Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM08BB7B4BF053BD7DE103FC2D816DBCA14DF06E858B7CDE061F72FA9E2D853C87
HistoryJun 16, 2018 - 2:06 p.m.

Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition™ affect IBM InfoSphere Information Server (CVE-2013-5802, CVE-2013-5823, CVE-2013-5825, CVE-2013-5780, CVE-2013-5803 and CVE-2013-5372)

2018-06-1614:06:51
www.ibm.com
6

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Information Server is impacted by security vulnerabilities in IBM SDK, Java Technology Edition™ that affect availability and confidentiality.

Vulnerability Details

CVE ID:CVE-2013-5802****

DESCRIPTION:
An unspecified vulnerability related to the JAXP component has partial confidentiality impact, partial integrity impact, and partial availability impact.

CVSS:
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87982 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

AFFECTED PRODUCTS:
IBM InfoSphere Information Server XML Pack Versions 8.5, 8.7, and 9.1 running on all platforms

CVE ID:CVE-2013-5823****

DESCRIPTION:
An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.

CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87989 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

AFFECTED PRODUCTS:
IBM InfoSphere Information Server XML Pack Versions 8.5, 8.7, and 9.1 running on Solaris and HP.

CVE ID:CVE-2013-5825****

DESCRIPTION:
An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.

CVSS:
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/87988 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

AFFECTED PRODUCTS:
IBM InfoSphere Information Server XML Pack Versions 8.5, 8.7, and 9.1 running on all platforms

CVE ID:CVE-2013-5780****

DESCRIPTION:
An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88001 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/N:A/N)

AFFECTED PRODUCTS:
IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms

CVE ID:CVE-2013-5803****

DESCRIPTION:
An unspecified vulnerability related to the JGSS component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.

CVSS:
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/88008 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/N:A/P)

AFFECTED PRODUCTS:
IBM InfoSphere Information Server Business Glossary Version 9.1 running on all platforms

CVE ID:CVE-2013-5372****

DESCRIPTION:
The XML4J parser is vulnerable to a denial of service attack. A remote attacker could exploit this vulnerability using a specially-crafted XML document to cause the XML parser to run out of memory.

CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/86662 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)

AFFECTED PRODUCTS:
IBM InfoSphere Information Server XML Pack Versions 8.5, 8.7, and 9.1 running on all platforms

Affected Products and Versions

IBM InfoSphere Information Server Versions 8.0, 8.1, 8.5, 8.7, and 9.1 running on all platforms
See individual CVEs for additional details.

Remediation/Fixes

Product

| VRMF|APAR|Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 9.1| JR48770| --Apply JR48770
InfoSphere Information Server| 8.7| JR48770| --Apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
--Apply JR48770
InfoSphere Information Server| 8.5| JR48770| --Apply IBM InfoSphere Information Server version 8.5 Fix Pack 3
--Apply JR48770
InfoSphere Information Server| 8.0, 8.1| None| Contact IBM customer support.
Note: The same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order.

Workarounds and Mitigations

None known, apply fixes

Related

ibm 37
cve 6
prion 6
f5 10
veracode 21
github 1
ubuntucve 5
osv 1
nessus 45
openvas 31
redhat 9
mageia 2
oraclelinux 3
amazon 2
centos 3
ubuntu 2
suse 5
aix 1
securityvulns 1
oracle 1
gentoo 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM SDK, Java Technology Edition affect IBM InfoSphere Information Server (CVE-2013-5802, CVE-2013-5823, CVE-2013-5825, CVE-2013-5780, CVE-2013-5803 and CVE-2013-5372)
2020-03-13 02:04:17
Security Bulletin:Tivoli Multiple vulnerabilities in Tivoli Business Service Manager (CVE-2013-5802,CVE-2013-5825,CVE-2013-5372)
2018-06-17 14:31:27
Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU October 2013
2018-06-15 06:59:05
cve
cve
CVE-2013-5372
2013-10-19 10:36:00
CVE-2013-5780
2013-10-16 15:55:00
CVE-2013-5825
2013-10-16 17:55:00
prion
prion
Code injection
2013-10-19 10:36:00
Design/Logic Flaw
2013-10-16 15:55:00
Design/Logic Flaw
2013-10-16 17:55:00
f5
f5
SOL68942513 - Java vulnerability CVE-2013-5780
2016-05-25 00:00:00
K68942513 : Java vulnerability CVE-2013-5780
2016-05-25 00:00:00
SOL53316849 - Java vulnerability CVE-2013-5802
2016-05-24 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 04:54:22
Sandbox Restrictions Bypass
2019-05-02 04:54:23
Denial Of Service (DoS)
2019-05-02 04:54:23
github
github
Apache XML Security For Java vulnerable to Infinite Loop
2022-05-14 00:02:32
ubuntucve
ubuntucve
CVE-2013-5780
2013-10-16 00:00:00
CVE-2013-5825
2013-10-16 00:00:00
CVE-2013-5802
2013-10-16 00:00:00
osv
osv
Apache XML Security For Java vulnerable to Infinite Loop
2022-05-14 00:02:32
nessus
nessus
IBM WebSphere Application Server 8.0 < Fix Pack 8 Multiple Vulnerabilities
2014-01-20 00:00:00
IBM WebSphere MQ 7.1 < 7.1.0.5 / 7.5 < 7.5.0.3 Multiple Vulnerabilities
2014-05-19 00:00:00
F5 Networks BIG-IP : Java vulnerabilities (K48802597)
2016-06-10 00:00:00
openvas
openvas
F5 BIG-IP - Java vulnerabilities CVE-2013-5825 and CVE-2013-5830
2016-06-13 00:00:00
Amazon Linux: Security Advisory (ALAS-2013-246)
2015-09-08 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2013:1505-01
2013-11-08 00:00:00
redhat
redhat
(RHSA-2013:1509) Important: java-1.5.0-ibm security update
2013-11-07 00:00:00
(RHSA-2013:1505) Important: java-1.6.0-openjdk security update
2013-11-05 00:00:00
(RHSA-2013:1447) Important: java-1.7.0-openjdk security update
2013-10-21 00:00:00
mageia
mageia
Updated java-1.6.0-openjdk package fixes multiple vulnerabilities
2013-11-13 23:05:43
Updated java-1.7.0-openjdk package fixes security vulnerabilities
2013-11-13 23:03:04
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-11-05 00:00:00
java-1.7.0-openjdk security update
2013-10-21 00:00:00
java-1.7.0-openjdk security update
2013-10-22 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-11-05 13:35:00
Critical: java-1.7.0-openjdk
2013-10-23 15:22:00
centos
centos
java security update
2013-11-05 20:45:16
java security update
2013-10-23 11:04:05
java security update
2013-10-22 07:41:01
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-11-21 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
suse
suse
Security update for OpenJDK 7 (important)
2013-11-13 15:04:17
Security update for IBM Java 5 (important)
2013-11-14 16:04:15
Security update for IBM Java 7 (important)
2013-11-22 08:04:19
aix
aix
Multiple Java vulnerabilities
2013-12-11 10:53:34
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities
2013-12-09 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for 08BB7B4BF053BD7DE103FC2D816DBCA14DF06E858B7CDE061F72FA9E2D853C87
ibm37cve6prion6f510veracode21github1ubuntucve5osv1nessus45openvas31redhat9mageia2oraclelinux3amazon2centos3ubuntu2suse5aix1securityvulns1oracle1gentoo2