Security Bulletin
Summary
Privilege escalation vulnerability in the IBM Tivoli Composite Application Manager Agent for Sybase ASE could be exploited by a local user to gain elevated privilege of another user.
Vulnerability Details
CVEID: CVE-2013-5467
Description: Privilege escalation vulnerability could be exploited by a local user to gain elevated privilege of another user.
CVSS Base Score: 6.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88370 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Affected Products and Versions
IBM Tivoli Composite Application Manager for Applications V7.2: Tivoli Composite Application Manager Agent for Sybase ASE 6.2.
Remediation/Fixes
The following are the fixes for Monitoring Agent for Sybase ASE:
| Fix | VRMF | How to acquire fix |
| 6.2.0-TIV-ITM_SYB-FP0001 | 6.2.0 | http://www-01.ibm.com/support/docview.wss?uid=swg24042781 |
The fix is bundled with IBM Tivoli Composite Application Manager for Applications V7.2.1.2.
Workarounds and Mitigations
Contact IBM Support for options.
Get Notified about Future Security Bulletins
References
Acknowledgement
The vulnerability was reported to IBM by Mathijs Schmittmann.
Change History
25 July 2017: Original Copy Published.
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Product Synonym
ITCAM for Applications Sybase agent;Sybase agent
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg22006414