IBM Support

Security Bulletin: Multiple vulnerabilities had been identified in Oracle Database related to the RDBMS Core component. (CVE-2014-4236 and CVE-2014-4245)

Created by Siew Jiuan Chow on
Published URL:
https://www.ibm.com/support/pages/node/251591
251591

Security Bulletin


Summary

Multiple vulnerabilities had been identified in Oracle Database that is consumed by Tivoli Netcool Perfomance Manager for Wireless. (CVE-2014-4236 and CVE-2014-4245 )

Vulnerability Details

CVE ID: CVE-2014-4236

DESCRIPTION: An unspecified vulnerability in Oracle Database related to the RDBMS Core component has partial confidentiality impact, partial integrity impact, and partial availability impact
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94538 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)"

CVE ID: CVE-2014-4245

Description: An unspecified vulnerability in Oracle Database related to the RDBMS Core component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 3.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94540 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N)"

Affected Products and Versions

Tivoli Netcool Performance Manager (TNPM) for Wireless version 1.4 and 1.3.2

Remediation/Fixes

There is one solution in the form of fixes that will resolve the issue. The recommended solution is to apply the fix from Oracle. Implement the appropriate solution as soon as practicable. Please refer to Table below for information on available fixes.

ProductVRMFAPARRemediation/First Fix
Oracle11.2.0.4noneDatabase 11.2.0.4 SPU Patch 18681862

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

The vulnerability was reported to IBM by Oracle Critical Patch Update Advisory - July 2014

Change History

23 September 2014: Original version published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSBNJ7","label":"IBM Netcool Performance Manager"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"IBM Tivoli Netcool Performance Manager (TNPM Wireless) Platform","Platform":[{"code":"PF027","label":"Solaris"},{"code":"PF016","label":"Linux"},{"code":"PF002","label":"AIX"}],"Version":"1.3.2;1.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21685166