Security Vulnerabilities addressed in IBM Tivoli Netcool Performance Manager (CVE-2012-2159, CVE-2012-2161)

Flash (Alert)


Abstract

IBM Eclipse Help System cross-site scripting exploit

Content

Persistent and Reflected Cross-Site Scripting

The web application prints user input unfiltered. This leads to a cross-site scripting vulnerabilities when using Help subsystem.


CVEID: CVE-2012-2159
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74832 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2012-2161
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/74833 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

AFFECTED PRODUCTS AND VERSIONS:
Tivoli Netcool Performance Manager (TNPM) 1.3.1
Tivoli Netcool Performance Manager (TNPM) 1.3.2


REMEDIATION:
Upgrade to TIP 2.2.0.9

Workaround(s):

TNPM 1.3.2 is running on TIP 2.2. Download TIP patch 2.2.0.9 from Fix Central and follow instruction to apply IFIX 2.2.0.9.

TNPM 1.3.1 – is running on TIP 2.1. Upgrade to TIP 2.2 and apply TIP patch 2.2.0.9.
Refer to Techonte http://www.ibm.com/support/docview.wss?uid=swg21613802



Mitigation(s):
None

REFERENCES:
· Complete CVSS Guide (http://www.first.org/cvss/cvss-guide.html)
· On-line Calculator V2 (http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2)
· CVE-2012-2159 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2159)
· CVE-2012-2161(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2161)
· X-Force Vulnerability Database http://xforce.iss.net/xforce/xfdb/74832
· X-Force Vulnerability Database http://xforce.iss.net/xforce/xfdb/74833


RELATED INFORMATION:
IBM Secure Engineering Web Portal
(https://www-304.ibm.com/jct03001c/security/secure-engineering/)
IBM Product Security Incident Response Blog
(https://www-304.ibm.com/connections/blogs/PSIRT/?lang=en_us)

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

Tivoli Netcool Performance Manager
IBM Tivoli Netcool Performance Manager (TNPM Wireline) Platform

Software version:

1.3.1, 1.3.2

Operating system(s):

AIX, Linux, Solaris

Software edition:

All Editions

Reference #:

1632748

Modified date:

2013-03-28

Translate my page

Machine Translation

Content navigation