IBM Tivoli Application Dependency Discovery Manager Java

by Carol~ Moderator - 4/4/13 12:37 PM

In Reply to: VULNERABILITIES / FIXES - April 04, 2013 by Carol~ Moderator

IBM Tivoli Application Dependency Discovery Manager Java Multiple Vulnerabilities

Release Date: 2013-03-28
Last Update : 2013-04-04

Criticality level : Highly critical
Impact : Security Bypass
Manipulation of data
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status: Vendor Patch

Software: IBM Tivoli Application Dependency Discovery Manager 7.x

Description:
IBM has acknowledged multiple vulnerabilities in IBM Tivoli Application Dependency Discovery Manager, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a user's system.

The application bundles a vulnerable version of Java Runtime Environment.

The vulnerabilities are reported in version 7.2.0.0 through 7.2.1.3.

Solution:
Apply Fix Pack 7.2.1-TIV-ITADDM-FP0004 or update to version 7.2.1.4.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21631786
https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_taddm_vulnerabilities_in_embedded_jre8

http://secunia.com/advisories/52829