SB2024082798 - Multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024082798

SB2024082798 - Multiple vulnerabilities in IBM Tivoli Netcool/OMNIbus Integration – Transport Module Common Integration Library

Published: August 27, 2024

Security Bulletin ID SB2024082798
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2024-28098)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user with produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings.


2) Improper authorization (CVE-ID: CVE-2024-29834)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to improper authorization for namespace and topic management endpoints. A remote authenticated user with produce or consume permissions can perform unauthorized operations on partitioned topics, such as unloading topics, triggering compaction, create subscriptions and update subscription properties on partitioned topics.


Remediation

Install update from vendor's website.

References