Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM045F0E19CF60C70C9F3870C6878B891CC30A6239E900C3A7EB3F643F9035ED0F
HistorySep 07, 2023 - 6:42 a.m.

Security Bulletin: Multiple vulnerabilities in scala-compiler-2.11.8.jar affect IBM Application Performance Management products

2023-09-0706:42:35
www.ibm.com
29
ibm
application performance management
scala-compiler-2.11.8
vulnerabilities
cve-2017-15288
elevated privileges

0.0004 Low

EPSS

Percentile

9.7%

JSON

Summary

There are multiple vulnerabilities in scala-compiler-2.11.8.jar used by IBM Application Performance Management. IBM Application Performance Management has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2017-15288
**DESCRIPTION:**Scala could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the compile daemon. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to write arbitrary class files to any location on the filesystem.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/134828 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud APM, Base Private 8.1.4
IBM Cloud APM, Advanced Private 8.1.4

Remediation/Fixes

IBM Cloud Application Performance Management, Base Private

IBM Cloud Application Performance Management, Advanced Private| 8.1.4|

The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0014 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/7028410&gt;

—|—|—

Workarounds and Mitigations

None

Related

prion 1
osv 2
nessus 1
zdt 1
redhatcve 1
debiancve 1
cve 1
ubuntucve 1
github 1
veracode 1
cvelist 1
gentoo 1
prion
prion
Design/Logic Flaw
2017-11-15 16:29:00
osv
osv
CVE-2017-15288
2017-11-15 16:29:00
High severity vulnerability that affects org.scala-lang:scala-compiler
2018-10-19 16:51:11
nessus
nessus
GLSA-201812-08 : Scala: Privilege escalation
2018-12-17 00:00:00
zdt
zdt
Scala 2.x Privilege Escalation Vulnerability
2017-11-15 00:00:00
redhatcve
redhatcve
CVE-2017-15288
2017-11-23 15:19:33
debiancve
debiancve
CVE-2017-15288
2017-11-15 16:29:00
cve
cve
CVE-2017-15288
2017-11-15 16:29:00
ubuntucve
ubuntucve
CVE-2017-15288
2017-11-15 00:00:00
github
github
High severity vulnerability that affects org.scala-lang:scala-compiler
2018-10-19 16:51:11
veracode
veracode
Arbitrary Code Execution
2017-11-15 07:13:26
cvelist
cvelist
CVE-2017-15288
2017-11-15 16:00:00
gentoo
gentoo
Scala: Privilege escalation
2018-12-15 00:00:00

0.0004 Low

EPSS

Percentile

9.7%

JSON
Related for 045F0E19CF60C70C9F3870C6878B891CC30A6239E900C3A7EB3F643F9035ED0F
prion1osv2nessus1zdt1redhatcve1debiancve1cve1ubuntucve1github1veracode1cvelist1gentoo1