Vulnerability Name:

CVE-2011-0732 (CCN-62947)

Assigned:2010-10-22
Published:2010-10-22
Updated:2011-02-02
Summary:Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal (TIP) 1.1.1.1, as used in IBM Tivoli Common Reporting (TCR) 1.2.0 before Interim Fix 9, have unknown impact and attack vectors, related to "security vulnerabilities of Websphere Application Server bundled within" and "many internal defects and APARs."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.7 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-0783

Source: MITRE
Type: CNA
CVE-2011-0732

Source: CCN
Type: SA41722
IBM WebSphere Application Server for z/OS Multiple Vulnerabilities

Source: CCN
Type: SA42136
IBM WebSphere Application Server Administration Console Cross-Site Scripting

Source: CCN
Type: SA43030
IBM Tivoli Common Reporting Unspecified Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
43030

Source: CCN
Type: SECTRACK ID: 1024686
IBM WebSphere Application Server Input Validation Hole in Administrative Console Permits Cross-Site Scripting Attacks

Source: CCN
Type: IBM APAR PM14251
Recommended fixes for WebSphere Application Server

Source: CCN
Type: IBM APAR IY99978
INTEGRATE TIP V1.1.1.11 IN TO TCR

Source: AIXAPAR
Type: UNKNOWN
IY99978

Source: CCN
Type: OSVDB ID: 69007
IBM WebSphere Application Server Administration Console Unspecified XSS (2010-0783)

Source: CCN
Type: OSVDB ID: 72627
IBM Tivoli Integrated Portal (TIP) / Common Reporting (TCR) Multiple Unspecified Issues

Source: CCN
Type: BID-44670
IBM WebSphere Application Server CVE-2010-0783 Unspecified Cross Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
was-admin-cons-xss(62947)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ibm:tivoli_integrated_portal:1.1.1.1:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tivoli_common_reporting:1.2.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:ibm:websphere_application_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:tivoli_continuous_data_protection_for_files:3.1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ibm tivoli integrated portal 1.1.1.1
    ibm tivoli common reporting 1.2.0
    ibm websphere application server 6.1
    ibm websphere application server 7.0
    ibm tivoli continuous data protection for files 3.1.0