Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
aixCentOS ProjectJAVA_ADVISORY.ASC
HistoryDec 11, 2013 - 10:53 a.m.

Multiple Java vulnerabilities

2013-12-1110:53:34
CentOS Project
aix.software.ibm.com
45

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.143 Low

EPSS

Percentile

95.7%

JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

IBM SECURITY ADVISORY

First Issued: Wed Dec 11 10:53:34 CST 2013
| Updated: Mon Feb 3 10:36:58 CST 2014
| Updated: Sections II and III modifications
| Updated: Includes VIOS

The most recent version of this document is available here:

https://aix.software.ibm.com/aix/efixes/security/java_advisory.asc
ftp://aix.software.ibm.com/aix/efixes/security/java_advisory.asc

===============================================================================
VULNERABILITY SUMMARY

VULNERABILITY: Multiple vulnerabilities in current releases of the IBM� SDK,
Java Technology Edition.

PLATFORMS: PowerSC and AIX 5.3, 6.1 and 7.1.
| VIOS 2.2.x

SOLUTION: Apply the fix as described below.

THREAT: Varies threats described below.

CERT VU Number: n/a
CVE Numbers: CVE-2013-5456 CVE-2013-5457 CVE-2013-5458 CVE-2013-4041
CVE-2013-5375 CVE-2013-5372 CVE-2013-5843 CVE-2013-5789
CVE-2013-5830 CVE-2013-5829 CVE-2013-5787 CVE-2013-5788
CVE-2013-5824 CVE-2013-5842 CVE-2013-5782 CVE-2013-5817
CVE-2013-5809 CVE-2013-5814 CVE-2013-5832 CVE-2013-5850
CVE-2013-5838 CVE-2013-5802 CVE-2013-5812 CVE-2013-5804
CVE-2013-5783 CVE-2013-3829 CVE-2013-5823 CVE-2013-5831
CVE-2013-5820 CVE-2013-5819 CVE-2013-5818 CVE-2013-5848
CVE-2013-5776 CVE-2013-5774 CVE-2013-5825 CVE-2013-5840
CVE-2013-5801 CVE-2013-5778 CVE-2013-5851 CVE-2013-5800
CVE-2013-5784 CVE-2013-5849 CVE-2013-5790 CVE-2013-5780
CVE-2013-5797 CVE-2013-5803 CVE-2013-5772

|Reboot required? NO
|Workarounds? NO

===============================================================================
DETAILED INFORMATION

I. DESCRIPTION

There are a number of vulnerabilities in the IBM SDK, Java Technology
Edition that affect various components. CVE-2013-5456, CVE-2013-5457 and
CVE-2013-5458 allow code running under a security manager to escalate its
privileges by modifying or removing the security manager. CVE-2013-4041 
and CVE-2013-5375 allow code running under a security manager to access 
restricted classes. These vulnerabilities could occur when untrusted code 
is executed under a security manager, or when the IBM SDK, Java Technology
Edition has been associated with a web browser for running applets and Web
Start applications.

CVE-2013-5372 is a denial of service vulnerability which could result in a 
complete availability impact on the affected system.

This bulletin also covers all applicable CVEs published by Oracle as part 
of their October 2013 Java SE Critical Patch Update. For more information 
please refer to Oracle's October 2013 Java SE CPU Advisory.

II. CVSS

CVEID: CVE-2013-5456
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88255 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-5457
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88256 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-5458
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88257 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2013-4041
CVSS Base Score: 6.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86416 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2013-5375
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86901 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2013-5372
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/86662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVEID: CVE-2013-5843
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87971 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5789
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87968 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5830
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87961 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5829
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87963 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5787
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87967 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5788
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87966 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5824
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87965 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5842
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87970 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5782
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87960 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5817
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87969 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5809
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87962 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5814
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87964 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5832
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87972 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5850
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87973 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5838
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87974 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5802
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87982 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

CVEID: CVE-2013-5812
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87985 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/P)

CVEID: CVE-2013-5804
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87984 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)

CVEID: CVE-2013-5783
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87987 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)

CVEID: CVE-2013-3829
CVSS Base Score: 6.4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87986 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/N)

CVEID: CVE-2013-5823
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87989 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

CVEID: CVE-2013-5831
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87995 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5820
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87996 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5819
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87994 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5818
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87993 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5848
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88000 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5776
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87992 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5774
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87999 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5825
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87988 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

CVEID: CVE-2013-5840
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87998 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5801
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87991 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5778
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87990 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5851
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/87997 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5800
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88002 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5784
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88005 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/N:I/P:A/N)

CVEID: CVE-2013-5849
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88003 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5790
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88004 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5780
CVSS Base Score: 4.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88001 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5797
CVSS Base Score: 3.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88006 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/S:C/N:I/P:A/N)

CVEID: CVE-2013-5803
CVSS Base Score: 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88008 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/N:A/P)

CVEID: CVE-2013-5772
CVSS Base Score: 2.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/88007 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/P:A/N)

| III. PLATFORM VULNERABILITY ASSESSMENT

| To determine if your system is vulnerable, run the following commands for the Java version
| on your system:

| # lslpp -l | grep Java | grep sdk
| # lslpp -l | grep Java | grep jre

| The following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:
| For Java5: Less than 5.0.0.560
| For Java6: Less than 6.0.0.435
| For Java7: Less than 7.0.0.110

| Java7 Release 1: 7.1.0.000 is NOT vulnerable

IV. FIXES

AFFECTED PRODUCTS AND VERSIONS:
AIX 5.3
AIX 6.1
AIX 7.1
PowerSC

| VIOS 2.2.x

REMEDIATION:
IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 4 and later
32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j5b&S_TACT=105AGX05&S_CMP=JDK
64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j5b&S_TACT=105AGX05&S_CMP=JDK

IBM SDK, Java Technology Edition, Version 6 Service Refresh 15 and later
32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j6b&S_TACT=105AGX05&S_CMP=JDK
64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j6b&S_TACT=105AGX05&S_CMP=JDK

IBM SDK, Java Technology Edition, Version 7 Service Refresh 6 and later
32-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix32j7b&S_TACT=105AGX05&S_CMP=JDK
64-bit: https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=dka&S_PKG=aix64j7b&S_TACT=105AGX05&S_CMP=JDK

To learn more about AIX support levels and Java service releases, see the following:
http://www.ibm.com/developerworks/java/jdk/aix/service.html#levels

V. WORKAROUNDS

None

VI. CONTACT INFORMATION

If you would like to receive AIX Security Advisories via email,
please visit:

     http://www14.software.ibm.com/webapp/set2/subscriptions/onvdq 

Comments regarding the content of this announcement can be
directed to:

    [email protected]

To request the PGP public key that can be used to communicate
securely with the AIX Security Team you can either:

    A. Send an email with "get key" in the subject line to:

        [email protected]

    B. Download the key from a PGP Public Key Server. The key ID is:

        0x28BFAA12

Please contact your local IBM AIX support center for any
assistance.

eServer is a trademark of International Business Machines
Corporation.  IBM, AIX and pSeries are registered trademarks of
International Business Machines Corporation.  All other trademarks
are property of their respective holders.

VII. REFERENCES:

Complete CVSS Guide: http://www.first.org/cvss/cvss-guide.html
On-line Calculator V2: http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2
CVE-2013-5456: https://vulners.com/cve/CVE-2013-5456
CVE-2013-5457: https://vulners.com/cve/CVE-2013-5457
CVE-2013-5458: https://vulners.com/cve/CVE-2013-5458 
CVE-2013-4041: https://vulners.com/cve/CVE-2013-4041 
CVE-2013-5375: https://vulners.com/cve/CVE-2013-5375
CVE-2013-5372: https://vulners.com/cve/CVE-2013-5372
CVE-2013-5843: https://vulners.com/cve/CVE-2013-5843
CVE-2013-5789: https://vulners.com/cve/CVE-2013-5789
CVE-2013-5830: https://vulners.com/cve/CVE-2013-5830
CVE-2013-5829: https://vulners.com/cve/CVE-2013-5829 
CVE-2013-5787: https://vulners.com/cve/CVE-2013-5787
CVE-2013-5788: https://vulners.com/cve/CVE-2013-5788
CVE-2013-5824: https://vulners.com/cve/CVE-2013-5824
CVE-2013-5842: https://vulners.com/cve/CVE-2013-5842
CVE-2013-5782: https://vulners.com/cve/CVE-2013-5782
CVE-2013-5817: https://vulners.com/cve/CVE-2013-5817
CVE-2013-5809: https://vulners.com/cve/CVE-2013-5809
CVE-2013-5814: https://vulners.com/cve/CVE-2013-5814
CVE-2013-5832: https://vulners.com/cve/CVE-2013-5832
CVE-2013-5850: https://vulners.com/cve/CVE-2013-5850
CVE-2013-5838: https://vulners.com/cve/CVE-2013-5838
CVE-2013-5802: https://vulners.com/cve/CVE-2013-5802
CVE-2013-5812: https://vulners.com/cve/CVE-2013-5812
CVE-2013-5804: https://vulners.com/cve/CVE-2013-5804
CVE-2013-5783: https://vulners.com/cve/CVE-2013-5783
CVE-2013-3829: https://vulners.com/cve/CVE-2013-3829
CVE-2013-5823: https://vulners.com/cve/CVE-2013-5823
CVE-2013-5831: https://vulners.com/cve/CVE-2013-5831
CVE-2013-5820: https://vulners.com/cve/CVE-2013-5820
CVE-2013-5819: https://vulners.com/cve/CVE-2013-5819
CVE-2013-5818: https://vulners.com/cve/CVE-2013-5818
CVE-2013-5848: https://vulners.com/cve/CVE-2013-5848
CVE-2013-5776: https://vulners.com/cve/CVE-2013-5776
CVE-2013-5774: https://vulners.com/cve/CVE-2013-5774
CVE-2013-5825: https://vulners.com/cve/CVE-2013-5825
CVE-2013-5840: https://vulners.com/cve/CVE-2013-5840
CVE-2013-5801: https://vulners.com/cve/CVE-2013-5801
CVE-2013-5778: https://vulners.com/cve/CVE-2013-5778
CVE-2013-5851: https://vulners.com/cve/CVE-2013-5851
CVE-2013-5800: https://vulners.com/cve/CVE-2013-5800
CVE-2013-5784: https://vulners.com/cve/CVE-2013-5784
CVE-2013-5849: https://vulners.com/cve/CVE-2013-5849
CVE-2013-5790: https://vulners.com/cve/CVE-2013-5790
CVE-2013-5780: https://vulners.com/cve/CVE-2013-5780
CVE-2013-5797: https://vulners.com/cve/CVE-2013-5797
CVE-2013-5803: https://vulners.com/cve/CVE-2013-5803
CVE-2013-5772: https://vulners.com/cve/CVE-2013-5772

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the links
in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams
(FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry
open standard designed to convey vulnerability severity and help to
determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES
"AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE
RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY
VULNERABILITY.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (AIX)

iEYEARECAAYFAlLvxe4ACgkQ4fmd+Ci/qhIyJwCghirbKIbzL2db7Xa9FO8OqgQE
6OsAni19Xm6ZmA0RHMjPG46p/4wk8p8D
=rWHF
-----END PGP SIGNATURE-----

Related

nessus 38
redhat 9
suse 5
ibm 28
veracode 16
f5 5
centos 3
openvas 29
oraclelinux 3
mageia 2
amazon 2
ubuntu 2
prion 19
ubuntucve 17
cve 18
threatpost 1
securityvulns 1
oracle 1
nessus
nessus
SuSE 11.2 / 11.3 Security Update : IBM Java 7 (SAT Patch Numbers 8565 / 8566)
2013-11-21 00:00:00
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2013:1508)
2013-11-08 00:00:00
RHEL 5 / 6 : java-1.7.0-ibm (RHSA-2013:1507)
2013-11-08 00:00:00
redhat
redhat
(RHSA-2013:1507) Critical: java-1.7.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1508) Critical: java-1.6.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1509) Important: java-1.5.0-ibm security update
2013-11-07 00:00:00
suse
suse
Security update for Java 6 (important)
2013-11-19 00:04:12
Security update for IBM Java 7 (important)
2013-11-22 08:04:19
Security update for IBM Java 5 (important)
2013-11-15 00:04:35
ibm
ibm
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server October 2013 CPU
2022-09-25 23:09:27
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2022-09-25 23:09:27
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2022-09-25 23:09:27
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:36
Sandbox Restrictions Bypass
2019-05-02 04:58:33
f5
f5
Multiple Java vulnerabilities
2016-05-25 01:58:00
K48802597 : Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-09 00:00:00
SOL48802597 - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-09 00:00:00
centos
centos
java security update
2013-10-23 11:04:05
java security update
2013-10-22 07:41:01
java security update
2013-11-05 20:45:16
openvas
openvas
CentOS Update for java CESA-2013:1451 centos6
2013-10-29 00:00:00
Oracle: Security Advisory (ELSA-2013-1451)
2015-10-06 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-246)
2015-09-08 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-10-22 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
java-1.6.0-openjdk security update
2013-11-05 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
amazon
amazon
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
prion
prion
Design/Logic Flaw
2013-10-16 17:55:00
Design/Logic Flaw
2013-10-16 15:55:00
Design/Logic Flaw
2013-10-16 17:55:00
ubuntucve
ubuntucve
CVE-2013-5824
2013-10-16 00:00:00
CVE-2013-5787
2013-10-16 00:00:00
CVE-2013-5832
2013-10-16 00:00:00
cve
cve
CVE-2013-5787
2013-10-16 15:55:00
CVE-2013-5824
2013-10-16 17:55:00
CVE-2013-5852
2013-10-16 18:55:00
threatpost
threatpost
October 2013 Oracle Java Critical Patch Update
2013-10-16 07:41:46
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.143 Low

EPSS

Percentile

95.7%

JSON
Related for JAVA_ADVISORY.ASC
nessus38redhat9suse5ibm28veracode16f55centos3openvas29oraclelinux3mageia2amazon2ubuntu2prion19ubuntucve17cve18threatpost1securityvulns1oracle1