Lucene search

K
ibmIBM0A52855EBC106D332F7FF9458EEA842DA6D00FB27F4E8ECAF4647C6AF1B0DBD3
HistoryAug 19, 2022 - 6:23 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Business Services Fabric (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)

2022-08-1918:23:31
www.ibm.com
5

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.1%

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID:CVE-2014-3068**
DESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores.
CVSS Base Score: 2.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)

Affected Products and Versions

  • IBM WebSphere Business Services Fabric Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x
  • IBM WebSphere Business Services Fabric for z/OS Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x

Remediation/Fixes

Install WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the _Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _document.

Workarounds and Mitigations

None

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.009 Low

EPSS

Percentile

82.1%