SB2023062919 - Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Main Vulnerability Database SB2023062919

SB2023062919 - Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Published: June 29, 2023

Security Bulletin ID SB2023062919

Severity

Low

Patch available

YES

Number of vulnerabilities 30

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 30 secuirty vulnerabilities.

1) Security restrictions bypass (CVE-ID: CVE-2018-2839)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

2) Security restrictions bypass (CVE-ID: CVE-2018-2761)

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

3) Security restrictions bypass (CVE-ID: CVE-2018-2782)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

4) Security restrictions bypass (CVE-ID: CVE-2018-2784)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

5) Security restrictions bypass (CVE-ID: CVE-2018-2762)

The vulnerability allows a local authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can cause the service to crash.

6) Security restrictions bypass (CVE-ID: CVE-2018-2781)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

7) Security restrictions bypass (CVE-ID: CVE-2018-2780)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

8) Security restrictions bypass (CVE-ID: CVE-2018-2805)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

9) Security restrictions bypass (CVE-ID: CVE-2018-2769)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

10) Security restrictions bypass (CVE-ID: CVE-2018-2846)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

11) Security restrictions bypass (CVE-ID: CVE-2018-2787)

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

12) Security restrictions bypass (CVE-ID: CVE-2018-2786)

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

13) Security restrictions bypass (CVE-ID: CVE-2018-2766)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

14) Security restrictions bypass (CVE-ID: CVE-2018-2771)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

15) Security restrictions bypass (CVE-ID: CVE-2018-2773)

The vulnerability allows a local authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A local attacker can cause the service to crash.

16) Security restrictions bypass (CVE-ID: CVE-2018-2817)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

17) Security restrictions bypass (CVE-ID: CVE-2018-2776)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

18) Security restrictions bypass (CVE-ID: CVE-2018-2810)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

19) Security restrictions bypass (CVE-ID: CVE-2018-2777)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

20) Security restrictions bypass (CVE-ID: CVE-2018-2778)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

21) Security restrictions bypass (CVE-ID: CVE-2018-2877)

The vulnerability allows a local authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Cluster component of Oracle MySQL due to improper security restrictions. A local attacker can cause the service to crash.

22) Security restrictions bypass (CVE-ID: CVE-2018-2775)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

23) Security restrictions bypass (CVE-ID: CVE-2018-2759)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

24) Security restrictions bypass (CVE-ID: CVE-2018-2816)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

25) Security restrictions bypass (CVE-ID: CVE-2018-2812)

The vulnerability allows a remote authenticated attacker to write arbitrary files and cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can update, insert or delete some of MySQL Server accessible data and cause the service to crash.

26) Security restrictions bypass (CVE-ID: CVE-2018-2779)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

27) Security restrictions bypass (CVE-ID: CVE-2018-2813)

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can gain unauthorized read access to a subset of MySQL Server accessible data.

28) Security restrictions bypass (CVE-ID: CVE-2018-2758)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

29) Security restrictions bypass (CVE-ID: CVE-2018-2818)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

30) Security restrictions bypass (CVE-ID: CVE-2018-2819)

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the MySQL Server component of Oracle MySQL due to improper security restrictions. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

References

https://www.ibm.com/support/pages/node/712199