Operating System:

[LINUX]

Published:

22 July 2019

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2019.2710 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2019.2710
        IBM Netcool Agile Service Manager is affected by an Apache
                  Zookeeper vulnerability (CVE-2019-0201)
                               22 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Netcool Agile Service Manager
Publisher:         IBM
Operating System:  Linux variants
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2019-0201  

Reference:         ESB-2019.2665

Original Bulletin: 
   http://www.ibm.com/support/docview.wss?uid=ibm10958553

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM Netcool Agile Service Manager is affected by an Apache Zookeeper
vulnerability (CVE-2019-0201)

Product:             Netcool Agile Service Manager
Software version:    All Versions
Operating system(s): Linux
Reference #:         0958553

Security Bulletin

Summary

IBM Netcool Agile Service Manager has addressed the following vulnerability in
Apache ZooKeeper.

Vulnerability Details

CVEID: CVE-2019-0201
DESCRIPTION: Apache ZooKeeper could allow a remote attacker to obtain sensitive
information, caused by the failure to check permissions by the getACL()
command. By sending a specially-crafted request, a remote attacker could
exploit this vulnerability to obtain sensitive information.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/
161303 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected IBM Netcool Agile Service Manager Affected Versions
IBM Netcool Agile Service Manager          1.1

Remediation/Fixes

IBM Netcool Agile Service     1.1.5  Download IBM Netcool Agile Service Manager
Manager                              1.1.5

Workarounds and Mitigations

None

Change History

9 July 2019: Original version published

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXTUf32aOgq3Tt24GAQiylA//VEjEIBMkixxl5V9Yl22wc42aDkcE3omF
b4auGGXstFdxBxsVM1wLB3HBrutFX3GWXyE7Vnpc75BojmwhgEQy8wcGBRpTZo7H
JiINy/PJKqIeH/k3hANckUcayj+82fshftdhNU2N9gEcTfDNniNnSOSsfH6iNQbX
e5V9cFj/NOm21qUxFXIEdW/Gph8ESwyOk44GPx9LfR2FE088JorXTniCOdWbNzMC
N921Cl/YUp3oDDlQ0BKd1arQ/9bs8bf4YMLbTv2IgIHZtkWZ+0nqyfbYCDino8NF
wLX6Mn1hA3ilpulZSfHcvlK10k1AyAjGoleDHdfYq/vW/Tp/7/pfAzoJEX+nvK+4
a/CXyLB/8H7kJiIggOv08kyCW98ht9h6BOy4YX2r89IRcNpRxgwdnOUAmPLPOXVX
rxII5grrvVTuaGmUvya6SxAwc/lEEYi0RkBANSzywxDti89uSaDnZpjRBj4AFgBV
y8YB20XTo8wFoYCiXh9Xp5g1A26M2lHGIr5SiYAgyMBZREtXsRZexpvzcgMNrrP3
rhvJiRGxdDKDUVfdcQo4mzo7z9NdwuhCJA8BwpzzqBxadVNX/pHTJBdyApdcjBBW
2pDA2CEjhMOkadQsXbwFH30sXM6uRFmizhrFlS2427dzwKnCmNZrP7IKZK+hf8sz
Wj6QO1Js47o=
=vb41
-----END PGP SIGNATURE-----