Flash (Alert)
This document applies only to the following language version(s):
English
Abstract
IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity.
Content
VULNERABILITY DETAILS:
If the JRE is used to run Java WebStart applications or Java applets that are not part of the IBM Tivoli Monitoring product, you might be affected by these vulnerabilities. For additional information on each of the CVE’s refer to the “Included CVEs” links below.
CVE ID:
| Vendor | IBM JRE Level | Included CVEs |
| IBM | IBM JRE 1.6 SR10 FP1 | CVE-2012-0502 CVE-2012-0503 CVE-2012-0506 CVE-2012-0500 CVE-2012-0505 CVE-2011-5035 |
For detailed information on all the vulnerabilities addressed in the Oracle February 14 th 2012 CPU, refer to the following link:
IBM Developerworks Java Security Alerts
AFFECTED PRODUCTS AND VERSIONS:
All IBM Tivoli Monitoring versions
REMEDIATION:
The following maintenance has been delivered to remedy the potential vulnerabilities described in this alert.
| Fix | VRMF | APAR | Download URL |
| 6.2.3-TIV-ITM-FP0002 | 6.2.3.0 | IV21829 | http://www-01.ibm.com/support/docview.wss?uid=swg24032429 |
Workaround(s ):
We are still investigating workarounds for other IBM Tivoli Monitoring product levels. Refer back to this bulletin frequently for additional information and updates. Until other options are available the current workaround is to upgrade your environment to IBM Tivoli Monitoring 6.2.3 FP02.
Mitigation(s): None
REFERENCES:
RELATED INFORMATION:
CHANGE HISTORY:
- October 28, 2012 Advisory Flash Created
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.
Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
Product Alias/Synonym
ITM
TEP
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.