Security Bulletin: Potential security vulnerability in IBM Tivoli Monitoring with JAVA® using untrusted Java WebStart applications or Java applets.

Flash (Alert)


This document applies only to the following language version(s):

English

Abstract

IBM Tivoli Monitoring ships and uses a Java Runtime Environment (JRE). This alert addresses several vulnerabilities for the Tivoli Enterprise Portal browser JRE which might allow remote untrusted Java WebStart applications and untrusted Java applets to affect confidentiality, availability and integrity.

Content


VULNERABILITY DETAILS:
If the JRE is used to run Java WebStart applications or Java applets that are not part of the IBM Tivoli Monitoring product, you might be affected by these vulnerabilities. For additional information on each of the CVE’s refer to the “Included CVEs” links below.

CVE ID:

Vendor IBM JRE Level Included CVEs
IBM IBM JRE 1.6 SR10 FP1 CVE-2012-0502
CVE-2012-0503
CVE-2012-0506
CVE-2012-0500
CVE-2012-0505
CVE-2011-5035


For detailed information on all the vulnerabilities addressed in the Oracle February 14 th 2012 CPU, refer to the following link:

IBM Developerworks Java Security Alerts

AFFECTED PRODUCTS AND VERSIONS:
All IBM Tivoli Monitoring versions

REMEDIATION:
The following maintenance has been delivered to remedy the potential vulnerabilities described in this alert.

Fix VRMF APAR Download URL
6.2.3-TIV-ITM-FP0002 6.2.3.0 IV21829 http://www-01.ibm.com/support/docview.wss?uid=swg24032429

Workaround(s ):
We are still investigating workarounds for other IBM Tivoli Monitoring product levels. Refer back to this bulletin frequently for additional information and updates. Until other options are available the current workaround is to upgrade your environment to IBM Tivoli Monitoring 6.2.3 FP02.

Mitigation(s): None

REFERENCES:
RELATED INFORMATION:
CHANGE HISTORY:
  • October 28, 2012 Advisory Flash Created

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Product Alias/Synonym

ITM
TEP

Rate this page:

(0 users)Average rating

Document information


More support for:

Tivoli Monitoring Version 6

Software version:

6.2.3.1

Operating system(s):

Linux, Windows

Reference #:

1616778

Modified date:

2014-10-24

Translate my page

Machine Translation

Content navigation