SB2023012616 - Multiple vulnerabilities in IBM Tivoli System Automation Application Manager
Published: January 26, 2023
Security Bulletin ID
SB2023012616
Severity
Low
Patch available
YES
Number of vulnerabilities
5
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2018-2633)
The vulnerability allows a remote attacker to gain elevated privileges.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can gain system privileges on the target system.
2) Security restrictions bypass (CVE-ID: CVE-2018-2603)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.
3) Denial of service (CVE-ID: CVE-2018-2657)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to a flaw in the Java SE, JRockit Serialization component. A remote attacker can cause partial denial of service conditions.
4) Security restrictions bypass (CVE-ID: CVE-2018-2637)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JMX component. A remote attacker can access and modify data.
5) Security restrictions bypass (CVE-ID: CVE-2018-2602)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to a flaw in the Java SE, Java SE Embedded I18n component. A local attacker can partially access data, partially modify data, and partially deny service.
Remediation
Install update from vendor's website.