CVE-2017-10053 Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring

漏洞类别:Local

漏洞等级:

漏洞信息

IBM Tivoli Monitoring automates monitoring of essential system resources to detect bottlenecks and potential problems.

There are several vulnerabilities in IBM SDK Java Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) component :
-An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.:
-A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and elevate its privileges.

AFFECTED PRODUCTS AND VERSIONS:
The following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin:
-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.3.0 Fix Pack 7 (JRE 7)
-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.3.0 Fix Pack 7

QID Detection Logic(Authenticated)
It checks for vulnerable versions of IBM Tivoli Monitoring (ITM)

漏洞危害

Successful exploitation allows remote attackers to take control of the system.:

解决方案

Vendor has released a patch to fix this vulnerability. More information can be obtained from IBM Security Bulletin.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

IBM Security Bulletin: Windows

Leave a Reply