SB2023070513 - Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023070513

SB2023070513 - Multiple vulnerabilities in IBM Tivoli Network Manager IP Edition

Published: July 5, 2023

Security Bulletin ID SB2023070513
Severity
Low
Patch available
YES
Number of vulnerabilities 8
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 8 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2019-2534)

The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can bypass security restrictions to read potentially sensitive information and modify arbitrary data.

2) Denial of service (CVE-ID: CVE-2019-2529)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

3) Denial of service (CVE-ID: CVE-2019-2482)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

4) Denial of service (CVE-ID: CVE-2019-2455)

The vulnerability allows a remote authenticated attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

5) Security restrictions bypass (CVE-ID: CVE-2019-2503)

The vulnerability allows an adjacent authenticated attacker to bypass security restrictions.

The weakness exists in MySQL Protocol due to unspecified flaw. An adjacent attacker can bypass security restrictions to read potentially sensitive information and cause the service to crash.

6) Denial of service (CVE-ID: CVE-2019-2537)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

7) Denial of service (CVE-ID: CVE-2019-2481)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

8) Denial of service (CVE-ID: CVE-2019-2531)

The vulnerability allows a remote authenticated high-privileged attacker to cause DoS condition.

The weakness exists in MySQL Protocol due to unspecified flaw. A remote attacker can cause the service to crash.

Remediation

Install update from vendor's website.

References