Security Bulletin
Summary
Multiple vulnerabilities had been identified in Oracle Database that is consumed by Tivoli Netcool Perfomance Manager for Wireless. (CVE-2014-4236 and CVE-2014-4245 )
Vulnerability Details
CVE ID: CVE-2014-4236
DESCRIPTION: An unspecified vulnerability in Oracle Database related to the RDBMS Core component has partial confidentiality impact, partial integrity impact, and partial availability impact
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94538 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)"
CVE ID: CVE-2014-4245
Description: An unspecified vulnerability in Oracle Database related to the RDBMS Core component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94540 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)"
Affected Products and Versions
Tivoli Netcool Performance Manager (TNPM) for Wireless version 1.4 and 1.3.2
Remediation/Fixes
There is one solution in the form of fixes that will resolve the issue. The recommended solution is to apply the fix from Oracle. Implement the appropriate solution as soon as practicable. Please refer to Table below for information on available fixes.
| Product | VRMF | APAR | Remediation/First Fix |
| Oracle | 11.2.0.4 | none | Database 11.2.0.4 SPU Patch 18681862 |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Acknowledgement
The vulnerability was reported to IBM by Oracle Critical Patch Update Advisory - July 2014
Change History
23 September 2014: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21685166