SB2022070611 - Multiple vulnerabilities in IBM Tivoli Network Manager
Published: July 6, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-10693)
The vulnerability allows a remote attacker to modify files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when handling user-controlled data in error messages. A remote attacker can bypass input sanitation (escaping, stripping) controls.
2) Improper input validation (CVE-ID: CVE-2019-10219)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Web Services (JBoss Enterprise Application Platform) component in Oracle WebLogic Server. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-hibernate-validator-version-6-1-2-final-ibm-tivoli-network-manager-is-vulnerable-which-allows-attackers-to-bypass-input-sanitation-escaping-stripping-controlscve/"
- https://www.ibm.com/blogs/psirt/security-bulletin-due-to-use-of-hibernate-validator-version-6-1-2-final-ibm-tivoli-network-manager-is-vulnerable-which-allows-attackers-to-bypass-input-sanitation-escaping-stripping-controlscve/</a><br><a
- https://www.ibm.com/support/pages/node/6601111"
- https://www.ibm.com/support/pages/node/6601111</a><br><br><br></p>