 7.2.2.1

Systems and Asset ManagementChange and Configuration Management DatabaseAll7.1.0.0 – 7.1.1.10

7.2.0.0 – 7.2.1.2

Systems and Asset ManagementIntelligent Building ManagementAll1.1
Systems and Asset ManagementTRIRIGA Application PlatformAll3.2

[{"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1;6.2;6.2.1;6.2.2;6.2.3;6.2.4;6.2.5;6.2.6;6.2.7;6.2.8;7.1;7.1.1;7.1.2;7.2;7.2.1;7.5","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSWK4A","label":"Maximo Asset Management Essentials"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSU3T4","label":"Maximo Asset Management for Energy Optimization"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSMQTP","label":"Maximo for Government"},"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLL8M","label":"Maximo for Nuclear Power"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLL84","label":"Maximo for Life Sciences"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLL9Z","label":"Maximo for Transportation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLL9G","label":"Maximo for Oil and Gas"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLLAM","label":"Maximo for Utilities"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SS6HJK","label":"Tivoli Service Request Manager"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSLKTY","label":"Maximo Asset Management for IT"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSKTXT","label":"Tivoli Change and Configuration Management Database"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSWDVU","label":"IBM TRIRIGA Energy Optimization"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"1.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}},{"Product":{"code":"SSHEB3","label":"IBM TRIRIGA Application Platform"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
25 September 2022

UID

swg21578943

Page Feedback