SB2023012703 - Multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023012703

SB2023012703 - Multiple vulnerabilities in IBM Tivoli System Automation for Multiplatforms

Published: January 27, 2023

Security Bulletin ID SB2023012703
Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2018-2633)

The vulnerability allows a remote attacker to gain elevated privileges.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit JNDI component. A remote attacker can gain system privileges on the target system.

2) Security restrictions bypass (CVE-ID: CVE-2018-2603)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to a flaw in the Java SE, Java SE Embedded, JRockit Libraries component. A remote attacker can cause partial denial of service conditions.

3) Denial of service (CVE-ID: CVE-2018-2657)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the Java SE, JRockit Serialization component. A remote attacker can cause partial denial of service conditions.

Remediation

Install update from vendor's website.

References