Mathijs Schmittmann

**Name of the Vulnerable Software and Affected Versions** IBM Tivoli Monitoring (ITM) versions 6.2.2 through 6.2.2 FP8 IBM Tivoli Monitoring (ITM) versions 6.2.3 through 6.2.3 FP4 IBM Tivoli Monitoring (ITM) versions 6.3.0 through 6.3.0 FP1 **Description** A stack-based buffer overflow issue exists in the ax Shared Libraries component of the Agent in IBM Tivoli Monitoring. This issue allows local users to potentially gain privileges via unspecified vectors. **Recommendations** For IBM Tivoli Monitoring (ITM) versions 6.2.2 through 6.2.2 FP8, update to FP9 or later. For IBM Tivoli Monitoring (ITM) versions 6.2.3 through 6.2.3 FP4, update to FP5 or later. For IBM Tivoli Monitoring (ITM) versions 6.3.0 through 6.3.0 FP1, update to FP2 or later.

**Name of the Vulnerable Software and Affected Versions** Apache CloudStack versions 4.0.0 through 4.0.2 Citrix CloudPlatform (formerly Citrix CloudStack) versions 3.0.x through 3.0.6 **Description** The issue makes it easier for remote attackers to guess the console access URL via a brute force attack because it uses a hash of a predictable sequence. **Recommendations** For Apache CloudStack versions 4.0.0 through 4.0.2, update to version 4.0.2 or later. For Citrix CloudPlatform (formerly Citrix CloudStack) versions 3.0.x through 3.0.6, apply Patch C.