DATABASE RESOURCES PRICING ABOUT US

{"id": "0ACDC7CDDEE06F34F2256DD048A556D53156ACF793ADBE3C9ED53FEEE712EF49", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java\u2122 SDK and IBM\u00ae Java\u2122 Runtime affect IBM\u00ae Intelligent Operations Center products", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7, and 8, and IBM\u00ae Runtime Environment Java\u2122, Versions 6, 7, and 8 that are used by IBM\u00ae Intelligent Operations Center, IBM\u00ae Intelligent Operations Center for Emergency Management, and IBM\u00ae Water Operations for Waternamics. IBM\u00ae Intelligent Operations Center has addressed the applicable CVEs. \n\n\n## Vulnerability Details\n\nIf you run your own Java\u2122 code using the IBM\u00ae Java\u2122 JRE that is delivered with this product, you should evaluate your code to determine whether additional Java\u2122 vulnerabilities are applicable to your code.\n\n**CVE IDs:** CVE-2018-2964 CVE-2018-2973 CVE-2018-2940 CVE-2018-2952 CVE-2018-1656 CVE-2018-1517 CVE-2018-2579 CVE-2018-2588 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2602 CVE-2018-2599 CVE-2018-2603 CVE-2018-2629 CVE-2018-2657 CVE-2018-2618 CVE-2018-2641 CVE-2018-2582 CVE-2018-2634 CVE-2018-2637 CVE-2018-2633 CVE-2018-2638 CVE-2018-2639 CVE-2018-2783 CVE-2018-2800\n\n**CVEID:** [_CVE-2018-2964_](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/146827_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146827>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2973_](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/146835_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146835>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2940_](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/146803_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146803>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2952_](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/146815_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/146815>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-1656_](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/144882_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/144882>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-1517_](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141681_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141681>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18N component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. \nCVSS Base Score: 7.4 (Confidentiality and Integrity impacts). \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2800_](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. \nCVSS Base Score: 4.2 (Confidentiality and Integrity impacts). \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141956_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM\u00ae Intelligent Operations Center V1.6.0 - V5.1.0.14 | \n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases \n \nIBM\u00ae Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6 \nIBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 \n \n## Remediation/Fixes\n\nIBM\u00ae Intelligent Operations Center and related products use IBM\u00ae WebSphere Application Server, IBM\u00ae WebSphere Application Server Liberty Profile, IBM\u00ae Db2, IBM\u00ae Installation Manager, IBM\u00ae WebSphere MQ, and Cognos\u00ae, which use the affected IBM\u00ae Java\u2122 SDK and IBM\u00ae Java\u2122 JRE versions.\n\nThe fix for this issue is available in IBM\u00ae Intelligent Operations Center version 5.2 on [Passport Advantage](<http://www.ibm.com/software/passportadvantage/pao_customer.html>).\n\nThe following areas may require remediation using the information provided in the listed security bulletins:\n\nArea | Security Bulletins \n---|--- \nData server for IBM\u00ae Intelligent Operations Center V5.1 - V5.1.0.14, IBM\u00ae Intelligent Operations Center for Emergency Management V5.1 - V5.1.0.6, and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM\u00ae Db2\u00ae](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-2/>)\n\nCVE(s): [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>), [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>)\n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect ](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2/>)[IBM\u00ae Db2\u00ae](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-2/>)[ ](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2/>)\n\nCVE(s): [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>), [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>), [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>), [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n \nApplication server for IBM\u00ae Intelligent Operations Center V5.1 - V5.1.0.14, IBM\u00ae Intelligent Operations Center for Emergency Management V5.1 - V5.1.0.6, and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple Vulnerabilities in ](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2018-cpu/>)[IBM\u00ae](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-2/>)[ Java SDK affects WebSphere Application Server July 2018 CPU](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2018-cpu/>)\n\nCVE(s): [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>), [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>)\n\n[IBM Security Bulletin: Multiple Vulnerabilities in ](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2018-cpu/>)[IBM\u00ae](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-2/>)[ Java SDK affects WebSphere Application Server April 2018 CPU](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2018-cpu/>)\n\nCVE(s): [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>), [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n \nAnalytics server for IBM\u00ae Intelligent Operations Center V5.1 - V5.1.0.14, IBM\u00ae Intelligent Operations Center for Emergency Management V5.1- V5.1.0.6, and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple Vulnerabilities in ](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2018-cpu/>)[IBM\u00ae](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-db2-2/>)[ Java SDK affects WebSphere Application Server July 2018 CPU](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-july-2018-cpu/>)\n\nCVE(s): [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>), [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>)\n\n[IBM Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2018 CPU](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-april-2018-cpu/>)\n\nCVE(s): [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>), [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n \nIBM\u00ae WebSphere\u00ae MQ used by IBM\u00ae Intelligent Operations Center V5.1 - V5.1.0.14 and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-mq-3/>)\n\nCVE(s): [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>), [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>), [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>), [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>), [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>), [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>), [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>), [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>), [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n \nIBM\u00ae Business Process Manager used by IBM\u00ae Intelligent Operations Center V1.6.0 - V5.1.0.14, IBM\u00ae Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6, and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer used in IBM Business Process Manager](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-ibm-integration-designer-used-in-ibm-business-process-manager/>)\n\nCVE(s): [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>), [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>), [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>), [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>), [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n \nCognos\u00ae used by IBM\u00ae Intelligent Operations Center V1.6.0 -V5.1.0.14, IBM\u00ae Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6, and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Cognos Business intelligence affect Rational Insight](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-cognos-business-intelligence-affect-rational-insight/>)\n\nCVE(s): [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>), [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>), [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>), [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>), [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>), [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>), [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>), [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>), [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>), [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>), [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>), [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>), [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>), [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>), [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>), [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>), [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>), [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>), [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>), [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>), [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>), [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>), [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>), [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>), [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>), [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>)[, CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>), [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n \nIBM\u00ae Installation Manager used by IBM\u00ae Intelligent Operations Center V1.6.0 - V5.1.0.14, IBM\u00ae Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6, and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-4/>)\n\nCVE(s): [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>), [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>)\n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility-3/>)\n\nCVE(s): [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>), [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>), [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>), [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>), [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)\n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-runtime-affect-ibm-installation-manager-and-ibm-packaging-utility/>)\n\nCVE(s): [CVE-2016-5547](<https://vulners.com/cve/CVE-2016-5547>), [CVE-2016-5548](<https://vulners.com/cve/CVE-2016-5548>), [CVE-2016-5549](<https://vulners.com/cve/CVE-2016-5549>), [CVE-2016-2183](<https://vulners.com/cve/CVE-2016-2183>)\n\n[IBM Security Bulletin: A vulnerability in IBM Java Runtime affects IBM Installation Manager and IBM Packaging Utility (CVE-2016-5597)](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-a-vulnerability-in-ibm-java-runtime-affects-ibm-installation-manager-and-ibm-packaging-utility-cve-2016-5597/>) \n \nIBM\u00ae SPSS\u00ae Analytic Server used by IBM\u00ae Intelligent Operations Center V5.1 - V5.1.0.14 and IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1 | [IBM Security Bulletin: Vulnerability in IBM\u00ae Java SDK affects IBM SPSS Analytic Server (CVE-2018-2602, CVE-2018-2634)](<http://www.ibm.com/blogs/psirt/ibm-security-bulletin-vulnerability-in-ibm-java-sdk-affects-ibm-spss-analytic-server-cve-2018-2602-cve-2018-2634/>) \n \n## Workarounds and Mitigations\n\nUntil you apply the fixes, it may be possible to reduce the risk of successful attacks by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\n\n## ", "published": "2018-12-21T11:10:01", "modified": "2018-12-21T11:10:01", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/730863", "reporter": "IBM", "references": [], "cvelist": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597", "CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-12539", "CVE-2018-1413", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2964", "CVE-2018-2973"], "immutableFields": [], "lastseen": "2023-02-21T21:44:51", "viewCount": 3, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2018_ADVISORY.ASC", "JAVA_JAN2017_ADVISORY.ASC", "JAVA_JAN2018_ADVISORY.ASC", "JAVA_JULY2018_ADVISORY.ASC", "JAVA_OCT2016_ADVISORY.ASC", "OPENSSL_ADVISORY21.ASC", "OPENSSL_ADVISORY24.ASC", "OPENSSL_ADVISORY25.ASC", "OPENSSL_ADVISORY26.ASC"]}, {"type": "amazon", "idList": ["ALAS-2016-755", "ALAS-2016-759", "ALAS-2016-771", "ALAS-2017-791", "ALAS-2017-795", "ALAS-2017-797", "ALAS-2018-1002", "ALAS-2018-1007", "ALAS-2018-1016", "ALAS-2018-1054", "ALAS-2018-1064", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-1102", "ALAS-2018-949", "ALAS-2018-974", "ALAS2-2018-1002", "ALAS2-2018-1004", "ALAS2-2018-1007", "ALAS2-2018-1054", "ALAS2-2018-1064", "ALAS2-2018-1102", "ALAS2-2018-949"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201609-23", "ASA-201609-24", "ASA-201711-14", "ASA-201711-15", "ASA-201712-11", "ASA-201712-9", "ASA-201804-2"]}, {"type": "attackerkb", "idList": ["AKB:9AB03E2E-596C-490F-8DCB-1A41D344A5AD"]}, {"type": "avleonov", "idList": ["AVLEONOV:A9AB661A53F0E9B8923DE780E6F05F48"]}, {"type": "centos", "idList": ["CESA-2016:1940", "CESA-2016:2079", "CESA-2016:2658", "CESA-2017:0061", "CESA-2017:0180", "CESA-2017:0269", "CESA-2018:0095", "CESA-2018:0349", "CESA-2018:0998", "CESA-2018:1188", "CESA-2018:1191", "CESA-2018:1270", "CESA-2018:1278", "CESA-2018:2123", "CESA-2018:2241", "CESA-2018:2242", "CESA-2018:2283", "CESA-2018:2286", "CESA-2018:3090", "CESA-2018:3221"]}, {"type": "cert", "idList": ["VU:905344"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2016-0822", "CPAI-2017-0740", "CPAI-2018-2159"]}, {"type": "cisco", "idList": ["CISCO-SA-20160927-OPENSSL"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:5C300E479531E65B86D1CE2C330F61A9", "CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739", "CFOUNDRY:927660022E9A31CE680A6AE3AFF33997"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2016-2183", "CVE-2016-5547", "CVE-2016-5548", "CVE-2016-5549", "CVE-2016-5597", "CVE-2017-12624", "CVE-2017-15095", "CVE-2017-15896", "CVE-2017-17485", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-12539", "CVE-2018-1413", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2964", "CVE-2018-2973", "CVE-2018-5968", "CVE-2018-7489", "CVE-2019-10202", "CVE-2023-0296"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1157-1:16CF2", "DEBIAN:DLA-1157-1:FA549", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DLA-1339-1:B1DCE", "DEBIAN:DLA-1339-1:BC39A", "DEBIAN:DLA-1590-1:3DC35", "DEBIAN:DLA-1590-1:DF4FE", "DEBIAN:DLA-2091-1:A9C2E", "DEBIAN:DLA-2342-1:7AEB4", "DEBIAN:DLA-637-1:F8314", "DEBIAN:DLA-704-1:4AAE1", "DEBIAN:DLA-704-1:B444B", "DEBIAN:DLA-821-1:00F61", "DEBIAN:DLA-821-1:43AAB", "DEBIAN:DSA-3673-1:477A4", "DEBIAN:DSA-3707-1:CE15E", "DEBIAN:DSA-3782-1:B007B", "DEBIAN:DSA-4004-1:17FA8", "DEBIAN:DSA-4004-1:F9730", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4017-1:AEF53", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4018-1:DD3DF", "DEBIAN:DSA-4037-1:25D25", "DEBIAN:DSA-4037-1:C6592", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4144-1:54880", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA", "DEBIAN:DSA-4158-1:43C61", "DEBIAN:DSA-4158-1:561AF", "DEBIAN:DSA-4166-1:929BB", "DEBIAN:DSA-4185-1:16DFF", "DEBIAN:DSA-4190-1:21588", "DEBIAN:DSA-4190-1:7ADD0", "DEBIAN:DSA-4225-1:1B7F1", "DEBIAN:DSA-4268-1:A51ED"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-5547", "DEBIANCVE:CVE-2016-5548", "DEBIANCVE:CVE-2016-5549", "DEBIANCVE:CVE-2016-5597", "DEBIANCVE:CVE-2017-15095", "DEBIANCVE:CVE-2017-15896", "DEBIANCVE:CVE-2017-17485", "DEBIANCVE:CVE-2017-3735", "DEBIANCVE:CVE-2017-3736", "DEBIANCVE:CVE-2017-3737", "DEBIANCVE:CVE-2017-3738", "DEBIANCVE:CVE-2017-7525", "DEBIANCVE:CVE-2018-0739", "DEBIANCVE:CVE-2018-2579", "DEBIANCVE:CVE-2018-2582", "DEBIANCVE:CVE-2018-2588", "DEBIANCVE:CVE-2018-2599", "DEBIANCVE:CVE-2018-2602", "DEBIANCVE:CVE-2018-2603", "DEBIANCVE:CVE-2018-2618", "DEBIANCVE:CVE-2018-2629", "DEBIANCVE:CVE-2018-2633", "DEBIANCVE:CVE-2018-2634", "DEBIANCVE:CVE-2018-2637", "DEBIANCVE:CVE-2018-2638", "DEBIANCVE:CVE-2018-2639", "DEBIANCVE:CVE-2018-2641", "DEBIANCVE:CVE-2018-2657", "DEBIANCVE:CVE-2018-2663", "DEBIANCVE:CVE-2018-2677", "DEBIANCVE:CVE-2018-2678", "DEBIANCVE:CVE-2018-2783", "DEBIANCVE:CVE-2018-2790", "DEBIANCVE:CVE-2018-2794", "DEBIANCVE:CVE-2018-2795", "DEBIANCVE:CVE-2018-2796", "DEBIANCVE:CVE-2018-2797", "DEBIANCVE:CVE-2018-2798", "DEBIANCVE:CVE-2018-2799", "DEBIANCVE:CVE-2018-2800", "DEBIANCVE:CVE-2018-2814", "DEBIANCVE:CVE-2018-2940", "DEBIANCVE:CVE-2018-2952", "DEBIANCVE:CVE-2018-2964", "DEBIANCVE:CVE-2018-2973", "DEBIANCVE:CVE-2018-5968", "DEBIANCVE:CVE-2018-7489"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:069C31B8DD5A351921E96252215466D8"]}, {"type": "f5", "idList": ["F5:K05441360", "F5:K08044291", "F5:K13167034", "F5:K14363514", "F5:K15518610", "F5:K18364001", "F5:K21462542", "F5:K24593421", "F5:K33924005", "F5:K34681653", "F5:K35513527", "F5:K43452233", "F5:K44923228", "F5:K54143451", "F5:K60350722", "F5:K63427774", "F5:K65417229", "F5:K70321874", "F5:K71021401", "F5:K73122539", "SOL13167034", "SOL22071504"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:3ED26601CEE3", "FEDORA:613766079706", "FEDORA:68D44601BD0C", "FEDORA:7B564604AACC", "FEDORA:98315602F10D", "FEDORA:9B33E60E86E5", "FEDORA:ACC466324C7C", "FEDORA:AEECE6075DBF", "FEDORA:B4E3C6062CB4", "FEDORA:B5C736087A8D", "FEDORA:B803860875BB", "FEDORA:B98866076020", "FEDORA:BC771622EB72", "FEDORA:BFACF60A35B3", "FEDORA:D17F86077DFD", "FEDORA:D74C160C9AD0", "FEDORA:D7E1E60C4225", "FEDORA:D8DAB61DD062", "FEDORA:DEA206060997"]}, {"type": "fortinet", "idList": ["FG-IR-16-048", "FG-IR-17-173"]}, {"type": "freebsd", "idList": ["3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "43EAA656-80BC-11E6-BF52-B499BAEBFEAF", "909BE51B-9B3B-11E8-ADD2-B499BAEBFEAF", "93F8E0FF-F33D-11E8-BE46-0019DBB15B3F", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9F7A0F39-DDC0-11E7-B5AF-A4BADB2F4699", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21", "F40F07AA-C00F-11E7-AC58-B499BAEBFEAF"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-17:11.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:12.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201611-04", "GLSA-201612-16", "GLSA-201701-43", "GLSA-201701-65", "GLSA-201707-01", "GLSA-201712-03", "GLSA-201803-06", "GLSA-201811-21", "GLSA-201903-14", "GLSA-202007-53"]}, {"type": "github", "idList": ["GHSA-7VGJ-8MW4-HG8R", "GHSA-C27H-MCMW-48HV", "GHSA-CGGJ-FVV3-CQWV", "GHSA-H592-38CM-4GGP", "GHSA-QXXX-2PP7-5HMX", "GHSA-RFX6-VP9G-RH7V", "GHSA-W3F4-3Q6J-RH82"]}, {"type": "hackerone", "idList": ["H1:1271701", "H1:199436", "H1:199438", "H1:199445", "H1:207404", "H1:207457", "H1:217431"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20170322-01-OPENSSL", "HUAWEI-SA-20180228-01-STRUTS", "HUAWEI-SA-20180613-01-OPENSSL"]}, {"type": "ibm", "idList": ["002EEB5F5A7739989BC247DF814D8328529073722D1EAF6319232F8412E43B85", "00420FAFAA8875EA075916FF1CAC2CE1CD7DEB3C678E654BFE5E525386DC980C", "0056EE11EA09B36A49F1DE64F6E08BAB43933908E22425A1B41961979BB625D5", "0074BB3B67473A0DEE399011188061A7ED8190B531D188A5CD21EA9253D1A423", "007E4732B5C858D68314FCBC681F238D11A80EC2685E0C320CE28F1D80CB4ECA", "00A8A1DF1996A27FC774F48520EBC1C27A9F9FBD49D4F87EFB383544CFB4008A", "00C392F80C93B9FD9D5E530029FDB643360FA8C14DBEEED32C8359B1CA0E28A9", "010DB329A8BFC3E84A2C6FE91E19A9D01A93A5C5F0B7E84CD4694A6DE03249DC", "01573F47C4FBAFAA208BE5FA3DA4BD3E5117A940DA90963EB2272E60BE0D95E3", "015CED4DD111438880FFDB361B30E09A12892E262FEEA8F7178F7A49BBE7D4D2", "015DB6740B5492C96DB07643D3F7479C397A23B688C9430BC0080A02A7AD165F", "017198847549473B2F1109F9F4CE4C76950F186E9BE5A4FEADE9746A60AB9F69", "0195EF9270C92B580690607B214E8A9EAB1DF3E5DC94EF6452F5250A541EC1F4", "0199BCC78418FD8D57FCBD8F6822F3BB285BAD40BEA717ED6C2D19608D3AA7D0", "02B33E907CBC3B0E0EB8668DD12FA56455943967110D9514CE452B7FC178C03F", "0330E0590E15E07306B13AF8814A78EACFC6A68CDA6E4467BF84065FC8ED6C79", "041FCD681925D7AAE0B6F795A004EE207D6FA92A6E376D5597CA24D0D178AF44", "0460018CD0F0FBC2F6263BDA6748403486347AC96B44DDED3C0598821AF08EE0", "0486FF681C1A0961D28244A014A40136703A4267D414B936A2188B5042485FDB", "04A2D8C96A2597640B042A371899D0C3BFBD23E7CE6586C1EAEFBB5A99DD8DA7", "04C02A7E582660CD6B68F6BEB1B2E60BA695D9E162B960484D27A37445B0B16D", "04CCD85F205DB5AE3B48DF024CA31C67FF8428AFCAA4F57505358014C07CB875", "04E8F874FD2B3E7E06416F4123259BE61E960F9372B9998C73BBB2EA851A36B3", "04EED2117E1687EB241C7ABC5CB11968429DE85CA86DBFFC8AA9194D5653A8C9", "04F731FF1A9FCF7F7388FEFA13C178719DB6D6115FE6CADB144B751FF89B8155", "059BFBBD8CB8F92E03748427F677CBE26E890BA80C56429CEEE0842DFE7AAD52", "05A8F2E1B6274309D200B691C3FFA649E531D6AEB2C7195282A6AA8FC98D1F17", "05E850F4BA5E54B59E8E6813ED22A9D63AE8E31513D1E4B83D19B9435602D398", "06377A242FC5EAF78C030C2B2AB65DB244FDC1CEF86B79077725A62A212AE300", "06547872321FA684E7C87A7CFF9923A2461A57C37C09CEC2AAFB645B2D0ED38A", "06852EEA8CD7CA7F8840D2FC93096A4DD156B248C6D17CEEEBA4095B19D215B6", "068FAB857EA00E655E3085D74750F65E3105FE902F9098947EB065D04454EAD4", "069F58181471E98C0C6EDE4A21485D35163C973C444F407E9C0B25C289599B53", "06DF9D2534BDAF2A44273AAA278500DE2B214872C9814A010C63F0AC8DB755CB", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "0778D7018C3357EEC6B225AFFDF32CD2DCE33E627415B778C4AC66D4BA47C23F", "0849CEF680F68843BB8ED3027181BFC6E58FA418D5C7E4A78DF8C347CCD2AC36", "089455FB91FDFE7E0E828CF6E910A5D0E5BA1A056A27C13F87FC0F4D9B5A116A", "08A4EA79AF097EFCBCD603114DE0D0FD440C9652BC618477675ADAC63C1962EE", "08EAB8F1C98D41F4C5FC629CC4BB5A51568ED9245CEA47A291B46DE27A019E34", "08F9691BC937E0FF029D7696F76F6F36E69E64093E5231AAA4F8F7612ED181B5", "0909EF6749E7A2B0F8C767C980DB46802122CBC68A27D0AF5DB477B3E9C77269", "09553830DFA8110107329A5D2F6A66425237D9EBA158441C2A91D99DAF3C6AE9", "0956AFB7DB9AFC641FF0AB7205D6B40304DC321488572F7CDCC5BB67BF55C4C2", "0996E84BFC5E3EC26E537325BCB350D80023428342C546266DC1EF3BC260F1AF", "09BC2064F811FC94E18ED98B95A8F98471F59FB9C9B4214342140B11920367AE", "09C0C603EECE682CFFD6D5C27B3EAA66D128B79E9D89A33E4AF2314E9BF9995F", "0A251B57941452CDFD64C031582A8D13D6719AEDB99EBF965740CC5E04A717D6", "0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0AEB7D4827941D8E704F9E705114348E917D0ACB57155368AEDD133A33BC5D78", "0AEE92C160595E12F2B408379E77249A37C4E9EA4B7846F737A3F51CDD9B5DC3", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0C0756C600D4B428F9DDC7547681FF909EA01654FA2BE7931EB24F307960FE26", "0C1A8A8F899BAD393CEAEFB362E8BA638024D8C0B7B920D545CE843E1DAA23DC", "0C79299B321D2780FBB0CD4805BD992203944E897E67630BAF1DFBCF8B2D1E86", "0CA3C77FDC577BE6FC03F4CBF5061BEC6552ECC16796483E840B7851927C17BD", "0CAC6F4414CAC59828DC6497D69E4CBEA3A13AFFD03636CAE9B0C1F00FCEA8FC", "0CB9447A86F4E057E6BCCE438A998B8AC6A17C94584F25C62A55D07D5D528CE3", "0D7A334726D7F8214BDF965C6B0ED351221CB7A9A083042878EB2C3CB193A50A", "0DCB9190AD49CA4A44EED134393F472D4D903648111D70599B707F22E81A5F5B", "0DE05FB8F15F44BF1A238B82B0ACB5FEAE979867FD910A4AF3FEE673F91AD550", "0E6C36AA0AE26A92B3320E10EB0FF0C10724B1CFCCE3BCA426B32FFB32CA660D", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0EDBD09066818302150073FA499E426B9E1E957BDBE65933BB41C32EAC61E483", "0EE09B7EB7702170D95421E24B37FF3DD1538C056EA0EA2EDFE386FA1CFE89C0", "0EE17D440C828A2F1F3F9C3FDE6036B28E45371AB043D8D00888155801644813", "0F03B5C9C2D06211B67D6937AD3D6F685DB8B1759561725DCC766A603D57FE2E", "0F27287410C6C54A404DCEDD6F5E4F5E3E3C6EBA848C79F3D8A57C174E14906E", "0F66A0EBF2BB354FEE49365A0BFF63BC3375F7D75B03AEC0D3A10E90CC949472", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "1183AFE6070A2858FC9AB7F9B6B70C23D07916E7FB1310965184BA33E2071175", "11A86E6641297DAF1F727CB55B1F67C48A1B3D5E2E1EF8DAADBD7B84B7DAA777", "11AC7F14B60A5C486180C6662F02676A29D51924B42EC510A55CFB87D09F8654", "11D42FCCA543C310105E4C09B5FD7242F7016922EADE66CB796861721CAC1D79", "11E81EB1E5CBC5601C17BB0C111739EAEC08B28C324C7EB2A55D622BD6C239ED", "121D3CDB1E8D0D66359EE4E80141372A3EF995C13A925C463456E35DCC404D89", "12522D1CCD84515F25E20591A90BEBDC8229C93BD0F8E9793B32E660E1C07DF5", "1415F7F81FABE5FE357FDDCFC4CCBA37DA38729E3CE569D09188222ED976317F", "142CC78D456D60E4C1854BC0E93F8802FF4122A7CF6BFD85E457671E02B96A45", "15143B3F111A6285F91861A8167969BBAC444A734DD900A502368FF6AC4CF6EF", "151931D850B252E77677784DE5EA9681C180EAEFFE0A70AEF636E76D7202A804", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159C34E5AFB6BE1F570922202E0562653C65D24C44D5B08DF0970536EC4F5951", "15B7946476C14969EFBB158D48A2E631603F1323E17E2D4BDC13FB3B86B3B63B", "163ADF654D1EB625A39EB8DD02A8E4E310051F8FC3D34A39927CF015D71EB809", "16EAECFE743E4919B299AA768B909C4B71C5FBD9E4CE92EDBD5B187420FA9624", "17334E2B2E377127A3DB9D8D2B3D751E05E47C0A957D29E8C9C6DB01E922B894", "178E9B6BDE18143A8F85AA25AD187AF0AE68FA979A81CAFC5F1D360B4174898F", "17C5F79C4C7AA38B0382C6A83D3B5EB17A334C042A875A99DDFEE93B8FCB82B0", "1807EADF7EBF2384517F3DB77ADDC9D63E9DD27A36B822C92526AF1341782404", "185CA7A92837C359609A198BF638BED42D46EC58A2CC11C01C5142B98CF7B593", "18B96DE05BF0786F2E502EA655A34ADD9948A43CDE594B5E138159578EBD5E66", "18CF8F0579774C83A0D6E6D4B5456431AD2CF024AF0BD0A465437DE7A74A73F9", "191ED0FC710CC29D37F2021F055C5B6E215B0D429C955179B8D16255149183CC", "19750E0233D0EF1800BE4CB1368963E4510B8CE23C793455B5B74D660B8D0FB5", "199F635B1B35FFA7628E6AE481F1D2EE89267D425F70ACF7D67C55CB7C35B701", "19FDDC2F74E05C9B42A0381D32E09D70E2D2150176C46C3EC98FC8C0DDA647DC", "1A22E85B10B30BDA624FADFD7F66EE4EA7BBA669F8E526BE3453234D647DA7F3", "1A7668E81452E83AB00678328095567DA17543F8BDE6DB1EE678E96C5B064FD6", "1AA4689F61391429998123661409491C7FFF90C591FBB12E8BE2CA2BE514C7C6", "1AE1A5453DE71F54F721615E0361AC5AFC9F69B537244D4EE71AADDF1666ED92", "1AE3C39E2B04171FD23F21949F6202B367042F6DC07FB81BDC1E886F25C20936", "1B2DCE61952BC751A0A03EA7E17596B9EB37FF0F00BB308BB9D09896E591D7E1", "1BB027D3ECE759D4B3772AE6D614EC9C6DE9B952B653965F01D9CBE09BB70CE7", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C7571B870C8E0F53BD1021F740C140F42C5E17DC0CF9E67A9EA518C91C58FE9", "1CA6D0702021CD680D707DC569B32DE4871D42423662565CA953758C3C8244AE", "1CFB5DA2F5062DDCD78A51A639B1F77CABBFF8F678F7A95296B2A085FFF89E8C", "1D76D4E527015AC552E0F1E0165EEE21B6BFD92459CA2D89A23B02948F8C6219", "1DBC3BC8A639354F60F11B38F05F43ACD8017F30B07D8D50C64DB5E5A9CA945D", "1DF76F19CFCDA45133604C7E87FEA356A357F25EBF7FDE5853C83B58AFAA828F", "1E5AE139B10CF500092EA776D2FBEC36F6F4E6FA4F54A5E7D26647544F0BCEDC", "1E645674D777924BC329B3C0A175ED89181CFB788B28FF3FF2391773A332B20F", "1E9E86488A84B80B6D59838497C4BE2A695D71A1A8E0FEDFCA867C020D9001B6", "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1F0E769E02EDA03664C1D0694AF70B26BFB7E4DBC4D96E353B0F8FCBDA767545", "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "20CF2AD2EFF7DE6AD8F93586D48E59262F447700FFF48E5E610099B41CEE05B7", "2109FD8CED53F2A1B6C1B6353ED39302F68D864AC17515CFAC20B06E5D8FBDC9", "21291E7103EF813617AD5162F9C81594AEA73B724194E64B80D67B6DDB05F469", "21C909AA925BE0E93928A0ED421E76EC14F61544DF856B3B672A7C484A22B9C6", "2357811BE0E44405F25FEB088D97DFEC528156FA19D2B3F3BF305DAADE505F33", "240744519B112F3C4E838F7CE98F8A3579F299DB3BA3E90DA7A3F29933F44E01", "245F288CE1AFE183BF0ABD6D6278EC4AF845994D09DCF6701FC721B8633CC141", "2512D59FF30B751C4C9148B35DCDB77335582506FED2848198426D89D81F573B", "253500A7ECE4C3C7EB86EA53BD0907449DEC20A5D3EBC743BC78DE08B7249319", "2571018C4333BB3F6C19EC9F2B6BB5326A2BDD39E6D8AFC796E89DE41BBABC6B", "25A108BB00669C6AFB7F493C12E44D6EEF88BF241A2EA038F40197F15B5975F3", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "261B7A08073C892D897B71BBADC0B1029C41F38A71DB3E9F39105D50FFF553A0", "26CE7C1AAFA750AEA550E154567083BB107029164FBC8A538FD7AE568423A32C", "2738301572CC0670AAB7ACA2C963C38B5B1394CC42119918238395FE970B332F", "274251E99258A9645E690CE61A163F27CE228E7CDE12E000F53A4CC38F801747", "27EE5815A391719C685AF427EFFAEA94E593154C51D1FDC0C929166BECAD7E67", "283133FC9542390AE81F9D61070F8955F8D0D0E5CC2DFE4BAE6C0F4E6A296C96", "286787C68D7D1E5DA11E0C4CA3F8AB0318EC73B4F079B533965E2D7FAB4E48D6", "28F09F928D8A64947630E0341FDF6E6F1981E04939D0DE4237070C2BDEC2DDA7", "28F0B5CF7BC3DF04CC0364751D4F7FE6AD2A3C13D4AB2983EE89EA3F190062DB", "298D694E8B6EFBF03FA97A7FCDBF327EA4FEEDD97CA520790177E2DF3923F9E1", "29E8DF2548D15855ED1F694836BF1353CF77C43B34A7804BF50EE34D690F9E45", "2ACCDB7662F05E9499D68A18532E3ACD04381CC0EA741B99E98951C49C144F08", "2B3C9C8FEB87062CB2249D828A603478C6CE6A6307CF7103B8825D9FE81CAD3A", "2B78C28C58CA4403F484741442315FDFB10F5CC97721D16541A7CEA0165B8942", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2BEBB38964CEA4B62F9F2515093252761533127501B62DEFAAC8D801CC37ED8F", "2C50142AFAF98D1A6DAAE0DCF60AF9902BA861EACEB35AD2405F8E31A1B54456", "2C503B04D9E7A47426644FDD6079592F00D4BD1067D6E91A5434EFB287C0ABA9", "2D1FE18DD0824F907F15EE3F25290AD46DBAB033270BCAD24610F562DB73F515", "2D39752D7D92E69B0A0ED4888D60CEEB593C8A5D9EB284C2B49CEEA78268728C", "2D4641FC93F25631B43611B430A358D32F4D1BB80F23C0AEBB133618A3A7D20B", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2EB239F42D6D7C7FA19DB2D44FE26391F190CD35DED01956174DF034F07EE7DC", "2EB3F0F4D684081EC854870C905AB8E19BB8917FA1A26371AC00787B65AD5A06", "2EC76ADE8D60A50FF32B0D663DEE0751ECCC4348A69EE76213FF4927BEEAA5DD", "2EE4C2FAA4BE8485C0B999DFBD9A2A4EF82A6D6FBBF7A1D78AA8DE5A5178F6EA", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "2F59DE893FA8285491D437E4B059A11D5F337C0B22E23F84FF0196B4436172CD", "2FE62C1E3A24A2A73592656FDD830196398708E9C059617692732BA9EA6EE79C", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "3048CBA7FDCF53E63595104F24F428E3014DB1EE5B3AE7E450E0E0C06E5736BB", "308A05F5B1028A741D58EC30AC13C7A0A2B660380B87E8811177772F0014DA1B", "309C257881EC1B262C362A51A26ED2456552A2DE0687635F17746EA2BB9A63D6", "313A00F072320526FFFC01115C5A87DEC8F1D1973172B633553FF56404DB7C22", "3165A2AA157F1B9BD1D78DE6275BFF661B98BF29C82399B7216463D7581B8060", "3230B0611FEE02028E0F4521A4F79D83EC553BA8B18C4C7F10104BB783307C40", "323CE5E4060F6FA49EA35D09FC59BDA71546BDBEDC120E8C3E8E17AE078EA17A", "328EA4EC6B75924B9BAF1379828755E57421F5DD51277D579C2833A7289B6F85", "329954F801ACFEDDDB7B41015C6222E792A3D6CA56B25E2074EEFEC3AF0BEBE0", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "3351913AA6F914F18448443EC647D11C82F5EA5B9063570096C0FD695ACD7A3A", "338AB08D090BA2BDA32CC469B5B114EB53839D2991DDD8A50E966F33D52E1318", "3399AC3474481924D61DB3C909CB92FEC78F41D4537EA233A1F3E198EB56C32F", "3454AE2A0F482D3BBF0442DBAA0F9C0FEDE2CB65C5692FA45A85B8667EDECD32", "345F51EBDC4B614107E623B2D5435B6EE46DAFBE316CB6F79143A9BB38DCD9B2", "3495F9B812339D5B1BD78637C1F420145AAD93AFB44B6E35782DE0160CF7211B", "34EB1A2ABB852D340BEC67AF21710C6CA41354E6EBA67D52D896FB4AC75A5484", "35606141CD078AA5F2C16D07D6781F5F7CA625C4C3A9CC3298A418072E267FA1", "356FE57EA65A13321D1E838C9735B06928F0572E0C6AB0955DE122FCE0F71789", "357D30146D619618E3739E7826300A19128A8D82497931D399A47EDDD25D2785", "35A936B4F3DC671B44629D5403D9A2B8F9A0A50800F06698DE57422A782A28B9", "35E4C20071A94158DAD0A5CFA05C6A8E04DE3E54C4F98B0191B3F3929812831C", "35EC921ED8E86A98FEDD3951DBB5567B30D12EC279DD10392816CD8646A204B3", "360DC7CD246693E2B1DE1202036FEC8857313D282295C1CF5B81C9D2168D8BC5", "362519897130199933383963D7172C52F37C770CFADE7234B0EDB870089045C8", "362CA001FD00553BE7174C03BCCCBF89F5AB1348C42B438F71C6E4CFB81D7E56", "363661231CDCF5535EBC32F147EBEEC8D838F947C18CFF4C8F592EC472A3B7D6", "366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "36D5656B737C49D8FAFDE925D61AE63B48AA8F5E7E1EB36E926568F7A43AA810", "36EAF692C244B6A8DC011E8C8A1978CD6EAB40CEB6194282C8F5C8D043B8FA10", "36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660", "380CCDF94F63E9411CB17899AD61C96C46F6EEF9CF6D334DF2C4AC51A8FD2C67", "38458D3770070EAF0DF6F2EB778DE85F403B99890EB0B69F4B9333DB4492B9FB", "384FBA36A8C7B42F20241E49FA0170E33286C86E302D9BF29E769C4F14B9F740", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "3950A1BC0426AE4D016159E4D2CAF54A8DB5C777E8AD57B2F2EABA89B5BA76DB", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39C9A1E43EB70658FE71D01538582B5D0389F6360A624E0B8B800D6692A15BC0", "39E450D4F111F857D19F138C03812ABD7F598DD51D9F08A4C97B699481E1BA33", "3AF757B2CFB186C46CD7C9828AC005185D330646C6A69514D40EF8994C5287DB", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3CB47E69C2467E478A054170AAA605E9126ECA9F7C1454094639CF11EA89BF8D", "3CBD6FBCB7B03FFAB2153B88078EBAB1B78B014CC3934D22A7E61CD031EF4C5F", "3CC25C048EFF153229D754CCC6D44E3776394424BB1F44D1F35AEC5747AAB64B", "3D6246498CACCFF52D92DB28CC2A02DAA7ACB4972B156DE4B6CB298BFF2A769E", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3DFE6203DB59955492FEFDC3D6D48EBB07936D0F880BA3893D07DEEAC6EC7CD2", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3E4520A9DDDBF10F6B94F393C5ACDA44738184D5CB46AB64AABDC963283BECFE", "3E5AA3FA3F4F514CF3AE4C5A54CC56152E9D8AF2CA60643D41FCEBA2C2E4B4E0", "3F02DA1DC04A6C658BCF965E5FB3FFCC64EB1D7D66FB0A8038636EF62D559250", "3F1B158BEB2A6498C34BD8E93E24BEE2A0519D45F84E677DB2F96B8A484DAF2C", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F709EA726EB2BD99A9BF0A52B5FBF758B042727BAB188CBB7DC446E3FE28E4C", "3F80F1C5995CB0E287AB72B1E8BF8C924AB58095FF03363465C1CD78E76837BF", "40084B7E4E936ACD59354423AC3DB208112A49B2649572D763DB478D90624B11", "40DB5A57B7961E231CE61E540A9D91F19A708AE97A2D1065D9BAABC6DFD9CC8C", "40E849000289F14BA4EAA8A0BFBD0324AC59A18BA17D9C7411EF7F2C82E2F403", "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "410B839E6D329F22F972A8B24709501BCF62488B64922802AB9C6E47B25623D4", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "4279BA42EAEA3C9275FD7E26992F8BF20E317D8667039AE35C9E813DA767DA97", "42A344877C136B549F05688E94DC5240A92B2335C47C22983BF8078597CFBEA4", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "42DE03BFB60C7C03EC762C5A65E3D234775F9BF3F573DA84DD08CF37B63769A5", "432CFD8ACF49DF4442F2A221C9C2DBF70E36DF79F63FE59DD604DAF84CCA414F", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "43ECF7C36D1E6DC475530D2CB5DF6E2047C49DC8E177CF79FA363DF0831764BB", "43F04716E6B0E2BF698B22EF7A50C437F4D7B8FF87A1F35A7A342FA2BFEC87F6", "440F021094DE35C6A13F9FADEA7C56D6B4093B16EFDEAEC496EC398C5AC7A327", "442C87761311C31D585A27325AC5DDA28E7FA2C4BF9A5D6F3BFCA0011CEF2CD3", "444F37A66B1439774408C55A7653314698A2FD83CFE39018661304845BACFC46", "449F34AAD10DD9765AEBD2663CC16B31AA5D35B533E921970DCB2DD9DF361C47", "453AFD45C0FB61BE3943769FDFFAEE0550DDB1D0D2500D5137B261150F533162", "45EE862A886525741A09CA53CB36F782AC0F17020C63C71E3DF1B5FD95DE8F34", "46966E6228C6EFF168B156D333647B83CD7D598731C72EBDC82AB0F067E0BC8B", "46D4B9F92B3C18E29E5C7BBEC13D92B5ECA31B1A6E3BE57749375938FC2B3CBC", "46F6473801E58222CCCB75AA32EA1A062A3BF6497D64ECAA9B85A96CC1F796F4", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "4743BBB7405930549833124CAFCB4F8210D235C06F94F92FCC643937B91D2503", "47991D9067F3E8EA600E55446199432814A0D6200FFC38923B70F21CE2691318", "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "488FCEF71EF7DA59C44B85E01B61C9E6F64222BB3CB2279E3106224EAB4D58C5", "48DEEE69E5792EE07FE1C894C86FF0298C1CB17342A23ED9F86C3B1A4804394A", "48F6840AC0A3A2A5DC3EB8D7F47480AADAE22C3CEDA66C7B389CD292BC042BFC", "490F1CC1FB87EE3C9419FE46CFBC9C89022CFC28645F183A9AE09BD05FF7E457", "4A2C5224A5D45C6378C117215B6377F5D1277DE19E121950C3A6023758C715BC", "4A5BA6F806D70D220D317E2FD1565C67DD9D79F0CCCC6F2EE1DF9D7FEAB9A24F", "4A89D018F5E53F0115D1199C05A64DDF0AB7686EA6B7FDFD16F8C2CB9EC930B1", "4AFE6CE8CA759A83EBC77112FFC5A16709458542C68FA4217DCFD11E17FAD242", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BAA7DBBD4B519F5509C540F33D2C614C19A50E6429F416A1527257CB1B7FED5", "4BE7C753CF010891C01A7FCF49ADAAAFB5729B35E5E673178BBC9A1FC2BCBB5D", "4BFE30BDDE08FFC06253F80E424B5B9EC1414B2AB557CDFC42C49CE34AE44C33", "4C0E8C3E838F3316F263E65E4947E024AF1A049E1FC87B6110AADEC5CD9B30BD", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4D0B40FD80C302CF53F1137D92F6B932B6B2E248537FD7112EF2F8A278C2BC65", "4D46555CC0823FE00CE69BB661E3C164ECC9C67FF1657E99090AA350CB0CD0FB", "4D5E32921B9FDA0BABDB9FC856CA2C16B6015205472E4B5A027576A1AC49A0F6", "4DCD65078718A8D516F2EEE878B45FE5D131D6C4D4010E935F3E6A750A6D9BB3", "4E0EFF0D013B3FFE7E5660259848A887BD9155BA19EF19DA0730D3AB081E99C4", "4E2827C7B66E5750B0EA21231A352254C3192453528CBEDD0F4F230B934557F2", "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "4F11DD6523020C1FA257E50F0A4716068E2DCD481F4DADFA60B120A57FED7EDA", "506E8C92E0B76D834A33E4AE02E5206A0ABF28570630F6E4A780D13A5238D647", "50838072C1DE2B9FE71DBCE3B389D91E4815E93AE13CCC531030A517E47C3BF6", "529F4DD704282E8DAF97143B7ACD58E93375FB9E87B86EC9151E844543CF608E", "52CCE9C9DF1CABCE9FBD611F2F7371FCD808107B0670CF19453AF816601CCFDF", "5309EC5EFB560C0EDAE9A1301EB479F223E61CEBC27B18D2F0F892C7B4171037", "53A3DA5C3BFF5A6263DAA3BD4BB152DC1CA9127E423B4928B41C816BDC77AED8", "5429E38F465E299C92AC7DD86F130BA87C6D67982845432134DB7C6219AD5893", "552CCD91DA9A5C1B6B08BED8115E70317A59E9D05C357D2E72183BB05B7E0CE8", "55310BD159F403A401A61468A0D886AFB82DABC74513231846B0522E97AEE916", "55525A5AB54D0FA4DF8FA8BD6DC8E03E586A11FBFBE9E5EA61E7B15171D0178E", "55CEBB9E20A58983B23E3C229BF737495693CC60EFC2B16F3EF9E573880A87C2", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "55DC949F3DA822F13A2DAA3B5C90F1F6E231493688ACA1A0D271E8FF8029B057", "55F8F21346EDEA63D23DEC5EBB44C524EAAD84D3EF679B21A46A79265F3AEF5D", "55FA67BCBAA6733CED0D492F89AF1B40789BC45C04CD857041D7C44A7C56ED1E", "5603AD7C25C6F160A42CCD8CEC5CDE69A6C67D9EC380BE4F18A3ACC290E6DBF2", "560B409DDEFB2DD2638B506BBDDE8D0FE455DA5C296A8252E8B5823037364CC4", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "56CC78C35775BE01C4C9BADAFDF799B350E98CF75CB5957993A02F3027111383", "56F2525873CB26E2DB226CC8119EE30731A25D91BAA62D20D78A2A86FFDEB7F2", "56F567EEFD3D0CA1ECFBF3ED966307A9311864CBC05091E4AC8664C1A7BD7D63", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "57250C8399F5C4AC218847F1045931278E68593D09677651364F0897ED5E2346", "5729CD725FB94D26A62EF5EA5BED97BB34092F23F540A34F6782D495E0D44EFF", "5732EE86BC49953AF13AE89A09527BEF5C32C6351542324A8AB6A183ABC31AB2", "57A11B587849D0E11C412236D22F7BCF16F25A1EFBAC8A9A8B6F2723A64C8C41", "57AD0C0FC8A00BEEF6E1F3C8A1E152181FB65DFF630150E0DA7D2BBD63A52DB2", "57CBD94F97013E208754F9AF764D3D11B1DD38D12A2436EA761D2BBFEB325C9A", "58685AAE03A9A9D3682474C02B9A795A70F2D0020AC63FE13D215437D39C3CE4", "586BBC9F245EA531DFB210F2F8A6E202AA5BA9CC152A9D2E8794FAAF4458DE5E", "58D992DC5C5FFBF330112FBD83FD93D0D471E71498684C99FEBE67B55EB5A054", "591E98996DBAEC8DA2E30D3261AADF9BF750C358714362A5B9B9F30A1AC23AB8", "5921AE7B573463F1C89902D53FDFC518E3B4DDD7D6FAF66D194C0D79D9F77588", "599A8A2E36D1292ACD394C3442B78D3D323EE6686B7160B972508B995FF5C90E", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "5A5125564C5E6100B8631DC69D64BB29F15CFE14C3E6A31A6DF6AD6E3808314A", "5A8825AD62C7A9668D229174BBF47E909FDDC63BC31C38BE196932E629C1F298", "5A8E4DC7A257749817591727A5A440F5D520F326575886865F2A4F9B43F38777", "5B0B1030747C23867DC95696C20C13423BED2441D2173E527129DE43AFC2CBEE", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "5B61A8C776F5DB5A9AF0C13607CB60BA8EAB34C3208154E6FCEAAD0857CCDCEA", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5BA72E3DF4F52C4F4CAA4F86F92A38166E8CAFDAD00AD77270A13ABC5FC4541F", "5BB22F4C1868B556B605FBF0ED749764292E8684376CBBFE3867A8CEF9F34C77", "5C2AA669FC4216D735AA72EC2C962FA6293CCE722B37D72F1BC2F78867DC8F7F", "5C58EF391DDD33B2BBDFB3C54DD542E632EE73136FCCBDCD03C5ADA46A87A75F", "5C645564CF134B813C19305F61175AEE2FEE5AEE2B4783B5FE0997441BF96E16", "5C7923D63FE9E28C3232FA5E48C042DF1DAAEFFA269010E68C9B0664FF539864", "5CA9DA659626C6A66E0E11E0FB84446C295C0C0B0E28FF6ED356CA0EA3C801D1", "5D4F062A535B083DCAFE40C555463FDC20B044731A77B663E5157BF58509D9D9", "5DB2E519AF6A44986FAE300E5FDDBCEF984C505505D899E05EED5F1A41CC440A", "5DF1DD441A05BCC49D128B3A86617DE71345613946448B1338EF4969D9FC29A7", "5DF5E5A91AA2DB4D0C7031ECD8CC10D347CE2CFE6C74300A891EB1691B2CC8F3", "5DFE6B79B25C44CBA008AA76D79705C9D2320EA9C2087D3E36D2BADCC47C9D82", "5E1A81920E6A1A1EE7EBA39E8D98B9A3EBC541A4AA719610D4E288278B7C2CC7", "5EC4D576F9D73CD4F595A3F1D620A4540FC3AA5D503116CE04F8DF6C1AC8CFC4", "5EE17E6FA7B2E867293769D2B457CC1C902CEA1D9C6F97B78C2166BEB5DBD8E2", "5F0A459E7C55630FE8B65EAE2894E2115CDC425C3D1639EDACE33CFA2D3E5E1F", "5F372B6F223ABF2FD142C3E3D01925FD31F6969DB13DA5F9B4220059E5854A64", "61017E9A33F2AF48C2143A4F8C20339857CDCE271B93772622C33DFBADFDEC1E", "6143803B3BA40C7530457C980DC767312A530B4633D43773E75FE39165A523D8", "615BC7F4DA333436381CA36075C21AE3168D8916C6701C65D498F26F92A209DA", "618977912AAF0DCA5FBB71864A1A9D187CC967B0E0C5867770412440259ACE09", "61FF6F10F0D76277F85A8A525D2C9989283AB04F3D830BEC0894CE78DF0624A3", "623D51A6E55F06E457D5584F603A4E61CB4FD4631740B86339BBB50B1A1C3544", "6269AA76009AC220BE691BE4465167C63DA6A492C00534C7E1B1A174B173A102", "62E7A719C331FCAB47075BA0B9A2AFE666ABEF25DA19EDB1572CD3B9D2B9095E", "638DAAB789BC1508C08C390197D91062796F4F37A18910C35F02B6C23B101700", "6390A51C827FA9826D05D6F22A5DB62BFFC9752CF836C6B898D5F5BEA5C44130", "63ACF9BBC292DCDD9F48A9F8F5A37254090D93551737FDE9DA1A7B3D230EC2D4", "63E729D06BD63E73E2903CE29B50801DF5ED9A7443E42F03710B621DCA72FFE9", "64718A406CCFAE5D2AF591487FDFB0A189E939DF11D8C72E30AAF07C12098478", "64DA82E31E4B51061CFF10EE67EC943A4D954805D80FD3991148F22E00E498F3", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "66015684C1166B9AFC7A09E01337D5D9FE20EF8B62A13053D95EA5EAE5B3DB9B", "661038D02866F33EB6B87BA93B6392F175A00BE95B7EEE223493C4967AEE22D5", "6630F4CF8B10B4B1897C49B39E94913B1AB4B8271F7B40E06CDEA3243856D366", "66A1DCCF28AD4894199565D0071482309C00066713FC381EA0BA4645BE7CE3BC", "6741B26AC275DEE67E3CD552E49DB1A6359EC6DA4EB7BEDFA3541E9B504EBE43", "676348501EB797744B55656D30847F924F9BACF556C99B52F1E922B4C127BE6C", "67C80EFFE11B1AC1B2BC370071FDC07472E419E70A224CB705FF75FD6834928B", "6858AA6AB748D7D24AD9C700D6A114489550F0609E93B0135254CF98A904CE65", "6877A290C4E483A82EA8A166F8741992C1817E945A9A02B43C11E02EC9E3AAFD", "68C77664327070460B17AF10B5AA600E8E7E2FD783142191F4CB257175711874", "68DBC189ECCF66151D979CE51DD24F6706E1ABC5421889D2F05951A52BC7EF67", "690D239C58B9390FCF645AFD52B371B51B1030E1E9C92B0826778C4F0564517B", "6925315278E87FB43413287EF16CEA3071D75C13B8D35A1D7D43F00FD9F6E90C", "69A71DCA3AF973A137F5D03A63EFCFA24982B8766B86345D1914AF5B3BF502FB", "69B7C0620CADC704D7AD182503FC0F94251EA42B617ABA4F86BB06A1DFE4EEF7", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "6A9F30617183D7A0ABB599A05D4D81DEE142C73FB0C46974B6E6FC07D95844B8", "6AC3D160EBC9B7B2A7A56866F588F05DBD295AB4AE46EB1CD3A574DC726F9423", "6B63DA8A70F97442B7F3FA45E24DDF972B3CF46C7565A72EE3FCACD8CA651090", "6BA7119E438195193182006EE07A8361B9555CA549522A22F76B70DEC940EE67", "6BE8692D3822CA78B4646C336839C76002B91C314A2131C842F23F12148509D9", "6C0F44079202A6A29F40AF9312C9BF35D7AB32AC9A43F7E92F1C25DAD4A35A55", "6C107A2A52C3CB8C7043BF560ADFEC6B0BE2520229D91A88B3B29AD9C90B1F84", "6C45A29D024C9D6F0CAB22E79C478F9FCA9379B61519F60C5A7C254D98E20DDE", "6C76B2C5F5A4FD05A8A3C5E822DAA655FC16BC0C3BB7B52A0A7C87936365B776", "6C7AB1012C7AEA493F61B3F3AE6FBBA52E283C9CF0A9AF85B280B9CA9D04A3EC", "6C98323A6308A86D6D2B9D32968E10853AB4E03B3B5A6FE963F831C85D835AFA", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "6E8AA7DB116D9A386BBD74DD92885FB79C7B6627B795BAD705B60A761B85D327", "6F924CE97EAF01A558CD93CA2DE0592B84A0D2E46A023162677BE3BBE85AE3DC", "702CCFDB421DD774CE616956D8E276B5B59CD79B66C5263593EAC3AD911B7900", "70C90F58F849EB4CF69AFB9B13651E0D093E264B07D4D963D7A4F04723EDDC56", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "722BCCDF36201CB07B5671659BDC24F79862CABED605E7A2C997FDC08A6180BB", "723138763EC8FDB605AE81558EC2B606174F792237A8462C7A4A4D40B82A3A29", "728A1854249DC157814BBBFD86F09877A6B9409B4E131D642E912997AD1002AA", "72E0739A976741D66A15C6B4CC750D21816B966252D7EBCA960FD1AD31EAB759", "72EF226C4D54E3C5DF61DAC3CC307821E7DA0DFA159C969EAB0769B064E77E9D", "732078ACDC6764E165D318761AB2A077ED1DD347047F72351BAA5F9FD5BAD43E", "73288A84B49A641505C576DEDC995F44E69001C227078E86112664767072BDA2", "7334315670DD2CB11A3544BF6ADDF33C038F5FDC7174D76FDA618631B3F74B69", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "745500D27B264258E6040DD036B1BE8037D280012B0438748818154D89D1F135", "7483E3DB2BD74C9F1B606A7A61DAA6D1D456470F5A0C8F3BD6125D07EF39BD84", "74C131424177C4CF6AB6651DDB44D29A469C829765AFB2DE36CEB42B84675139", "750AF6432F6476D75E53148C1320B292C1009046C8733595D70EB7AB5F389E6D", "7522CD8CB1AFE55A09F63CACF58383B78DC2861D1D1C3725F33F297A8DFB7D84", "757B616252D9C5ECF905DFAC8032FBD7AB4A8DAEFD48C0BADFE2734A2E87D1AE", "75F7AC3C8CD80BD127551685EB77FD185BE25BD6702BA3F3DB9181D84C6AABD5", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "7702B5511645349A9E843F592524C5EDC1865400EE5BA761C1203D5D24F816C6", "774E529F1CEB73A24DBF6DF8AB48E58FA90E77E5C6F1D88214997D9283C7C4BB", "775B57CB49BD54DD08F0B362C9B1350CE27111393E547386D47B85F4B30A09B9", "77FA959464E77CD2D3FEC090679425661D222D831CF3B1C6F715597D8077C55E", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "79316DFB7D2A1A5938133AC6C009E21454C138AD7AF996976083DF3725FE697A", "794C98BF5686ABAD33523D20A6478C4FFE73CD2DF0C1899FB983B3AC051CD78F", "7995C63D3451A7C3D84F616783736F8B888530FC2843FD646CEBBD9728452806", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "79D11DDE94D9454365E3AA1412CDBD1A1B8D034E0320882C3AEA0F3D08C2ADD1", "79D43D17D2A976B2C3047912D4E3D7E3AD0E022693AF7355F8D1FB356A1EBD7E", "7A2D893F2FE7F77348033ABAB887687C87DB87D5D3A49EEC764B9B3146F2E94A", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7AE0AD6D1DAB3FC37214E1A0FCAC4D74DD7278E9BEEC70EEF549EC606CF6A798", "7B8C76B8D2D645866DC08E9ED4A4377644A8E1F718784F805D3357BDB03B1F92", "7B9378AF248D940D0788A96824FAE025D12FC25C048224709857F9A129B7215F", "7B961FF0D8F8E20C00EC83A1D0D40B22F9DFEC5A82389CF95029CE30A16D51C7", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7BDE4A775032BF86A2B1CA5D5937FF4BBC0A6E3D08CBC6C379F3C3F04EF66805", "7C371350C79C6F7596054D8B19A4BAAD069A8ADE699FB847B44E70E03F3D6988", "7C630DEEF9C025461097DE30AF143B45E948D8E848AEF027D365F38629529B0E", "7C65F66E299A696AD50FC2A47F7B7B0567F9E2199029781E8E606BB1970FD47C", "7CD76102AB6BC7575AE0FC31DF4EFC5F5C1D5540091DFEFF03725F29385E3537", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7E6954F7F2DB6B3439BA4C0D03666A11E9A1AD0DE98A28E9C9345F7058ABDD0C", "7EDF6D557043C701E1232AF1A99A36E05034D53B929336869F5B94154E2854B1", "7F33F41CEA8DCE7CCCF615D587E59AA0744E45F2001ABCD457C81A360E9A4806", "7F44D090B7C137A705C12DD507CD53C8CAE52790B3F08204F5CA5335559C5F8E", "804E6AF85F88574192F4F1A28E33A7B2125DAAA8A9A5135B29F2DA3EC81C4695", "80552BF7C2306BAADE213DD9BB061300AB37A69D1C5F3B5D7A4398299B8AE6FF", "809E4CF694B5B95B122BBA4091FD01DB408F612E91FB12D54920A9623768E6BA", "80B453AE505CC102E347D060DD017A64258D86E11FE0054B8137457109AF54FB", "80C91CA022F79ACDEA0423AEF5701D511D848F98F4A10883EBD87E5B940F4449", "817FAC9CA9C88D8423B21DFBA93857C752C9806FAFA0DA80E447C913E94C1D9E", "818D64FAB138724C60F014197EF2ABD600F61BDB47F446BB8AEED6AE2402076B", "81C272FC173AF9C3B490030FE906CD7111F5976F9B941C24379133A77091C5AA", "820B1DD869225ABFDEEE5645C1D3A0F396BA3FC9E77C88E3D91F1C4FC0D9B8E3", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "82AE70B9ED2B41E62EF1FCE5137F13A8B93DB64288D0D0230D8BFDC6839DC783", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "83B53506562CBF4BC038C2AD61252657D2E636B6245E599AFEFEB3EB3FCFBF2B", "84136D96DA7036EE5B9C3BE96A193173114E760A0B04831983D99C82317AF481", "843A643E29100FE80A1F85E4177BC532FD3AAA0F456EED8DC57146873CD867A7", "84519CF7C0BC0BBF920A3B4993A25CB95A81E31AB442E7DBDE6518F330A967A1", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "853CEBE4F06FD3A5C0463E8330A070AE32FCC86552F66DF27BFA39F37FB08C35", "8575D8248B9DA38940B8C0CCB82D1E07AFCED1CC97BE2C46A21CC51F08DEC7BC", "858D0D998DE9CCC21C74DA9438BC40E1E5DE13790EC10F9280C890FB222AD7EA", "858FB8E97369CD4DDF4CD784282A9BBA036EEA4C10CBA1596C7F829494127C80", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "85D99759D6DDD213709202E4F55212241CF73C31554DD57FB2F87409A7B0DFE1", "86FDA29703FF35A4305664C83850C30892B9B61C669F608409B4DD6B42852AE2", "8746750F3AD0F0BC9622A666856A176609E9CA437C50C11E1F497B64848858A6", "8759A08F8DCE05EB5B0136A785BCAFCDBFE613A7D435C0FA20FDB4424A7CAC70", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "88434B8A216FA4E9A7EDA68EE4211C8B663C7638A841826D77EA59C924786031", "88599A3167DAF0B38AEE5154E5F81518BD3B06894F8280285C78D3C880CEDF91", "88AB81EF4773044E57A4B0519932B93A44584B2D567DE41B65A3D966948BD2BB", "88C8CF9B1989865EFD1C55095D4AB790C6DC1A4D65C5E126172ABE0EBC926E98", "88D4396F5AFD082566BDD5FF95312101BB6F94623E716D993F113380B02DC7D4", "88E78C162C87E46AC4B2CC4D6F5E6676E68218C6F5EF58D37F1A1CCF22E70C41", "88F5F93BD3C6E62C209C1FE3AC812B7D69D6F03DFDB48531C70EE0EA89CAA4F4", "89680C8187B72629A49F5B9DB6180EF763F550009996675B378E43536DA36915", "89FB1F6DCB93BD46FCFDD81C133FAF99D78B130334B30CD3B4040684BCED2BBD", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A2ACA257AB4B3D6F4C249E6C3067F3C8969F51AAE07BF57858F8E906EF7F475", "8A400BB6A99E8B90EEAFDEAC498275CFF269AF50ED449DD7602246B8F3C6CA90", "8A4B8F016E20BE062D275D1D7DA531E398846FA5F653F9077E943F8758AD58E1", "8ACA90B8604A6F56832F1D74EF80C506C71DA3D0682938513DC259D8122C780B", "8B3B3FAE59032F92E437151A14796606A059539484E610CA8A4384D38D64734F", "8C148980AC69471DEDFB6A46D2B0CD762634E194E46EBAF4E3291DDB3B89C7A3", "8D5E2B88D45BBC51C1E874562BD7CA1C628FF6220F99BFFAE4FD6ECD4E193CA0", "8DC736DE56FAB6587FE3F3374A135C46A0E7ED405164BCFB17F0C06DF2FA350A", "8E0AAF010EBF37D1F163FC08D65BD399EDDBF518CA20FD163ECA87BBC1970535", "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "8ECA6222D3C238F29A31FEE8DEAFD26C737F2975DCA8D95684CFF7F79AA0F358", "8F4029FB0B0C6E34F6BAD16EE200556C2891A6014844C1E68BCD0D835F748089", "8F9EB25AEAE7AF6842700BA3B1496E7EA15E954596DD37325F8186BD79CCD86D", "90B72607FC15B1F844110A335A4487D01DE26FAD2616B7249AA74D1FB329DBF6", "9180198017E53C3ABE300BED146F25E3DDEE3F2933FD128F75729D691DFE41B1", "91A4FD464FC5ABFC3FACCDFB067176B3E6F76D5D6DD930AFA9131E6F06972AF2", "9214CE38F1DD3B6CCA3C0A0D3903A565EF865C916F6409B27D0CB5862470E985", "9219C124B39E6D8D77D8BF65C94BCC257D2F8565063C09CF1BBCC841B2DED0FC", "9236C16A24BA84E07FA1B5FE61AB69610142241A7BE4E44680058F24F4687159", "925E97C6619B205163A5504AC8527FF5F645691EF79F2E620EAD13A514BDD5A8", "9260A2B5C171726ABB7599EFA18CD6720BE53E97B9B70F6E8146B7284F097922", "928074C54D11212610E49ED189FC8D5A80197B56A5E700A8D2EF896341C961F2", "92827765BCDEF59BE17E0CCD68621CB1F5C8F19FCA6E6A9EE5B3968572F27BAE", "92C616799A38917F3F1C44962428D315FC07EA3A8878B8244D3CC7AA47835556", "93AB36DA337BD0948599C903BE961AACA714BA542798E8A1A52B5604155A59E7", "942E8FACD0350ED3215EB9DD3629B360E18E87D3ABD165831163EDE9AAB16C21", "94B3EC63956148268E5D16E07FE76E71DA01EB7625BA7498384CCAD5794DE007", "95E18FF4914E6E4BE83A08A1ADAAFFA1524A8C188C1A59D88BB56AB9C9ED9228", "96172B0289A3157617DE620C9610D6DE694BCA12DD20D67BEB2C4BE5720F1E6F", "96539A35B42B77FDA9229502272A8919C72C93BF7DE16900CECB40C1DF7D5A4B", "9689CC781FFB77A68D0808F73F4652707DF84089948BC46748A94D94E9B86E90", "970FDDCE850E0E2FE3639BBF29E02DA879EC48839EDFCB87B3C50CFDF9341157", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "97559256B8C83FB25D3AC653E1F3EBADCC04D4EF78DA4844805305C7544A6E9D", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "97CA1EFED8DD02EF1F210587A1A7E536A5522287B65D578ECE7C8D3AAFBFAAA5", "97CF77A702900BA77E968389309024695F5A4B413BCB706E68F012C99DB07821", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "989BF293C7092FFD11AA33DF268D74DDF2FE740CEF8C6C7B0A84E8A14F4D2E5F", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "98FBC29C8A3721BDF3BD24351FB4EDFE39F3D687293733385EB60C6187F38E27", "996F645DC3B49CC7398E4C90C384D03751E395B6523F4594A6FC7F1B1941A5FA", "99ACD881183AFFB1654B6D14D9C2F2F5C4E76CF7994E79AA0988617E1B17A682", "9B29E95933D7FC3EBCF270BA84DE60106B20376EEAFD5D4DF4DCD949178CB0AB", "9C1CA6F7E23A896B6D1234E6D1016D7106B5B6C3FA1C64191355C772DD2B575D", "9C6F1EFD064B98941F8B42A32A91BAB15206AC55CF09BF3BAAA5925A1B9B55C9", "9CC05BC9AAF90AC9A35EC7A7CEE6806A4960FEA9D45AFD554B0BCC73294A38C3", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "9E1596BF3E1DC037215E2350FDB81881EDCE2CFB3D25FF3758DFC8E32A9F7CD9", "9E784F7DA3AC45712A757C2895CAB2ED940DFE2C11EA30A202F0A84AEFBDEBC5", "9EE2A2A76244AB36DD57115A1BA2CE358055D10D9DD6C1C5DC6DB4586793C9AB", "9FF3831C7E22B3E484BB7DE6DD7B8208547ED4A9D05819AE0271A6E0BA3A8B5D", "9FFD672388E3FD39EB2F7A51F8EA5C6593FD9BB5CBCF7E347F42124D11DA676C", "A04FE2EEFC21C3A9305B1CF7463C731D28C17EB5521A8E54F5F564939C5E91E2", "A0863CA5D5484ACA86A919293340C73A404BFFC99B98DF8E4D5C2BA4EFD49938", "A09274BA1A31537EA391724E8C52797113E094AE9E4EAA66FB5A50D995921587", "A10131AF2A1C92FBCA95D8CD6AD1DED5E4C1B28CA16592953EFF35B79B9C96BF", "A19803485C52C0D9FAA3CF5A18608EACB0DDEDDFC0659219D85E396A032B936A", "A1C156D95A62F05FFE33E84E5605F1FBC967FBDFE6461273A0CA48F15D09408D", "A1C2FDDC97DA92C8D640554CB425464BADB8BA0B83C879D3365DD5825F6042AA", "A1CC6562C17E5EC673E948D2A2BDC81B95358B992FF6307244AB513E68831007", "A1DC37FA4715F53E6B67BED0395B239612C4AA4B7B5C07E1A9BB32348609AEE4", "A20DD20D95C60578C655644D1A8A4C9E587B5A7916261AE7A525E0C7B766C3AC", "A228DCB694CAC8220E8E2A0506C4BA75BC3542B483B96F88329D683D29298312", "A2517EC145D95278A8866855009EC2BCF9A702C6A9E1E46B6A3EC8B8660ED5CE", "A267D1E2FBDBDDBA30B3F120151A6B08EBCE1AB64F225AFE9863D2E63C1FF79F", "A289C76BB432E45208A7499D79C262FF7A8ECBE30D5964EEE23BDDA18D5CCA4E", "A28E117D05727C439AB7574F17A0C46F2E7BCA454CE0DB3443DD2936B1FFFF0C", "A2BAC82E395F9C0C2BED37EEE45890A06C1C799AB1B521E972E4D70A5F31ECA7", "A2BB386319876CC1D2DB48B0DF4DB81C4777FAFA88C7E4C55C89FA9443246988", "A2D99883140C7F5EE9B1EBEAE7F0540992E04F6263F481DB5289C6F803CF9EC4", "A300040A976BD903CB98034503A98B3DF43F2D294FC41B6768B774085FE1C2DF", "A39D3540C104225AAD66C6616BA877D22932164D44D0EF358E4EB165D80277DF", "A3A0C169AE05668529FACF7C1180D3F4787761BAB6F0B3222C4EA371DEB6CCD1", "A3F81D2285DF9221924E5104EFB0F98FF72F9D472D339274BDE26E31B0BB2B18", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A452BCA89E301CA046119BFDC15BA43A08FBCD45A7999ADA0583C7B23537839A", "A4829964562D4DA75AC835389538AF91BE820F503BFE614BB74E402BC80BACA1", "A4AAF966E6409FFF7525805073744B884361ED71A4AB7F3753164F60382CE635", "A4AB1875AC298A47D878F9F249A45CFB944C4B80A0A6253AF08480F6BBF70AC3", "A4F052050E4B3F587B7183D9FC910B303A3AE883F2DC83385E6EEA13376742FD", "A5496C63C833B5DE95C43A9053218E885F73B6103DBA053987F78B3AC96491F1", "A61A7C03600BAEEA25554A618B0BBFBD3F094977AC0AA1CBB6157F65B3293484", "A62D5788A0334D7C0A40186D9B50F79C5AB947F7B1B6601281927280BECC0674", "A71AFA4E20A54B2503C4A5DE40ED960DD9AFC34A35D94A0AF40474FE8CB4047A", "A7B2D28F1E3492E411A234E996E861936D426FE8647F79D09D85E4989FFB0C19", "A7E7A98C18A437DD59F5F1F10B7CE5B2BFBACAE3F6E564B5B4F9B2226C989CA5", "A7FA78453E195912E6E00177F5DEA438F5180FF8434F182B2A52925D99FC4649", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "A965468AD7FD6E0FC84AAD8198928B8ABF25FC38D0638161A79D59279C9E678D", "A9B346426D7E045BF1AFCAA04855729B0A1174B2DAF2F97666408FD0C01D4B12", "AAB33C4DC6D01DC6360C3582A5270A96DD859F1E3987D967D76BD4A5769A09CB", "AAF2444D3693DEED732DDA3749D3E19CD9BC8EC4BAA8F06BE89546470C973EEB", "AB91AC52CDF597E93AF79DE0C8F08E926367250FBDE0DB3DAF33556D0061634A", "ABCCAF0B5CA6E3BFA51CA38E50C57E88B8FF461AF2BA9174416F3B345A55C6B8", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "ACB1BEB9F23F8E2951B24CB2F49DBE6E43DA9F3C9311028237E3DCFF917143EE", "AD4ECEAE4A1A859F7973542989D756EF157892493578480BA674AEFB27995763", "AD89222617F895F6A68483970725D63E3E250AD136E5FC669CD376901654FE99", "ADC76D1D1B983CF8B7637D2924D9901359BE3828DB268B50A10B9AEBC7DD04C0", "ADDD549F8B2D1F178F3976E99F617EEDA8442305205283B06CC06FE04804E76F", "AE3685746163DCE703CA4C9996CB5B2E2985B9C1901E4598309A395E908BDDB9", "AED3A66493C3939E184C67E808AAD3B5C01A31398E8573966247517E35DC5A65", "AEDBB2CCFDA945F56DC3A62289286FE47002B310BE61E0143FB55B64A454AAF5", "AF9FD56EA5BF3F5BCB57F75A6AE54511504240DA00654FA57F2B5BA41E8F0751", "AFFC7C2B1ABE9852D258219A53CFB1F17D149F2B1D35A4D17CD1C5151D6E156C", "B036BB2AE92C6EA938089791262C55ABDDFF792AB74CF2EB1E7FA2FEE8CC7C47", "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "B0EB6605C4CC12D6E8D36185E6ED609865C93114FCB684DE73EB6BEB035D90DB", "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "B1C96325B356B6322CE436FE75F350F9005DF2C5631508657564896656251B8B", "B244A2BC0A7BD8241EA857E58CB786A72E25AF80B5B87BE5B86DB2539034F07D", "B299D67F52594A0756922168C6EE444F5E731075822EDD139AD1BC3B2BD0D335", "B2B869E92E2C0B24C8D4ECF615EFC9ECCD16AE763051DCDFC50A28156E3A511F", "B34195110077034574536A55FA352B5BF90728605D4A2BB88F8E3C60A9F0BAC4", "B35ABC7FD371B02FE816E9CAB206AD60BB04415672B80E8EBEA30794ED8D0160", "B36A668C28C4D760F6B565A18CA1708BA647B0486720FF7FEE833AC59F8D4800", "B3A5EDE44ABC6245B8E4A7EF9AB8315E98A883E3DDBD174C990FBC7555AC967D", "B3D45D2869A46128C141CB5B528583CD30585443FB237BA4D4B33436037C6E7C", "B49C4446E6FB71C3C0944852AB81096006AD85BA0DF0C93938657176A22CBD9E", "B4ACC50FB3EFBFCDCC381ED7E344E2F40C781747A414909444C31FECCA264613", "B5976B7FE7A397B9F93B657DB2D7C5465B3737F96F623CDE31887F2CE1AEC89D", "B5FF3A0A4BEBE5C4947ADA43EB1B39C0645EF9ABEBE4A315AFFAEB9638C6CB41", "B6ABCBAEBA2CF48D6DADDF1BB047FFAB6ACAAAAF6535CC5B7D3C594226337396", "B6E330D558AEA3A63E5B06D47046243959B8C2B20BA7866AAE3FA6E59F30BEB1", "B71D755505340E2C1576A09806313466EDFF6F99DF81150EE3B3602EA1BBFF15", "B73E2AC64919358B53CBFE9E0576F144ECF05CB1E42E5E59DCDDEF0BD5FEF485", "B79D31F3A053131A0EE02344FA07A3CCF93B2F3B1962F8B943A883D2CA90C440", "B7F4D2883D13C31A6534DD4AF564AE15525F392CFEBE754984BDF499D627BDEC", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B92958E041283CAFD3A9E0E6A842B60E2AAC3D7DCA455FE3FE9A9B77179A9234", "B92EA974E17CD16DC28C5637663B29EE6FF6203496C28A0EF1F4DC7CB9202921", "B93B1ED022809B9A00E51D3D9FF14D51097C6F07EC178C4396907981684D8768", "B9424AB1AB0692DFF6CD062A6D5A6BFABE9FDA4C5056E450DF2F04500E0551D5", "B969FE7130BCAD03B5F16694D6DB94079140935ECAAF2DABA8FB7CA6CE7FD40E", "B9833A73511C2281D347F2A3EB29CA5DE7EB1A235B8BFD78EE40A63010E99084", "B9A37A9137A6A153E70081729BB78D8014252B973451FD1F85F546C27C63DFCA", "BA224C929D509ADDCB0F46007C0E0FACD292F79987D47E9F02DEFD7F67D0990C", "BAB69DBF00D3A38F561B0408FE26F2F58B2AAC9F542B48F9C76DA2B3D45EF7E4", "BB29C05237C7766000DE2C4807FB64DF6D71729A6C6FF3D8ECE3160E5390862C", "BB34CDA6062011ADDEBD4318E4615ECEB868423BE5D12A887B5E380444020825", "BB4454A9E595CB5DCA50C624220A8FA66F556CD5D3FB737C88C07320DBC111CE", "BB5A029AE8F8CA1CBEFE73F31FA30371093EBCB34635ECBB947EC5222CF53589", "BBF5FBFE519F80A6B36C8E6B6ADC28B6EFD07A34E8008B141A42401A9CE1DE28", "BC2283C42C5754BA56D4B137D9299A766BC1E54917CDB4BD5C57BE600AAD1E60", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "BD0B415C053FC80669F34B90324081AA9C7BB6D74CC54042D2661B32F9E38691", "BD16AD945811C7C5788FA310FE6EBE4BC8642CAB1164618F1CA91A84044B9A56", "BD1A3FB61CD3EE1C7BC03779DE4E8B49529819A9A99C701323C60D47481C2C9D", "BD244D6323B186793AF96234D84BC097585F104DD8186806E8394D4EE6A8D3B7", "BD43DD1867AC2917BC9CDC37222E975203BCC23E7C7CF119168DA166A717B0C9", "BD707B5E697F3383B038E22458B7732420CC5E5B323F5C3F9E3B3B6CBC7309E9", "BD707B9A2C920399BE57A503E0CC1633CB723C90A936D7A2E92891D912259987", "BD83C6655DF589A9ABA3C23084AB0F01D10A09569D91FC02ED40475F9AA42DBC", "BD8C0A1C6CF7A152703C30BB58CB250DE8EF6981B86403CF103D9F8401EAC584", "BD8DD3308D253EE956C5F6A4D941A50CF207AE66C6870CF76C4D8043AF0AE082", "BDB63237DD4FDCF0CBA8A8ADC596064A280A83BE18357A172935113EF0CE8EFD", "BDE3C6BF2BE48CFBD348890B046C235827D8A9118295E4A63BBDE86930834629", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BEA0DEA8581DC561B3E0FB6213C2324D0764CB41F471CBFCCD4404F07F203E7F", "BEF4B4D6D06DE054CD8080F4C39D9D89E2FF2491B018154857245F1610F10409", "BF0828AC87649CE13A7ADA046FC34EB93285CAEB4611ED994CEE41B7A490A8F9", "BF8FE1EB681CE789FD9BB533D39559C4D13FC948127F20C1DCCBE5379430A5F8", "BF95B675104E7D07FF9910517B62F5D708C3391BB8683BE1D3FB920E856A6E97", "BFDF12012C4F7AB15EA439C6A6D54D778E7D8C22F9B552F94B30F801A07D8619", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C00F8844211885243E98A13F4DA59C6FB7BE41737A2514C8E7E0B4D813315B79", "C0340F2CD3C15616C3BA231CD2EB6366CEEBABBCB28179D9F1C77DF02E46D643", "C0F80B7C16C9B80140D483C0FCD6882278F7435E15D4ED92C57FFA7E310185D5", "C11C390B971E777914D85592C69C15B80ABB389FD00D2D905C82AF5F4B729A91", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C20CEA412B9C17F86D30600E2CF80E460DF7B4E2BE19C80F22412E6836484401", "C2F11551C490E10BFAA814D528D82349D60E230C1FF169409FDDE70BC2DD9262", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C3195681625E7A9156EBF0A4F158D3296F6A506F509D52A1E33C423F7DCC0884", "C3213A08C57037B560B797CE67723EFC3B1D755253338C716ACD0DE2BA91026C", "C32E6CDF5E2B63D069515E22D16A28819A2DD3401300A5396516F5B1D38A278F", "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "C389EBD0964ABA27F048D6EDFDBBE608B1BF9C26B0C2A781B136F8A57CE34CC8", "C419E4AE704DBAFD5EFD078AE673E051D209740CCE61A07F500573B347A7F595", "C48B8A24BEA3D79BEA32D69CB925440D9078E9C37A37DBDEB8805808860199D3", "C491B1CB55B646B9D624082EC35137AB8970627E2FCEA1983A109781CE7E2310", "C493462547813E2D896F759039078514A13F0934C26044CBC7F658187CF3E4C0", "C4D6B3C9B481ABC83F058E2FA34A363CAF95D271DE6C1A6DB6A489BC94E26241", "C53191E7AB19F2F993B44066BAA50C1203DC120DB98B06380783A69701228D1E", "C651E37BF4B96F4EB07264F5CD8AF5358C07A1B2AF852ACFC9AC82E9E6722BEB", "C6C30575B8111B1F0235943AFBFB3EFC95AC6BC7ED4517C4C9F4D899336D20C9", "C712FA1CCF5B00DD1E6F1E9A1F6D0273DDB6A82A5F92E6EB5028F4E4D1FDF20A", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C78EC486D86230DDF1D8602E0B7F2837C1420576BD6B5934CAE208E06F1D5B36", "C7CBDBED0F63DA6EE5124570703632B6C2AAA8D5D0DF99F9E70413BFC17257F5", "C85AE805DAE4BFB886E620D203691B28A85BA2DC3F369FF95D93339B02E74573", "C882C89B2B2EF702D5D615B6FB118F677DBF78B75B3C65EF291DF714D0BA3FE0", "C88FD4D469A35327F18A441E0F6F16137E5E2FA23925AE0EC11E2F76B3D0967E", "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "C95A8B937A6CBD06A135F063B01796BA2018504C97160BD39408FE446C9A1F02", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "C99E5638A3EC9056D8B7F87F4A09793E85C12B072C34891CCC39B09CE3397E7B", "C9D4FC7C5FAF61FE319950AF1200208CF53E77C4F950B4D009DFA71AF05158AC", "C9DBEC674B465983601DD6E3ACB8651D25D19EC484A0A29BF634859B492C7ECC", "C9F19ED2C7A03593AC283C0067CD2FD24938ADA7B16D8ADE6C80795C2BDA0405", "C9FB34DC4DD9D107AA44B9450C99B916BC840CD0F468825041F3DBD249EAC5CD", "CA022F6C74AB029507A536E48E400E3EBCD80F6563DFCB94ADFC3887F1C436C3", "CA204EAF8EB6773570243C27B9318F4C27C4261EA57DB67E645543CB983B7B3B", "CA5C62763261B95E690EF270E128D49DBAE0E294EBA0C3FACFEBCE39C7AA965C", "CA8D24C78D501345DB856FF9B53F4B1D8B088BAC6269D5682DAE4D83FBA4E3DC", "CAB98DC8364C4A155470496DCC3DC7BDBAEBCD7BD42B5B8569CD716A73341965", "CB394ED1B8C513E2AD32465BF5ED33A734676AF29B993397612A1FD97A4565E4", "CB574AF1E0FA16057DAF022FA493875D5EB53C1E5EE7CF7B8596C0B7495C9508", "CB6B7C9BAEEC3A1289CC12A73332335312CE78BAB4B9A3C1E4B32CD7553DF048", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CBE2A324CCA9005622E38A7E2B23665D7D6691367032C10B6299465D70A4C9B3", "CC0FCA510A1D843BA5CC109DEE83E0560BE5D1E3A84C207ECB65CB64AF35BCE7", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CD1271F65919F0A27ABAC5D2FB90AF847030089BEFBA36FA40622E14F85284D4", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CD97A128A9AE077D44AF9E9B42CD245B0F22FFF6FFA6DCD3C8F11FB01E29E289", "CDE6875133587A5E5E6ED5F01AB9C60FC14D6A03BA892EF38B70353468007DF8", "CE226AE24A6E2D3DE67C38C0C6A7A613A0DDDDABCC8ACB8CAFB1CB1EE2157689", "CE3EB460B9647ACCA093825A27E5BECCC421E5D4A48BE26AB3F174E9509AEE7D", "CEF06EA4B59D33B64173D40441F5D3287F8B9F90504D14E126941D60D6FB8997", "CEF20F8B2F76F34D20A1332E089A276B62CD83365A66024B5AB7A6CB1887883E", "CF387EA027623942683EFC747D5E8C53C455A7B39987E11DF2162158A50271EA", "CF522262D87F5B9763F1CC4CBAEE8D69CF8EAC24981BCFAA135D6302BFDDFDD3", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "CF99691D618EB1EA9A8A075EF91665712165EA871FA9FCC7A423963F869D124A", "CFA45B42C8D5C46B7E2C2A5FE33B1988277DFE78992E4BF0603DC25F980BC222", "CFEEDA0D2CF8ADE789646A78DF47959CF6BEA6E2E1DA7FD18249EFB7A1BF3CDB", "D01A3C682B872C11438B0E26B61DC1D37C40BF7230C60AD050BCE88B3E4760A8", "D0436708E17AE06481C5D812D4085089BCF7263B197EC4C10E8312B7221AB351", "D0917105241B3AF403EBCBDA7A2973304A787219E1BA33B2EC05560FF0A404EE", "D0934964E9B56702CBED525517F4EA576FF2F33A8BA6C800C34ECA9B7FE90236", "D09AA8FF89760BC7F43ADECCF6E7C45BBA97B978512C4C26BBA10ADABD6F0708", "D0D0A80DD7FCB50C4FAE6C8876626AF6BFE47A31698B1105E34BCF5249AC9EB3", "D10BDEF686E7C5314CE467BADB66FF3B6869A323887E4C37D29EEBDADD0D5E07", "D182CB632B33579A484CAA078DECBD4223A6DDEECE7EA8E1FDC5025F7DD813F3", "D18449463241D81F1677EFF02AF2C303602C6318DB0921249DACD67333EE8B42", "D1AFE8DF5160F7F66429CAC7472DFB3C1CDE36B34873FDBFD8D79F931C352114", "D1B9345E7C0A3051B97AF8EB65F3D4BBDE1B65A53A7D35A8D108A09537C245F9", "D1EF3FE0437D2F6DA272487537A9E1D1412F7877DD09B28455CF14F7AE452CCF", "D236AC46451C28903CEF4310F580B8CE980B396B43304EE61B17BB51D3055BCB", "D24802352877517E1A734910AA5B470C280E95428999292362B5DB5785262ED7", "D25F96BF8FFC89967E930C42C71D7208B95B880B834BD2A42F60151967CC51D1", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3A0DA62A5170AD945AF0956BCB67E86AAF4FEC9192BF04A798E566206BA1BC3", "D3BED0E83235D9426D986A11755E3B30E87187B154AD1097AE25C384A5EC66B8", "D3C39AB5E44022CE078484BB00E5E494D63631603BBCE0882D9082C2ED377CFC", "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "D42D938207F5AA103E444D93C078C83624DD88D7F8983450772332213314BAF2", "D472BB6070D3EAAA575EDD37698BF33CF68D69F2859D529D555F7ED693CF3311", "D4C1C0E6A5170ECC8C7B3DFFE304FF401A904E8D9E1A70A203081EBBCDBE568F", "D5544C1D2971FCBB6424C7A9BB1CC5D582FCD7D2B60B86A7D5149EC3DA9661BB", "D5AA5A836C6CC887766560D5C0DEA7A00ECE08E7210420C4B9BBFF45EA1FF9F6", "D60E46330596DCE2059EC92EC698759ACCB875541CC622F435EF733178728B73", "D6240400034A298813BFD7CEB1643211EFCAF06767C7860BA5B6E4F9B2C55421", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "D711A9D04D2F5CD9E84441FDBAA690899A6DBCDAEE1DFEED368B1C62BB0F755F", "D7448193BEC97EC6B90CB3869926C86749C2FB9859BC66CA55A2B2E7B21D692F", "D80811561A68677D06BFD70B2628FE8A381824C7F24050B93727226A89B56CB4", "D88F8D4EC870E7EBE3D835E7BB4576597E4D9045A6C1183BC8C8273B825AA821", "D94A48AE9F580A6366D29978F998319ED852FD8F689952FC78B6758E2D5F53F1", "D94BB82D82B3FE97393005731710E718D0429349FF0E3E6B2F4068C25C66A94C", "D9641593838413CDF7E5F10EF67A875480A6530BDAACC45767CC7E5625448B6D", "D995D2F9E1BE3144688D5E7CF9C09664253C87B459A3B709900AE8A0B537C53F", "D9BE0065398666E1D67CCC53BE7B141B9D057940F7F6EFEC200D45AA41B346EE", "D9E893122D9CDF2BDC1963FA63AEF08CABCD2CBEF3DA16979E9838DE44F25804", "DA1B32F1EBFA7EDFFCD008466117AFB73DD6C23F7CB38FBE5C6F5715964BBAEF", "DA52C8AAC8E49FE83875D8FD83693222E58D6D178EBC1C00B564B8EB59727C9C", "DA78D22BE98AAE3FAE7595498C22303F728B4F1A787F6AA2950D1A2B51579024", "DA7DAD37948FEFED484A1FECA050CF1FA716DB1FE72EEAECF45F7D40D359FAC8", "DAAD432645B5C5C295F7909FB1726515BC951D5E055545F1175AD10DAD47DA15", "DAD5A8456E75C3E0D61A94AD852443D8D2F457AD466BC30FEDC9E8F6256B0E5E", "DB2C86720632450365AEBF019E5390EF2849F0C30BF4F940F146BE30CE25C947", "DB5D4D065C0F261805DE8CAED872298523533EEBF7999AB216A1D9F951C28DC5", "DB77FA682E1C424D5DC75EF1D7E867B818764A3DCA318FD78F7BB076B3F08B21", "DBD29332B6E297F25422EB8C28791AE3DD704B7B9FDB714ACE7016CEEC63D122", "DC3F9DC6E60E7791FEC4335A8C7FB9E85C847042EB357C7AEFE055E589B8FF69", "DC6CFA97AFC11ECA8AC903B07B25377D9849F6E270CE2A8494F78E7B651A0389", "DD7E796DC101D56D3818D53295F88146B9FC7EE7058C596477B1B5AFCE363B74", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DE61CF56AD0796A00528B0861C6C0A246E74C685E64843189E387E6635F982A0", "DE6FC785FAEA5CDC22FA3DD95C1113BD7CE8E4668A2B0686DFF968822706AA72", "DE748301C4FF4EB59B2C16DC7443F92BC6B64BB243CD302369521927A09A6441", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DED463C35CCBDBF28F87AF801540DC5825E2C660837714657371DD3910A9638D", "DEDA41352450EE00AA73DBB3366B7F6175FC04A0ADDEC211121FD02887D594DD", "DEFEFB2B26B8AC90E2498D0927E571DF52F00DC6BF2D8D922349E48989CEC0DF", "DF03CD856A57D7360B711A6E6395B099DEE028A64AE6341A99493DBAF1274A4B", "E07E9939487B5F63C0252300712F7211E6C0B89676F9E5D5E2613D17BD23D356", "E0CAD87D2D58A2FEE5B2191470CEB1BAD189DB6A091A60BC28E6B8904753BA45", "E1347202BCC47D3F31895563DF1F7842BEC89FA802656E5A1AA1C6417187343D", "E16306600C5787A0924549FA20F183CC475F71A9E80CD01105637CBA736B933E", "E1BC051B35E6390CDF26EAF4F9606F465A68BC39D22DAB92F943569FCDE317AE", "E1D0C5329284235F193392CF9D4AE596C30F2C7808A1971C3D2005687823AE7C", "E1E17FC8FB3F66C5AD24B5EE11ED61EEB386830E53608FDA6A735CD954FE2F14", "E23B2B70071C87B4B30F175BDFB816A59FF7F9127F0905729A27B7EF44524CBC", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E2DD11E66560F5B27482CD4CB2E260C96E8DBF8D494B7634E0E12040AD56C9CF", "E30E73EC52C28C43A6E751E1BE29D05BB6EAB02BC422665D82F3C431254532A5", "E3D0BB62F3EBBFB0BD048F50837D047A327135C03929630E6A511352E13002E5", "E48F8ABCD477E820754A4984E9A42E9861FF62036721D12B2341BBB5CB6A55BA", "E4E3A633F629C70E0473790AEBA2D5E60E6D46EFA604A1E45DC4C79D5C56D091", "E53559E7A7258D1A9CC240705ADA19663A561AFB3905A8FB3C41236DFF6DE69A", "E538650CAB7B2D6CD412F77C70DB4E45A1E53D161BD7EFE9A7A13EB7FAF5973C", "E57B9E2AE5C006DA16F9616892C6C976E91256B82D0E84E776BF4F20A1DB9BBF", "E5C69EFA39FF2FD80727237799E8EF29673581727BBDABA07DD43A19654119E1", "E5F1A51EB15FC95B082794A6D26932005C3A423DCD7B90C89E58A6878FD1D000", "E5F6CA4E9846520FFBE611036320AF23A481268C0C6F8DE632C6CEE7B97E65F5", "E66BEA38ED79A970EA18FDFE0CFF622C04A1AB5532B08FA652DAFD9064216199", "E6BCBC39FE76A42D02EE12D24DA03F65B3FC85BCE5A5C7C09C37B05E5C43560D", "E70120C165876F69BFB2C09908AC0EB9592A96A4EE7DF139E3FEA8B8E849302E", "E77CCFE6D6CC58175A34B687AC8FB6D98C54A96B27089F826FFB030B0B8A87F9", "E79BC6C34DAD829FAB4182BB79212B7400A2BCB673A1FFCDE7E446FA6EFAF11B", "E7A3CC73182546450D85441052101B6182B433D3539C47633FCD6A7232395BDA", "E7C0B85372ADEC38F4D684CEF2945A9DFFD543F24526778D5DE79F63657FD96E", "E8785330052719CAFEAAD58D08CA6A5AC216720B2ADB457FB5C017CF4DA084A7", "E8A312ECF86D6A1C6D9722B8D51FDE987A400AF0C6568E0E843C6327878D3511", "E8A9D3E9EB263B8252AC392A110C5699C152EBE388EA85E79DC45D6A3DA9A738", "E950067BD8E6649CFB412691BB96FCC6AAFBB758789F58BCEBE7A124E713B8D2", "E95D6D6467CF6AB55E48D5436835BBE42A101787A81CB1552431485054CE0D72", "E9BDE265DE0FAEC04CB8BE1CB2B1316155D19087735DBF92D77E629BCD124564", "E9CDC2AE12443FED73E3319BAB451F9CA59C2E1932A9AFC8B6229F07785579C5", "E9DE33B25DA7BFAB57F6CF55393E1F4B2F3963A8329764A6FDBC8D080C3DEAEA", "EA23335228049116A13B1E97DB58AC9A534249D115E1498DA3E57253B1728414", "EB29912BA3125220228A3E0ECE64F9A835E8E7C353B5EDF3F1E3E9C50AA8FC18", "EB75BB001082ED64F6F295C3004785BCD8F75E218451133709AECC28B2CD6F24", "EC3D8B78929CEE29AEF21A1B489AE5D843D897B3C4D451E9206D6EE31CC77C0D", "EC94857D7D563A0D20E8336122A527B358E52AC50ABAE059889E5A31BFEAB1C2", "EC9EBAD01E5D7B1B44261F48DA5AC2A864E6BAB51FFCDC4EDC0C0B1D8F397240", "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "ED60AC8DA8519FF62B67D9A42CACC711F4D100223E77E6CCFEC7F0D7ADF7426D", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EDFF6875873E3D3513A1B01513D19716118E11B19C57D07C181B8FD3CABCF593", "EE2718514028559E6F27A557F3B2FF99E3B2AC3C33754AA2CB57AD5E245C7955", "EE3B451E15B910EDFE019526EB15A47C13F289794DDAE5C56C0061680ED00903", "EE8B54E25081C1792F0B696DCF50ED3C22A683E5D0406AFE44B85FB32926CC87", "EEB9516998DA2DF997DE0C8D2E430D0384019A1F0FB40AA3444928DDBC351E4B", "EEEA1AED0DDC584C51431A9908918AF5D5529838CADC30B95CF1D2E06A297A4E", "EEFA07F3B1DA403AC16805635B341ED2291730152BE0979DC21E8BB0A068158D", "EF01AD609D820B6AA1A62063A29A8227A37A95BC634772BF73C57463F0CD0057", "EF03F78CFD9649085D9C1597ADF2110383865BDB4CAE933F996DD6110490E00E", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF3AFEEF28D63C4014CA63B767F53CC697530C1496781D91918DD1B8D89D0F81", "EF61076F398E7E703A00D1503205A1E6D7D23FD6F5942CC3C0F34D08EE3C113F", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EF8F5D2176643F60AAACF896D63970A0820FAB5D2142D03834334DF645116BBD", "EF9B6C270DCF82283BF13AFE4BD6A359C1D124B7D4895440A36E199964CDEF36", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F09AD94B48DEE6804F3C9AEE48EB9BA274CE6A40FCE684B18CF3D4B1944D4CCE", "F0E62F1700EDD02BA2F3839DDD88EA046C8C342A2FAE608A27D02F8C7F20EE45", "F1D303774ACA9A5AD0E510C3DF5F1397009E7D6FD2FDAFAC4642501D873381FE", "F1ECF74A0087969AEAB2A74D57C4E1ED4D9DC73748D06233229C4CC120CBD882", "F219875DA9029600436D12889497248FC177EADC151223245913F536AA7A7186", "F28698F6086818D1DF666F50F367A5081E053275E64E213A13954C45D6245218", "F2C8E4883F10811E81946AE2DFA2908C97E11E392EB4218ED7613EEDABF44BB8", "F3DAB8567AF331C8A8360A693B97E286F43D555C7AE51BE5F8AFBCB6E6CB4EDF", "F4B54AA8642264D84C83C50AC6EDE073C6E0DF84951C7BE4C0C739B701EA41CE", "F4BDACE4C2BD969BE014F58FD96BAC012DCB9FD40640A048ED223245FEA36AB5", "F563F5049032E59EAFDB9D7B8CE85564B12293FD638DE619281632A7B6B9B35B", "F590F9B8CCE606C3A8B1868747618F53738AF0A967C71C872865E6F97E3E2A42", "F6B3541EEFA36ECD398761520E531FA40B48E3275B7C8D31A42E5A645BBB6976", "F6BE00294C862D5F5FF2B5DBAC48A97801994D58BD8E7B4DEE3ED210A9A3676A", "F7566FEB32A30E431AFD48899DFD434A24FB25422D72FFD21EACBB1322B7D872", "F779442F0B4B159B647211B27C52485C40EF8D77079FB564145C112408507200", "F7862E3AFF4165C1E96904B0CC478B568FD7C29638F30D7255C5D201546C0450", "F79BA4E357CB90CE069217655DB3D6CE7EF68F7A1B216115A6D8278F44302CF1", "F7A4C910A4DF2E02493D2FF5F34AA0A704BD3D1EDF63E2A05589FEA9676846E6", "F863337FF22BB38FB6CDAB12AD085E0BFDD2EE103D58AF0071EAF269683A58F3", "F87CCF7C7DB0E048496672AF6D21D716CF33B0D433A0289B3C5763C54B0731AF", "F8C0073A638722E0EC7D75F7CCCF6FF13DC8D5168AAFA66887FC4A1A75242FF6", "F8FD6C0DB37EFF15860E997E3F2EF6EC8046B424F772162C42FFB3EFFD67D1E5", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "F967014534DCCC8F81A119D3F6C4F892D3391900CC61B075AAC35C3073D741FA", "F96732014CC74E0CD212E2641AC086C0DBA609B9E2E61E3DC4259C4E401BE0FA", "FB1C374A69B9E2E0BDCDDAD20D5942F5285F229B0A0EF4729C7CA430C368B097", "FB60760FFBC4C1641885367A133FC454DC2E0574DCD44CF7D9CE310281E34594", "FB7B0D7D51A5A8ED0E01174710F6992C01D57D42E953D250F0E36E0351D2F30A", "FBA957E4586048D9FF15DAEE4F11829492FC4F59F16FD6E5E54DB4DA8A8E3636", "FBD214BD3617CD0E35DFB86718392CFC780A55239ADDCC2630BE6B9CBE939D78", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FC6CD52C9B1254CA4EDF111218F0B9EBBE253B30643BAEEC7B345AF2A6AD286F", "FC8C17DD115E571F97B5F3885C8242567934FD310C97F79C46B626881E94E7C9", "FCAC7D98117B03399F82DCCB838E46178F1E1B0134953A875D65C1A4DDEEE33C", "FCCC0F3B66FBDAD0D2E95FD368A9EC23B1CACB02F277AF6EB3B63115AB8DEECF", "FCD272D34A421FD2A8E04F5869B5DD874F2DF23AEF80C7EEB8F434E195F090C3", "FD48BA74DC3A1C3984E282E9336A9AAC5D63A6863D7227C72593B2FEC3CC6C79", "FD54ED57D0984C8885C877F9181732A5619A1E525F7855FB4A72EC63053B7375", "FD98647DA723C33CDEC38C52B57AE83B49EBDE217212120E05428E998223B712", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FDF6E8F7CD2218245453540A985C40ED7D9C20F3F61D50E98DA8EC923B1A387A", "FE05BCC40B6174352DB23A67D3600F651886D170542499905DE5EF1DB1D68B7B", "FE20A5D1F4849E14D48069BAF660E8CC8F27B6E1A52250832431EA5A43960BAB", "FEA65BE2E457CC16801EC24C06D767370A4744239D4A4161B38A6F52330F9BB0", "FEAF899311408CA38E545D22EE9CBAF38F4A7C17D2B7549CDA42D6D309837179", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2", "FF8A5C202A165C6A86DAF62B5BC19ADD9FB787B84C46A73C2E35849265921673", "FF8DB78F22CB24A549324F1BD88656C5EF156F945EC890C85CED4CCF556C4237", "FF972FF475C6691212D41E145A91B62441337954697CD95DE31DD265512A07AD", "FFD48300A19B13C218899602046E4BCCA555158C999FF29AA1F963C0113BA3C7", "FFE28C886CCFDE5B966268C76FE0497BB831D4C7E71AFADA341A1164C3DF01BA", "FFEF65915DD801D408BA9D75900795F158A407B4735B5BF405076A2C35296696"]}, {"type": "ics", "idList": ["ICSA-18-226-02", "ICSA-19-024-02", "ICSA-21-075-02", "ICSA-22-160-01", "ICSMA-18-058-02"]}, {"type": "kaspersky", "idList": ["KLA10887", "KLA10958", "KLA10959", "KLA11178", "KLA11179", "KLA11234", "KLA11236", "KLA11294"]}, {"type": "kitploit", "idList": ["KITPLOIT:2973941148692546578"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2016-0338", "MGASA-2016-0359", "MGASA-2016-0408", "MGASA-2017-0041", "MGASA-2017-0255", "MGASA-2017-0405", "MGASA-2017-0408", "MGASA-2017-0453", "MGASA-2018-0101", "MGASA-2018-0104", "MGASA-2018-0190", "MGASA-2018-0218", "MGASA-2018-0257", "MGASA-2018-0339", "MGASA-2018-0366"]}, {"type": "nessus", "idList": ["700513.PRM", "700523.PRM", "700620.PRM", "700625.PRM", "700627.PRM", "700629.PRM", "700656.PRM", "700657.PRM", "700658.PRM", "9712.PRM", "9917.PRM", "AIX_JAVA_JAN2017_ADVISORY.NASL", "AIX_JAVA_OCT2016_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY21.NASL", "AIX_OPENSSL_ADVISORY24.NASL", "AIX_OPENSSL_ADVISORY25.NASL", "AIX_OPENSSL_ADVISORY26.NASL", "AL2_ALAS-2018-1002.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1007.NASL", "AL2_ALAS-2018-1054.NASL", "AL2_ALAS-2018-1064.NASL", "AL2_ALAS-2018-1102.NASL", "AL2_ALAS-2018-949.NASL", "ALA_ALAS-2016-755.NASL", "ALA_ALAS-2016-759.NASL", "ALA_ALAS-2016-771.NASL", "ALA_ALAS-2017-791.NASL", "ALA_ALAS-2017-795.NASL", "ALA_ALAS-2017-797.NASL", "ALA_ALAS-2018-1002.NASL", "ALA_ALAS-2018-1007.NASL", "ALA_ALAS-2018-1016.NASL", "ALA_ALAS-2018-1054.NASL", "ALA_ALAS-2018-1064.NASL", "ALA_ALAS-2018-1065.NASL", "ALA_ALAS-2018-1069.NASL", "ALA_ALAS-2018-1070.NASL", "ALA_ALAS-2018-1102.NASL", "ALA_ALAS-2018-949.NASL", "ALA_ALAS-2018-974.NASL", "ARISTA_EOS_SA0024.NASL", "ARISTA_EOS_SA0024_4_17.NASL", "CENTOS_RHSA-2016-1940.NASL", "CENTOS_RHSA-2016-2079.NASL", "CENTOS_RHSA-2016-2658.NASL", "CENTOS_RHSA-2017-0061.NASL", "CENTOS_RHSA-2017-0180.NASL", "CENTOS_RHSA-2017-0269.NASL", "CENTOS_RHSA-2018-0095.NASL", "CENTOS_RHSA-2018-0349.NASL", "CENTOS_RHSA-2018-0998.NASL", "CENTOS_RHSA-2018-1188.NASL", "CENTOS_RHSA-2018-1191.NASL", "CENTOS_RHSA-2018-1270.NASL", "CENTOS_RHSA-2018-1278.NASL", "CENTOS_RHSA-2018-2123.NASL", "CENTOS_RHSA-2018-2241.NASL", "CENTOS_RHSA-2018-2242.NASL", "CENTOS_RHSA-2018-2283.NASL", "CENTOS_RHSA-2018-2286.NASL", "CENTOS_RHSA-2018-3090.NASL", "CENTOS_RHSA-2018-3221.NASL", "DEBIAN_DLA-1157.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DLA-1339.NASL", "DEBIAN_DLA-1590.NASL", "DEBIAN_DLA-2091.NASL", "DEBIAN_DLA-2342.NASL", "DEBIAN_DLA-637.NASL", "DEBIAN_DLA-704.NASL", "DEBIAN_DLA-821.NASL", "DEBIAN_DSA-3673.NASL", "DEBIAN_DSA-3707.NASL", "DEBIAN_DSA-3782.NASL", "DEBIAN_DSA-4004.NASL", "DEBIAN_DSA-4017.NASL", "DEBIAN_DSA-4018.NASL", "DEBIAN_DSA-4037.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4144.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "DEBIAN_DSA-4166.NASL", "DEBIAN_DSA-4185.NASL", "DEBIAN_DSA-4190.NASL", "DEBIAN_DSA-4225.NASL", "DEBIAN_DSA-4268.NASL", "EULEROS_SA-2016-1080.NASL", "EULEROS_SA-2016-1090.NASL", "EULEROS_SA-2017-1015.NASL", "EULEROS_SA-2017-1016.NASL", "EULEROS_SA-2017-1027.NASL", "EULEROS_SA-2017-1028.NASL", "EULEROS_SA-2018-1027.NASL", "EULEROS_SA-2018-1028.NASL", "EULEROS_SA-2018-1058.NASL", "EULEROS_SA-2018-1059.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1128.NASL", "EULEROS_SA-2018-1129.NASL", "EULEROS_SA-2018-1130.NASL", "EULEROS_SA-2018-1131.NASL", "EULEROS_SA-2018-1179.NASL", "EULEROS_SA-2018-1193.NASL", "EULEROS_SA-2018-1195.NASL", "EULEROS_SA-2018-1292.NASL", "EULEROS_SA-2018-1293.NASL", "EULEROS_SA-2018-1294.NASL", "EULEROS_SA-2018-1295.NASL", "EULEROS_SA-2018-1339.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2018-1420.NASL", "EULEROS_SA-2019-1009.NASL", "EULEROS_SA-2019-1084.NASL", "EULEROS_SA-2019-1164.NASL", "EULEROS_SA-2019-1185.NASL", "EULEROS_SA-2019-1201.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1403.NASL", "EULEROS_SA-2019-1434.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2019-2643.NASL", "EULEROS_SA-2021-1221.NASL", "EULEROS_SA-2021-1506.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "F5_BIGIP_SOL13167034.NASL", "F5_BIGIP_SOL14363514.NASL", "F5_BIGIP_SOL33924005.NASL", "F5_BIGIP_SOL44923228.NASL", "F5_BIGIP_SOL70321874.NASL", "FEDORA_2017-4A071ECBC7.NASL", "FEDORA_2017-4CF72E2C11.NASL", "FEDORA_2017-512A6C5AAE.NASL", "FEDORA_2017-55A3247CFD.NASL", "FEDORA_2017-6A75C816FA.NASL", "FEDORA_2017-7F30914972.NASL", "FEDORA_2017-8DF9EFED5F.NASL", "FEDORA_2017-DBEC196DD8.NASL", "FEDORA_2017-E16ED3F7A1.NASL", "FEDORA_2017-F452765E1E.NASL", "FEDORA_2018-1B4F1158E2.NASL", "FEDORA_2018-2F696A3BE3.NASL", "FEDORA_2018-39E0872379.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-49651B2236.NASL", "FEDORA_2018-76AFAF1961.NASL", "FEDORA_2018-9490B422E7.NASL", "FEDORA_2018-9D667BDFF8.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_43EAA65680BC11E6BF52B499BAEBFEAF.NASL", "FREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL", "FREEBSD_PKG_93F8E0FFF33D11E8BE460019DBB15B3F.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201611-04.NASL", "GENTOO_GLSA-201612-16.NASL", "GENTOO_GLSA-201701-43.NASL", "GENTOO_GLSA-201701-65.NASL", "GENTOO_GLSA-201707-01.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201803-06.NASL", "GENTOO_GLSA-201811-21.NASL", "GENTOO_GLSA-201903-14.NASL", "GENTOO_GLSA-202007-53.NASL", "IBM_BIGFIX_REMOTE_CONTROL_9_1_3.NASL", "IBM_HTTP_SERVER_553351.NASL", "IBM_HTTP_SERVER_569301.NASL", "IBM_INFORMIX_SERVER_SWG22002897.NASL", "IBM_JAVA_2016_10_18.NASL", "IBM_JAVA_2017_01_17.NASL", "IBM_JAVA_2018_01_16.NASL", "IBM_JAVA_2018_04_17.NASL", "IBM_JAVA_2018_07_17.NASL", "IBM_JAVA_2018_08_01.NASL", "IBM_TEM_9_5_10.NASL", "JFROG_ARTIFACTORY_6_1.NASL", "JFROG_ARTIFACTORY_7_8_1.NASL", "JUNIPER_JSA10759.NASL", "JUNIPER_NSM_JSA10851.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "MYSQL_5_6_34.NASL", "MYSQL_5_6_34_RPM.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_6_41_RPM.NASL", "MYSQL_5_7_16.NASL", "MYSQL_5_7_16_RPM.NASL", "MYSQL_5_7_21.NASL", "MYSQL_5_7_21_RPM.NASL", "MYSQL_5_7_23.NASL", "MYSQL_5_7_23_RPM.NASL", "MYSQL_8_0_12.NASL", "MYSQL_8_0_12_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_5_7958.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_5_1141.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_1_1112.NASL", "MYSQL_ENTERPRISE_MONITOR_3_4_8.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_4_5233.NASL", "NESSUS_TNS_2016_16.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0016_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0022_PYTHON.NASL", "NEWSTART_CGSL_NS-SA-2019-0027_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0032_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0066_OVMF.NASL", "NEWSTART_CGSL_NS-SA-2019-0111_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0124_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0126_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0131_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0137_JAVA-1.8.0-OPENJDK.NASL", "OPENSSL_1_0_1U.NASL", "OPENSSL_1_0_2I.NASL", "OPENSSL_1_0_2M.NASL", "OPENSSL_1_0_2N.NASL", "OPENSSL_1_0_2O.NASL", "OPENSSL_1_1_0.NASL", "OPENSSL_1_1_0G.NASL", "OPENSSL_1_1_0H.NASL", "OPENSUSE-2016-1130.NASL", "OPENSUSE-2016-1134.NASL", "OPENSUSE-2016-1172.NASL", "OPENSUSE-2016-1189.NASL", "OPENSUSE-2016-1335.NASL", "OPENSUSE-2016-1357.NASL", "OPENSUSE-2016-1380.NASL", "OPENSUSE-2016-1389.NASL", "OPENSUSE-2016-1444.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2017-201.NASL", "OPENSUSE-2017-278.NASL", "OPENSUSE-2018-1138.NASL", "OPENSUSE-2018-1143.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-168.NASL", "OPENSUSE-2018-254.NASL", "OPENSUSE-2018-256.NASL", "OPENSUSE-2018-361.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-637.NASL", "OPENSUSE-2018-641.NASL", "OPENSUSE-2018-807.NASL", "OPENSUSE-2018-810.NASL", "OPENSUSE-2018-823.NASL", "OPENSUSE-2018-830.NASL", "OPENSUSE-2018-844.NASL", "OPENSUSE-2018-90.NASL", "OPENSUSE-2018-938.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-479.NASL", "OPENSUSE-2019-563.NASL", "OPENSUSE-2019-570.NASL", "OPENSUSE-2019-575.NASL", "OPENSUSE-2019-774.NASL", "ORACLELINUX_ELSA-2016-1940.NASL", "ORACLELINUX_ELSA-2016-2079.NASL", "ORACLELINUX_ELSA-2016-2658.NASL", "ORACLELINUX_ELSA-2016-3627.NASL", "ORACLELINUX_ELSA-2017-0061.NASL", "ORACLELINUX_ELSA-2017-0180.NASL", "ORACLELINUX_ELSA-2017-0269.NASL", "ORACLELINUX_ELSA-2018-0095.NASL", "ORACLELINUX_ELSA-2018-0349.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-1188.NASL", "ORACLELINUX_ELSA-2018-1191.NASL", "ORACLELINUX_ELSA-2018-1270.NASL", "ORACLELINUX_ELSA-2018-1278.NASL", "ORACLELINUX_ELSA-2018-2123.NASL", "ORACLELINUX_ELSA-2018-2241.NASL", "ORACLELINUX_ELSA-2018-2242.NASL", "ORACLELINUX_ELSA-2018-2283.NASL", "ORACLELINUX_ELSA-2018-2286.NASL", "ORACLELINUX_ELSA-2018-3090.NASL", "ORACLELINUX_ELSA-2018-3221.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLEVM_OVMSA-2016-0135.NASL", "ORACLEVM_OVMSA-2016-0141.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLE_ACCESS_MANAGER_CPU_JAN_2018.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_E-BUSINESS_CPU_JUL_2017.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OCT_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2015.NASL", "ORACLE_HTTP_SERVER_CPU_JUL_2016.NASL", "ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_OCT_2018.NASL", "ORACLE_JAVA_CPU_APR_2018.NASL", "ORACLE_JAVA_CPU_APR_2018_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2017.NASL", "ORACLE_JAVA_CPU_JAN_2017_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_JAN_2018_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2018.NASL", "ORACLE_JAVA_CPU_JUL_2018_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2016.NASL", "ORACLE_JAVA_CPU_OCT_2016_UNIX.NASL", "ORACLE_JROCKIT_CPU_APR_2018.NASL", "ORACLE_JROCKIT_CPU_JAN_2017.NASL", "ORACLE_JROCKIT_CPU_JAN_2018.NASL", "ORACLE_JROCKIT_CPU_JUL_2018.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JAN_2018.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2018.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_RDBMS_CPU_JUL_2018.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2017_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_APR_2018.NASL", "ORACLE_TUXEDO_CPU_JUL_2018.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2018.NBIN", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PFSENSE_SA-17_07.NASL", "PFSENSE_SA-17_11.NASL", "PHOTONOS_PHSA-2017-0016.NASL", "PHOTONOS_PHSA-2017-0016_OPENJDK.NASL", "PHOTONOS_PHSA-2017-0016_OPENJRE.NASL", "PHOTONOS_PHSA-2017-0042.NASL", "PHOTONOS_PHSA-2017-0042_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0101.NASL", "PHOTONOS_PHSA-2018-1_0-0101_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "PHOTONOS_PHSA-2018-1_0-0130_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0167.NASL", "PHOTONOS_PHSA-2018-1_0-0167_OPENJDK.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0013.NASL", "PHOTONOS_PHSA-2018-2_0-0013_OPENJDK8.NASL", "PHOTONOS_PHSA-2018-2_0-0039.NASL", "PHOTONOS_PHSA-2018-2_0-0039_OPENJDK8.NASL", "PHOTONOS_PHSA-2018-2_0-0077.NASL", "PHOTONOS_PHSA-2018-2_0-0077_OPENJDK8.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "PVS_5_2_0.NASL", "REDHAT-RHSA-2016-1940.NASL", "REDHAT-RHSA-2016-2079.NASL", "REDHAT-RHSA-2016-2088.NASL", "REDHAT-RHSA-2016-2089.NASL", "REDHAT-RHSA-2016-2090.NASL", "REDHAT-RHSA-2016-2136.NASL", "REDHAT-RHSA-2016-2137.NASL", "REDHAT-RHSA-2016-2138.NASL", "REDHAT-RHSA-2016-2658.NASL", "REDHAT-RHSA-2016-2659.NASL", "REDHAT-RHSA-2017-0061.NASL", "REDHAT-RHSA-2017-0175.NASL", "REDHAT-RHSA-2017-0176.NASL", "REDHAT-RHSA-2017-0177.NASL", "REDHAT-RHSA-2017-0180.NASL", "REDHAT-RHSA-2017-0263.NASL", "REDHAT-RHSA-2017-0269.NASL", "REDHAT-RHSA-2017-0336.NASL", "REDHAT-RHSA-2017-0337.NASL", "REDHAT-RHSA-2017-0338.NASL", "REDHAT-RHSA-2017-0462.NASL", "REDHAT-RHSA-2017-1216.NASL", "REDHAT-RHSA-2017-1834.NASL", "REDHAT-RHSA-2017-1835.NASL", "REDHAT-RHSA-2017-1837.NASL", "REDHAT-RHSA-2017-2635.NASL", "REDHAT-RHSA-2017-2636.NASL", "REDHAT-RHSA-2017-2637.NASL", "REDHAT-RHSA-2017-2638.NASL", "REDHAT-RHSA-2017-2709.NASL", "REDHAT-RHSA-2017-2710.NASL", "REDHAT-RHSA-2017-3113.NASL", "REDHAT-RHSA-2017-3141.NASL", "REDHAT-RHSA-2017-3189.NASL", "REDHAT-RHSA-2017-3240.NASL", "REDHAT-RHSA-2017-3454.NASL", "REDHAT-RHSA-2017-3455.NASL", "REDHAT-RHSA-2017-3458.NASL", "REDHAT-RHSA-2018-0095.NASL", "REDHAT-RHSA-2018-0099.NASL", "REDHAT-RHSA-2018-0100.NASL", "REDHAT-RHSA-2018-0115.NASL", "REDHAT-RHSA-2018-0116.NASL", "REDHAT-RHSA-2018-0342.NASL", "REDHAT-RHSA-2018-0349.NASL", "REDHAT-RHSA-2018-0351.NASL", "REDHAT-RHSA-2018-0352.NASL", "REDHAT-RHSA-2018-0458.NASL", "REDHAT-RHSA-2018-0479.NASL", "REDHAT-RHSA-2018-0480.NASL", "REDHAT-RHSA-2018-0481.NASL", "REDHAT-RHSA-2018-0521.NASL", "REDHAT-RHSA-2018-0998.NASL", "REDHAT-RHSA-2018-1188.NASL", "REDHAT-RHSA-2018-1191.NASL", "REDHAT-RHSA-2018-1201.NASL", "REDHAT-RHSA-2018-1202.NASL", "REDHAT-RHSA-2018-1203.NASL", "REDHAT-RHSA-2018-1204.NASL", "REDHAT-RHSA-2018-1205.NASL", "REDHAT-RHSA-2018-1206.NASL", "REDHAT-RHSA-2018-1270.NASL", "REDHAT-RHSA-2018-1278.NASL", "REDHAT-RHSA-2018-1448.NASL", "REDHAT-RHSA-2018-1449.NASL", "REDHAT-RHSA-2018-1451.NASL", "REDHAT-RHSA-2018-1463.NASL", "REDHAT-RHSA-2018-1525.NASL", "REDHAT-RHSA-2018-1721.NASL", "REDHAT-RHSA-2018-1722.NASL", "REDHAT-RHSA-2018-1723.NASL", "REDHAT-RHSA-2018-1724.NASL", "REDHAT-RHSA-2018-1812.NASL", "REDHAT-RHSA-2018-1974.NASL", "REDHAT-RHSA-2018-1975.NASL", "REDHAT-RHSA-2018-2089.NASL", "REDHAT-RHSA-2018-2090.NASL", "REDHAT-RHSA-2018-2123.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-2241.NASL", "REDHAT-RHSA-2018-2242.NASL", "REDHAT-RHSA-2018-2253.NASL", "REDHAT-RHSA-2018-2254.NASL", "REDHAT-RHSA-2018-2255.NASL", "REDHAT-RHSA-2018-2256.NASL", "REDHAT-RHSA-2018-2283.NASL", "REDHAT-RHSA-2018-2286.NASL", "REDHAT-RHSA-2018-2423.NASL", "REDHAT-RHSA-2018-2424.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2569.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2576.NASL", "REDHAT-RHSA-2018-2712.NASL", "REDHAT-RHSA-2018-2713.NASL", "REDHAT-RHSA-2018-2927.NASL", "REDHAT-RHSA-2018-3007.NASL", "REDHAT-RHSA-2018-3008.NASL", "REDHAT-RHSA-2018-3090.NASL", "REDHAT-RHSA-2018-3221.NASL", "REDHAT-RHSA-2019-0367.NASL", "REDHAT-RHSA-2019-1711.NASL", "SECURITYCENTER_OPENSSL_1_0_1U.NASL", "SECURITYCENTER_OPENSSL_1_0_2M.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2016-266-01.NASL", "SLACKWARE_SSA_2016-363-01.NASL", "SLACKWARE_SSA_2017-306-02.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SL_20160927_OPENSSL_ON_SL6_X.NASL", "SL_20161019_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20161107_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20170113_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20170120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20170213_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20180117_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180226_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20180419_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180419_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20180430_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180502_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20180703_PYTHON_ON_SL7_X.NASL", "SL_20180723_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180723_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20180730_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180730_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20181030_OPENSSL_ON_SL7_X.NASL", "SL_20181030_OVMF_ON_ON_SL7_X.NASL", "SSL_64BITBLOCK_SUPPORTED_CIPHERS.NASL", "SSL_MEDIUM_SUPPORTED_CIPHERS.NASL", "STRUTS_2_5_14_1.NASL", "SUSE_SU-2016-2387-1.NASL", "SUSE_SU-2016-2394-1.NASL", "SUSE_SU-2016-2458-1.NASL", "SUSE_SU-2016-2468-1.NASL", "SUSE_SU-2016-2470-1.NASL", "SUSE_SU-2016-2887-1.NASL", "SUSE_SU-2016-2953-1.NASL", "SUSE_SU-2016-3010-1.NASL", "SUSE_SU-2016-3040-1.NASL", "SUSE_SU-2016-3041-1.NASL", "SUSE_SU-2016-3043-1.NASL", "SUSE_SU-2016-3068-1.NASL", "SUSE_SU-2016-3078-1.NASL", "SUSE_SU-2017-0346-1.NASL", "SUSE_SU-2017-0460-1.NASL", "SUSE_SU-2017-0490-1.NASL", "SUSE_SU-2017-0716-1.NASL", "SUSE_SU-2017-0719-1.NASL", "SUSE_SU-2017-0720-1.NASL", "SUSE_SU-2017-0726-1.NASL", "SUSE_SU-2017-0839-1.NASL", "SUSE_SU-2017-1389-1.NASL", "SUSE_SU-2017-1444-1.NASL", "SUSE_SU-2017-2981-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0002-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2018-0293-1.NASL", "SUSE_SU-2018-0630-1.NASL", "SUSE_SU-2018-0645-1.NASL", "SUSE_SU-2018-0661-1.NASL", "SUSE_SU-2018-0663-1.NASL", "SUSE_SU-2018-0665-1.NASL", "SUSE_SU-2018-0694-1.NASL", "SUSE_SU-2018-0743-1.NASL", "SUSE_SU-2018-0902-1.NASL", "SUSE_SU-2018-0906-1.NASL", "SUSE_SU-2018-0925-1.NASL", "SUSE_SU-2018-0975-1.NASL", "SUSE_SU-2018-1447-1.NASL", "SUSE_SU-2018-1458-1.NASL", "SUSE_SU-2018-1690-1.NASL", "SUSE_SU-2018-1690-2.NASL", "SUSE_SU-2018-1692-1.NASL", "SUSE_SU-2018-1692-2.NASL", "SUSE_SU-2018-1738-1.NASL", "SUSE_SU-2018-1738-2.NASL", "SUSE_SU-2018-1764-1.NASL", "SUSE_SU-2018-1764-2.NASL", "SUSE_SU-2018-1938-1.NASL", "SUSE_SU-2018-1938-2.NASL", "SUSE_SU-2018-2068-1.NASL", "SUSE_SU-2018-2072-1.NASL", "SUSE_SU-2018-2083-1.NASL", "SUSE_SU-2018-2158-1.NASL", "SUSE_SU-2018-2574-1.NASL", "SUSE_SU-2018-2583-1.NASL", "SUSE_SU-2018-2649-1.NASL", "SUSE_SU-2018-2649-2.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-3045-1.NASL", "SUSE_SU-2018-3064-1.NASL", "SUSE_SU-2018-3064-2.NASL", "SUSE_SU-2018-3082-1.NASL", "SUSE_SU-2019-0049-1.NASL", "SUSE_SU-2020-0495-1.NASL", "UBUNTU_USN-3087-1.NASL", "UBUNTU_USN-3087-2.NASL", "UBUNTU_USN-3121-1.NASL", "UBUNTU_USN-3130-1.NASL", "UBUNTU_USN-3154-1.NASL", "UBUNTU_USN-3179-1.NASL", "UBUNTU_USN-3194-1.NASL", "UBUNTU_USN-3198-1.NASL", "UBUNTU_USN-3270-1.NASL", "UBUNTU_USN-3475-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-3611-1.NASL", "UBUNTU_USN-3613-1.NASL", "UBUNTU_USN-3614-1.NASL", "UBUNTU_USN-3644-1.NASL", "UBUNTU_USN-3691-1.NASL", "UBUNTU_USN-3734-1.NASL", "UBUNTU_USN-3735-1.NASL", "UBUNTU_USN-3747-1.NASL", "UBUNTU_USN-3747-2.NASL", "UBUNTU_USN-4741-1.NASL", "VIRTUALBOX_5_2_10.NASL", "VIRTUALBOX_5_2_6.NASL", "VIRTUOZZO_VZLSA-2017-0061.NASL", "VIRTUOZZO_VZLSA-2017-0180.NASL", "VIRTUOZZO_VZLSA-2017-0269.NASL", "VMWARE_ESXI_6_0_BUILD_5485776_REMOTE.NASL", "WEBSPHERE_304537.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:DECEMBER-2017-SECURITY-RELEASES", "NODEJSBLOG:MARCH-2018-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-NOVEMBER-2017", "NODEJSBLOG:SEPTEMBER-2016-SECURITY-RELEASES"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2016-2183", "OPENSSL:CVE-2017-3735", "OPENSSL:CVE-2017-3736", "OPENSSL:CVE-2017-3737", "OPENSSL:CVE-2017-3738", "OPENSSL:CVE-2018-0739"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106460", "OPENVAS:1361412562310107203", "OPENVAS:1361412562310107204", "OPENVAS:1361412562310107260", "OPENVAS:1361412562310107268", "OPENVAS:1361412562310107824", "OPENVAS:1361412562310107831", "OPENVAS:1361412562310108031", "OPENVAS:1361412562310108368", "OPENVAS:1361412562310108369", "OPENVAS:1361412562310108370", "OPENVAS:1361412562310108371", "OPENVAS:1361412562310108372", "OPENVAS:1361412562310108374", "OPENVAS:1361412562310108385", "OPENVAS:1361412562310108772", "OPENVAS:1361412562310120744", "OPENVAS:1361412562310703673", "OPENVAS:1361412562310703707", "OPENVAS:1361412562310703782", "OPENVAS:1361412562310704004", "OPENVAS:1361412562310704017", "OPENVAS:1361412562310704018", "OPENVAS:1361412562310704037", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704144", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310704166", "OPENVAS:1361412562310704185", "OPENVAS:1361412562310704190", "OPENVAS:1361412562310704225", "OPENVAS:1361412562310704268", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310809393", "OPENVAS:1361412562310809782", "OPENVAS:1361412562310809784", "OPENVAS:1361412562310811719", "OPENVAS:1361412562310811720", "OPENVAS:1361412562310812320", "OPENVAS:1361412562310812321", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812637", "OPENVAS:1361412562310812638", "OPENVAS:1361412562310812639", "OPENVAS:1361412562310812640", "OPENVAS:1361412562310812641", "OPENVAS:1361412562310812642", "OPENVAS:1361412562310812643", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310813098", "OPENVAS:1361412562310813301", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310813305", "OPENVAS:1361412562310813306", "OPENVAS:1361412562310813307", "OPENVAS:1361412562310813310", "OPENVAS:1361412562310813311", "OPENVAS:1361412562310813312", "OPENVAS:1361412562310813682", "OPENVAS:1361412562310813683", "OPENVAS:1361412562310813686", "OPENVAS:1361412562310813687", "OPENVAS:1361412562310813691", "OPENVAS:1361412562310813712", "OPENVAS:1361412562310813713", "OPENVAS:1361412562310813727", "OPENVAS:1361412562310813734", "OPENVAS:1361412562310842896", "OPENVAS:1361412562310842898", "OPENVAS:1361412562310842941", "OPENVAS:1361412562310842952", "OPENVAS:1361412562310842989", "OPENVAS:1361412562310843026", "OPENVAS:1361412562310843048", "OPENVAS:1361412562310843052", "OPENVAS:1361412562310843145", "OPENVAS:1361412562310843360", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310843490", "OPENVAS:1361412562310843491", "OPENVAS:1361412562310843522", "OPENVAS:1361412562310843568", "OPENVAS:1361412562310843609", "OPENVAS:1361412562310843610", "OPENVAS:1361412562310843622", "OPENVAS:1361412562310843634", "OPENVAS:1361412562310851397", "OPENVAS:1361412562310851399", "OPENVAS:1361412562310851406", "OPENVAS:1361412562310851412", "OPENVAS:1361412562310851436", "OPENVAS:1361412562310851438", "OPENVAS:1361412562310851485", "OPENVAS:1361412562310851494", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851703", "OPENVAS:1361412562310851714", "OPENVAS:1361412562310851717", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851786", "OPENVAS:1361412562310851789", "OPENVAS:1361412562310851840", "OPENVAS:1361412562310851845", "OPENVAS:1361412562310851869", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310851935", "OPENVAS:1361412562310851963", "OPENVAS:1361412562310851989", "OPENVAS:1361412562310852013", "OPENVAS:1361412562310852014", "OPENVAS:1361412562310852228", "OPENVAS:1361412562310871663", "OPENVAS:1361412562310871672", "OPENVAS:1361412562310871713", "OPENVAS:1361412562310871743", "OPENVAS:1361412562310871749", "OPENVAS:1361412562310871758", "OPENVAS:1361412562310873202", "OPENVAS:1361412562310873247", "OPENVAS:1361412562310873261", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873673", "OPENVAS:1361412562310873728", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310874108", "OPENVAS:1361412562310874109", "OPENVAS:1361412562310874313", "OPENVAS:1361412562310874318", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874832", "OPENVAS:1361412562310874838", "OPENVAS:1361412562310882566", "OPENVAS:1361412562310882569", "OPENVAS:1361412562310882578", "OPENVAS:1361412562310882579", "OPENVAS:1361412562310882591", "OPENVAS:1361412562310882600", "OPENVAS:1361412562310882630", "OPENVAS:1361412562310882631", "OPENVAS:1361412562310882632", "OPENVAS:1361412562310882639", "OPENVAS:1361412562310882640", "OPENVAS:1361412562310882655", "OPENVAS:1361412562310882656", "OPENVAS:1361412562310882657", "OPENVAS:1361412562310882830", "OPENVAS:1361412562310882831", "OPENVAS:1361412562310882845", "OPENVAS:1361412562310882846", "OPENVAS:1361412562310882871", "OPENVAS:1361412562310882873", "OPENVAS:1361412562310882893", "OPENVAS:1361412562310882906", "OPENVAS:1361412562310882919", "OPENVAS:1361412562310882926", "OPENVAS:1361412562310882929", "OPENVAS:1361412562310882930", "OPENVAS:1361412562310882931", "OPENVAS:1361412562310890821", "OPENVAS:1361412562310891330", "OPENVAS:1361412562310891339", "OPENVAS:1361412562310891590", "OPENVAS:1361412562310892091", "OPENVAS:1361412562310910002", "OPENVAS:1361412562311220161080", "OPENVAS:1361412562311220161090", "OPENVAS:1361412562311220171015", "OPENVAS:1361412562311220171016", "OPENVAS:1361412562311220171027", "OPENVAS:1361412562311220171028", "OPENVAS:1361412562311220181027", "OPENVAS:1361412562311220181028", "OPENVAS:1361412562311220181058", "OPENVAS:1361412562311220181059", "OPENVAS:1361412562311220181115", "OPENVAS:1361412562311220181128", "OPENVAS:1361412562311220181129", "OPENVAS:1361412562311220181130", "OPENVAS:1361412562311220181131", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220181193", "OPENVAS:1361412562311220181195", "OPENVAS:1361412562311220181292", "OPENVAS:1361412562311220181293", "OPENVAS:1361412562311220181294", "OPENVAS:1361412562311220181295", "OPENVAS:1361412562311220181339", "OPENVAS:1361412562311220181392", "OPENVAS:1361412562311220181420", "OPENVAS:1361412562311220191009", "OPENVAS:1361412562311220191084", "OPENVAS:1361412562311220191164", "OPENVAS:1361412562311220191185", "OPENVAS:1361412562311220191201", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191403", "OPENVAS:1361412562311220191434", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220192509", "OPENVAS:1361412562311220192643", "OPENVAS:703673", "OPENVAS:703707", "OPENVAS:703782"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-1940", "ELSA-2016-2079", "ELSA-2016-2658", "ELSA-2016-3621", "ELSA-2016-3627", "ELSA-2017-0061", "ELSA-2017-0180", "ELSA-2017-0269", "ELSA-2018-0095", "ELSA-2018-0349", "ELSA-2018-0998", "ELSA-2018-1188", "ELSA-2018-1191", "ELSA-2018-1270", "ELSA-2018-1278", "ELSA-2018-2123", "ELSA-2018-2241", "ELSA-2018-2242", "ELSA-2018-2283", "ELSA-2018-2286", "ELSA-2018-3041", "ELSA-2018-3090", "ELSA-2018-3221", "ELSA-2018-4077", "ELSA-2018-4187", "ELSA-2018-4228", "ELSA-2018-4229", "ELSA-2018-4267", "ELSA-2019-2471", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:CVE-2016-2183", "OSV:CVE-2017-3735", "OSV:DLA-1157-1", "OSV:DLA-1330-1", "OSV:DLA-1339-1", "OSV:DLA-1590-1", "OSV:DLA-2091-1", "OSV:DLA-2342-1", "OSV:DLA-637-1", "OSV:DLA-704-1", "OSV:DLA-821-1", "OSV:DSA-3673-1", "OSV:DSA-3673-2", "OSV:DSA-3707-1", "OSV:DSA-3782-1", "OSV:DSA-4004-1", "OSV:DSA-4017-1", "OSV:DSA-4018-1", "OSV:DSA-4037-1", "OSV:DSA-4065-1", "OSV:DSA-4144-1", "OSV:DSA-4157-1", "OSV:DSA-4158-1", "OSV:DSA-4166-1", "OSV:DSA-4185-1", "OSV:DSA-4190-1", "OSV:DSA-4225-1", "OSV:DSA-4268-1", "OSV:GHSA-7VGJ-8MW4-HG8R", "OSV:GHSA-C27H-MCMW-48HV", "OSV:GHSA-CGGJ-FVV3-CQWV", "OSV:GHSA-H592-38CM-4GGP", "OSV:GHSA-QXXX-2PP7-5HMX", "OSV:GHSA-RFX6-VP9G-RH7V", "OSV:GHSA-W3F4-3Q6J-RH82"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142756", "PACKETSTORM:143369"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-0013", "PHSA-2018-0039", "PHSA-2018-0077", "PHSA-2018-0097", "PHSA-2018-0130", "PHSA-2018-0167", "PHSA-2018-0192", "PHSA-2018-1.0-0097-A", "PHSA-2018-1.0-0101", "PHSA-2018-1.0-0130", "PHSA-2018-1.0-0167", "PHSA-2018-2.0-0013", "PHSA-2018-2.0-0039", "PHSA-2018-2.0-0077", "PHSA-2020-0084", "PHSA-2020-3.0-0084"]}, {"type": "redhat", "idList": ["RHSA-2016:1940", "RHSA-2016:2079", "RHSA-2016:2088", "RHSA-2016:2089", "RHSA-2016:2090", "RHSA-2016:2136", "RHSA-2016:2137", "RHSA-2016:2138", "RHSA-2016:2658", "RHSA-2016:2659", "RHSA-2017:0061", "RHSA-2017:0175", "RHSA-2017:0176", "RHSA-2017:0177", "RHSA-2017:0180", "RHSA-2017:0263", "RHSA-2017:0269", "RHSA-2017:0336", "RHSA-2017:0337", "RHSA-2017:0338", "RHSA-2017:0462", "RHSA-2017:1216", "RHSA-2017:1834", "RHSA-2017:1835", "RHSA-2017:1836", "RHSA-2017:1837", "RHSA-2017:1839", "RHSA-2017:1840", "RHSA-2017:2477", "RHSA-2017:2546", "RHSA-2017:2547", "RHSA-2017:2633", "RHSA-2017:2635", "RHSA-2017:2636", "RHSA-2017:2637", "RHSA-2017:2638", "RHSA-2017:2708", "RHSA-2017:2709", "RHSA-2017:2710", "RHSA-2017:3113", "RHSA-2017:3114", "RHSA-2017:3141", "RHSA-2017:3189", "RHSA-2017:3190", "RHSA-2017:3239", "RHSA-2017:3240", "RHSA-2017:3454", "RHSA-2017:3455", "RHSA-2017:3456", "RHSA-2017:3458", "RHSA-2018:0095", "RHSA-2018:0099", "RHSA-2018:0100", "RHSA-2018:0115", "RHSA-2018:0116", "RHSA-2018:0294", "RHSA-2018:0342", "RHSA-2018:0349", "RHSA-2018:0351", "RHSA-2018:0352", "RHSA-2018:0458", "RHSA-2018:0478", "RHSA-2018:0479", "RHSA-2018:0480", "RHSA-2018:0481", "RHSA-2018:0521", "RHSA-2018:0576", "RHSA-2018:0577", "RHSA-2018:0998", "RHSA-2018:1188", "RHSA-2018:1191", "RHSA-2018:1201", "RHSA-2018:1202", "RHSA-2018:1203", "RHSA-2018:1204", "RHSA-2018:1205", "RHSA-2018:1206", "RHSA-2018:1270", "RHSA-2018:1278", "RHSA-2018:1447", "RHSA-2018:1448", "RHSA-2018:1449", "RHSA-2018:1450", "RHSA-2018:1451", "RHSA-2018:1463", "RHSA-2018:1525", "RHSA-2018:1721", "RHSA-2018:1722", "RHSA-2018:1723", "RHSA-2018:1724", "RHSA-2018:1786", "RHSA-2018:1812", "RHSA-2018:1974", "RHSA-2018:1975", "RHSA-2018:2088", "RHSA-2018:2089", "RHSA-2018:2090", "RHSA-2018:2123", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:2241", "RHSA-2018:2242", "RHSA-2018:2253", "RHSA-2018:2254", "RHSA-2018:2255", "RHSA-2018:2256", "RHSA-2018:2283", "RHSA-2018:2286", "RHSA-2018:2423", "RHSA-2018:2424", "RHSA-2018:2425", "RHSA-2018:2428", "RHSA-2018:2568", "RHSA-2018:2569", "RHSA-2018:2575", "RHSA-2018:2576", "RHSA-2018:2712", "RHSA-2018:2713", "RHSA-2018:2927", "RHSA-2018:2930", "RHSA-2018:2938", "RHSA-2018:2939", "RHSA-2018:3007", "RHSA-2018:3008", "RHSA-2018:3090", "RHSA-2018:3221", "RHSA-2018:3505", "RHSA-2019:0366", "RHSA-2019:0367", "RHSA-2019:0910", "RHSA-2019:1245", "RHSA-2019:1711", "RHSA-2019:1712", "RHSA-2019:1782", "RHSA-2019:1797", "RHSA-2019:2858", "RHSA-2019:2859", "RHSA-2019:3149", "RHSA-2019:3892", "RHSA-2020:0451", "RHSA-2020:2562", "RHSA-2020:3842", "RHSA-2021:0308", "RHSA-2021:2438"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-5597", "RH:CVE-2017-12624", "RH:CVE-2017-15095", "RH:CVE-2017-15896", "RH:CVE-2017-17485", "RH:CVE-2017-3735", "RH:CVE-2017-3736", "RH:CVE-2017-3737", "RH:CVE-2017-3738", "RH:CVE-2017-7525", "RH:CVE-2018-0739", "RH:CVE-2018-12539", "RH:CVE-2018-1517", "RH:CVE-2018-1656", "RH:CVE-2018-2579", "RH:CVE-2018-2582", "RH:CVE-2018-2588", "RH:CVE-2018-2599", "RH:CVE-2018-2602", "RH:CVE-2018-2603", "RH:CVE-2018-2618", "RH:CVE-2018-2629", "RH:CVE-2018-2633", "RH:CVE-2018-2634", "RH:CVE-2018-2637", "RH:CVE-2018-2638", "RH:CVE-2018-2639", "RH:CVE-2018-2641", "RH:CVE-2018-2657", "RH:CVE-2018-2663", "RH:CVE-2018-2677", "RH:CVE-2018-2678", "RH:CVE-2018-2783", "RH:CVE-2018-2790", "RH:CVE-2018-2794", "RH:CVE-2018-2795", "RH:CVE-2018-2796", "RH:CVE-2018-2797", "RH:CVE-2018-2798", "RH:CVE-2018-2799", "RH:CVE-2018-2800", "RH:CVE-2018-2814", "RH:CVE-2018-2940", "RH:CVE-2018-2952", "RH:CVE-2018-2964", "RH:CVE-2018-2973", "RH:CVE-2018-5968", "RH:CVE-2018-7489", "RH:CVE-2019-10202", "RH:CVE-2023-0296"]}, {"type": "seebug", "idList": ["SSV:92962", "SSV:93135", "SSV:96913", "SSV:97076", "SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2016-266-01", "SSA-2016-363-01", "SSA-2017-306-02", "SSA-2017-342-01", "SSA-2018-087-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2391-1", "OPENSUSE-SU-2016:2407-1", "OPENSUSE-SU-2016:2496-1", "OPENSUSE-SU-2016:2537-1", "OPENSUSE-SU-2016:2862-1", "OPENSUSE-SU-2016:2985-1", "OPENSUSE-SU-2017:0374-1", "OPENSUSE-SU-2017:0513-1", "OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:0458-1", "OPENSUSE-SU-2018:0679-1", "OPENSUSE-SU-2018:0684-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:1710-1", "OPENSUSE-SU-2018:1719-1", "OPENSUSE-SU-2018:2206-1", "OPENSUSE-SU-2018:2208-1", "OPENSUSE-SU-2018:2238-1", "OPENSUSE-SU-2018:2247-1", "OPENSUSE-SU-2018:2293-1", "OPENSUSE-SU-2018:2524-1", "OPENSUSE-SU-2018:2695-1", "OPENSUSE-SU-2018:3057-1", "OPENSUSE-SU-2018:3103-1", "OPENSUSE-SU-2019:0042-1", "SUSE-SU-2016:2387-1", "SUSE-SU-2016:2394-1", "SUSE-SU-2016:2458-1", "SUSE-SU-2016:2468-1", "SUSE-SU-2016:2469-1", "SUSE-SU-2016:2470-1", "SUSE-SU-2016:2470-2", "SUSE-SU-2016:2887-1", "SUSE-SU-2016:3010-1", "SUSE-SU-2016:3040-1", "SUSE-SU-2016:3041-1", "SUSE-SU-2016:3043-1", "SUSE-SU-2016:3068-1", "SUSE-SU-2016:3078-1", "SUSE-SU-2017:0346-1", "SUSE-SU-2017:0460-1", "SUSE-SU-2017:0490-1", "SUSE-SU-2017:1444-1", "SUSE-SU-2017:2699-1", "SUSE-SU-2017:2700-1", "SUSE-SU-2017:2968-1", "SUSE-SU-2017:2981-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0112-1", "SUSE-SU-2018:0630-1", "SUSE-SU-2018:0645-1", "SUSE-SU-2018:0661-1", "SUSE-SU-2018:0663-1", "SUSE-SU-2018:0665-1", "SUSE-SU-2018:0694-1", "SUSE-SU-2018:0743-1", "SUSE-SU-2018:0902-1", "SUSE-SU-2018:0905-1", "SUSE-SU-2018:0906-1", "SUSE-SU-2018:0975-1"]}, {"type": "symantec", "idList": ["SMNTC-1392", "SMNTC-1423", "SMNTC-1428", "SMNTC-1443"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "threatpost", "idList": ["THREATPOST:76E9C3B4FF9F862F31CF7EBE00893BDF", "THREATPOST:92734AB0515417387ACE7EE44D1D5100", "THREATPOST:99C5E70D89447B8402B9FBA7381541F0", "THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "ubuntu", "idList": ["USN-3087-1", "USN-3087-2", "USN-3121-1", "USN-3130-1", "USN-3154-1", "USN-3179-1", "USN-3194-1", "USN-3198-1", "USN-3270-1", "USN-3372-1", "USN-3475-1", "USN-3512-1", "USN-3611-1", "USN-3611-2", "USN-3613-1", "USN-3614-1", "USN-3644-1", "USN-3691-1", "USN-3734-1", "USN-3735-1", "USN-3747-1", "USN-3747-2", "USN-4741-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-2183", "UB:CVE-2016-5547", "UB:CVE-2016-5548", "UB:CVE-2016-5549", "UB:CVE-2016-5597", "UB:CVE-2017-15095", "UB:CVE-2017-15896", "UB:CVE-2017-17485", "UB:CVE-2017-3735", "UB:CVE-2017-3736", "UB:CVE-2017-3737", "UB:CVE-2017-3738", "UB:CVE-2017-7525", "UB:CVE-2018-0739", "UB:CVE-2018-1517", "UB:CVE-2018-1656", "UB:CVE-2018-2579", "UB:CVE-2018-2582", "UB:CVE-2018-2588", "UB:CVE-2018-2599", "UB:CVE-2018-2602", "UB:CVE-2018-2603", "UB:CVE-2018-2618", "UB:CVE-2018-2629", "UB:CVE-2018-2633", "UB:CVE-2018-2634", "UB:CVE-2018-2637", "UB:CVE-2018-2638", "UB:CVE-2018-2639", "UB:CVE-2018-2641", "UB:CVE-2018-2657", "UB:CVE-2018-2663", "UB:CVE-2018-2677", "UB:CVE-2018-2678", "UB:CVE-2018-2783", "UB:CVE-2018-2790", "UB:CVE-2018-2794", "UB:CVE-2018-2795", "UB:CVE-2018-2796", "UB:CVE-2018-2797", "UB:CVE-2018-2798", "UB:CVE-2018-2799", "UB:CVE-2018-2800", "UB:CVE-2018-2814", "UB:CVE-2018-2940", "UB:CVE-2018-2952", "UB:CVE-2018-2964", "UB:CVE-2018-2973", "UB:CVE-2018-5968", "UB:CVE-2018-7489"]}, {"type": "zdt", "idList": ["1337DAY-ID-27866", "1337DAY-ID-29102"]}]}, "affected_software": {"major_version": [{"name": "ibm intelligent operations center", "version": 1}, {"name": "ibm intelligent operations center", "version": 1}, {"name": "ibm intelligent operations center", "version": 1}, {"name": "ibm intelligent operations center", "version": 1}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center", "version": 5}, {"name": "ibm intelligent operations center for emergency management", "version": 1}, {"name": "ibm intelligent operations center for emergency management", "version": 5}, {"name": "ibm intelligent operations center for emergency management", "version": 5}, {"name": "ibm intelligent operations center for emergency management", "version": 5}, {"name": "ibm intelligent operations center for emergency management", "version": 5}, {"name": "ibm intelligent operations center for emergency management", "version": 5}, {"name": "ibm intelligent operations center for emergency management", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}, {"name": "ibm water operations for waternamics", "version": 5}]}, "epss": [{"cve": "CVE-2016-2183", "epss": "0.004390000", "percentile": "0.708060000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5547", "epss": "0.004430000", "percentile": "0.709000000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5548", "epss": "0.003210000", "percentile": "0.659260000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5549", "epss": "0.003210000", "percentile": "0.659260000", "modified": "2023-03-20"}, {"cve": "CVE-2016-5597", "epss": "0.005930000", "percentile": "0.750070000", "modified": "2023-03-20"}, {"cve": "CVE-2017-12624", "epss": "0.001640000", "percentile": "0.512820000", "modified": "2023-03-20"}, {"cve": "CVE-2017-15095", "epss": "0.026590000", "percentile": "0.887330000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3735", "epss": "0.031880000", "percentile": "0.896440000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3736", "epss": "0.002810000", "percentile": "0.635120000", "modified": "2023-03-20"}, {"cve": "CVE-2017-3737", "epss": "0.966690000", "percentile": "0.993630000", "modified": "2023-03-20"}, {"cve": "CVE-2017-7525", "epss": "0.776660000", "percentile": "0.976630000", "modified": "2023-03-20"}, {"cve": "CVE-2018-0739", "epss": "0.012640000", "percentile": "0.835110000", "modified": "2023-03-20"}, {"cve": "CVE-2018-12539", "epss": "0.000450000", "percentile": "0.125980000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1413", "epss": "0.001670000", "percentile": "0.517460000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1517", "epss": "0.063870000", "percentile": "0.925310000", "modified": "2023-03-20"}, {"cve": "CVE-2018-1656", "epss": "0.002430000", "percentile": "0.604790000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2579", "epss": "0.002290000", "percentile": "0.592960000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2582", "epss": "0.004680000", "percentile": "0.717080000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2588", "epss": "0.001260000", "percentile": "0.454570000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2599", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2602", "epss": "0.001190000", "percentile": "0.443930000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2603", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2618", "epss": "0.002190000", "percentile": "0.581450000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2629", "epss": "0.002610000", "percentile": "0.621000000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2633", "epss": "0.003780000", "percentile": "0.686640000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2634", "epss": "0.002060000", "percentile": "0.568650000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2637", "epss": "0.002460000", "percentile": "0.608030000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2638", "epss": "0.009780000", "percentile": "0.811090000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2639", "epss": "0.006030000", "percentile": "0.752310000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2641", "epss": "0.002460000", "percentile": "0.607930000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2657", "epss": "0.010280000", "percentile": "0.815520000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2663", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2677", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2678", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2783", "epss": "0.001960000", "percentile": "0.557630000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2790", "epss": "0.001980000", "percentile": "0.559070000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2794", "epss": "0.000960000", "percentile": "0.387450000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2795", "epss": "0.002610000", "percentile": "0.620730000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2796", "epss": "0.002610000", "percentile": "0.620730000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2797", "epss": "0.002610000", "percentile": "0.620730000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2798", "epss": "0.002610000", "percentile": "0.620730000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2799", "epss": "0.001530000", "percentile": "0.498010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2800", "epss": "0.001980000", "percentile": "0.559070000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2814", "epss": "0.002630000", "percentile": "0.621950000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2940", "epss": "0.001710000", "percentile": "0.524180000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2952", "epss": "0.001440000", "percentile": "0.485660000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2964", "epss": "0.006540000", "percentile": "0.763140000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2973", "epss": "0.004410000", "percentile": "0.708400000", "modified": "2023-03-20"}], "vulnersScore": 0.9}, "_state": {"score": 1684017862, "dependencies": 1677016046, "affected_software_major_version": 1677394894, "epss": 1679361349}, "_internal": {"score_hash": "f6bfcf0886b9f4c906581bc41ef982eb"}, "affectedSoftware": [{"version": "1.6.0", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "1.6.0.1", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "1.6.0.2", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "1.6.0.3", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.1", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.2", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.3", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.4", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.5", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.6", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.7", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.8", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.9", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.10", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.11", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.12", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.13", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "5.1.0.14", "operator": "eq", "name": "ibm intelligent operations center"}, {"version": "1.6", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1.0.2", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1.0.3", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1.0.4", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1.0.5", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1.0.6", "operator": "eq", "name": "ibm intelligent operations center for emergency management"}, {"version": "5.1", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.0.1", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.0.2", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.0.3", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.0.4", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.0.5", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.0.6", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.1", "operator": "eq", "name": "ibm water operations for waternamics"}, {"version": "5.2.1.1", "operator": "eq", "name": "ibm water operations for waternamics"}]}

{"ibm": [{"lastseen": "2023-02-21T21:48:15", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Cognos Business Intelligence, and the components it ships with, that are used by Rational Reporting for Development Intelligence (RRDI). \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition Version 7 that is used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. \n \nIBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Business Intelligence has upgraded WLP to a version that addresses the vulnerability. \n \nA deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. \n \nIBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>) \n**DESCRIPTION:** IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 5.0, 5.0.1 and 5.0.2 | Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\nNote: If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\nApply the recommended fixes to all affected versions of RRDI. \n \n**RRDI 5.0 and 5.0.1 and 5.0.2 **\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 1](<http://www-01.ibm.com/support/docview.wss?uid=swg22016749>) and [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 2](<http://www-01.ibm.com/support/docview.wss?uid=ibm10717533>) for addressing the listed vulnerability in the underlying Jazz Team Server.\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23 (Implemented by file 10.2.5013.514)](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) . \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-23T19:15:21", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-08-23T19:15:21", "id": "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "href": "https://www.ibm.com/support/pages/node/719163", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:54", "description": "## Summary\n\nFixes of Cognos Business Intelligence are provided as part of TCR fixes \n \nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 and IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. \n \nA deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. \n \nIBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>) \n**DESCRIPTION:** IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nTivoli Common Reporting 3.1\n\nTivoli Common Reporting 3.1.0.1\n\nTivoli Common Reporting 3.1.0.2\n\nTivoli Common Reporting 3.1.2\n\nTivoli Common Reporting 3.1.2.1\n\nTivoli Common Reporting 3.1.3\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Tivoli Common Reporting Release** | **Remediation** \n---|--- \n3.1.0.0 through 3.1.2 | \n\nDownload \"IBM Cognos Business Intelligence 10.2 Interim Fix 27\" by accessing link <https://www-01.ibm.com/support/docview.wss?uid=swg24044958>\n\nInstall \"IBM Cognos Business Intelligence 10.2 Interim Fix 27\" by following steps listed in [ http://www-01.ibm.com/support/docview.wss?uid=swg21967299](< http://www-01.ibm.com/support/docview.wss?uid=swg21967299>) \n \n3.1.2.1 | \n\nDownload \"IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23\" by accessing link <https://www-01.ibm.com/support/docview.wss?uid=swg24044958>\n\nInstall \"IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23\" by following steps listed in [ http://www-01.ibm.com/support/docview.wss?uid=swg21967299](< http://www-01.ibm.com/support/docview.wss?uid=swg21967299>) \n \n3.1.3 | \n\nDownload \"IBM Cognos Business Intelligence 10.2.2 Interim Fix 19\" by accessing link <https://www-01.ibm.com/support/docview.wss?uid=swg24044958>\n\nInstall \"IBM Cognos Business Intelligence 10.2.2 Interim Fix 19\" by following steps listed in <https://www.ibm.com/support/knowledgecenter/SSEKCU_1.1.3.0/com.ibm.psc.doc/tcr_original/ttcr_cognos_out_tcr.html> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-14T13:00:02", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting (TCR) 2018Q2 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-11-14T13:00:02", "id": "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "href": "https://www.ibm.com/support/pages/node/737223", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:17", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Cognos Business Intelligence, and the components it ships with, that are used by Rational Insight. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition Version 7 that is used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. \n \nIBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Business Intelligence has upgraded WLP to a version that addresses the vulnerability. \n \nA deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. \n \nIBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>) \n**DESCRIPTION:** IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6 | Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7 | Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\nNote: If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 **\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 1](<http://www-01.ibm.com/support/docview.wss?uid=swg22016749>) and [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 2](<http://www-01.ibm.com/support/docview.wss?uid=ibm10717533>) for addressing the listed vulnerability in the underlying Jazz Team Server.\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23 (Implemented by file 10.2.5013.514)](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) . \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-23T19:17:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Insight", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-08-23T19:17:01", "id": "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "href": "https://www.ibm.com/support/pages/node/719165", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:22", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence Controller. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 and the IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that are used by IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0 and 10.3.1. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Controller versions 10.2.0, 10.2.1 and 10.3.0. \n \nThere is a potential denial of service in Apache CXF which affects IBM Cognos Controller versions 10.2.0, 10.2.1 and 10.3.0.\n\n## Vulnerability Details\n\n**CVEs applicable for IBM Cognos Controller 10.2.0, 10.2.1 and 10.3.0:**\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEs applicable for IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0 and 10.3.1:**\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID: **[CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.3.1 \nIBM Cognos Controller 10.3.0 \nIBM Cognos Controller 10.2.1 \nIBM Cognos Controller 10.2.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical: \n \nIBM Cognos Controller 10.3.1: http://www.ibm.com/support/docview.wss?uid=ibm10718767 \nIBM Cognos Controller 10.3.0: http://www.ibm.com/support/docview.wss?uid=ibm10718767 \nIBM Cognos Controller 10.2.1: http://www.ibm.com/support/docview.wss?uid=ibm10718767 \nIBM Cognos Controller 10.2.0: http://www.ibm.com/support/docview.wss?uid=ibm10718767\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-03-21T18:10:01", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller 2018Q3 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2018-0739", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2019-03-21T18:10:01", "id": "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "href": "https://www.ibm.com/support/pages/node/717121", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:47:10", "description": "## Summary\n\nThere are multiple vulnerabilities in SDK Java\u2122 Technology Edition used by IBM b-type SAN directors and switches. These issues were disclosed as part of the Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137880> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nProducts | VRMF \n---|--- \nIBM Network Advisor | all VRMFs prior to 14.4.2 \n \n## Remediation/Fixes\n\nProduct | VRMF | Fix \n---|---|--- \nIBM Network Advisor | 14.4.2 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=SAN%20management%20software&amp;product=ibm/StorageAreaNetwork/Network+Advisor&amp;release=14.x&amp;platform=All&amp;function=all \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-10-02T14:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-10-02T14:15:01", "id": "CE226AE24A6E2D3DE67C38C0C6A7A613A0DDDDABCC8ACB8CAFB1CB1EE2157689", "href": "https://www.ibm.com/support/pages/node/733527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, and IBM Control Desk. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following IBM Java versions are affected: \n\n\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases\n * IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases\n * IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases\n \nIt is likely that earlier unsupported versions are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers running unsupported versions upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities. \n\n## Remediation/Fixes\n\nThere are two areas where the vulnerabilities in the Java SDK/JDK or JRE may require remediation: \n \n1\\. Application Server \u2013 Update the Websphere Application Server. Refer to [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) for additional information on updating and maintaining the JDK component within Websphere. Customers with Oracle Weblogic Server, which is not an IBM product and is not shipped by IBM, will also want to update their server. \n \n2\\. Browser Client - Update the Java plug-in used by the browser on client systems, using the remediated JRE version referenced on [_developerWorks JavaTM Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>) or referenced on [_Oracle\u2019s latest Critical Patch Update_](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) (which can be accessed via [_developerWorks JavaTM Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>)). Updating the browser Java plug-in may impact some applets such as Maximo Asset Management Scheduler. Download from IBM FixCentral the latest [_Maximo Asset Management Fix Pack_](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=All&platform=All&function=all&source=fc>). \n \nDue to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.\n\n## Workarounds and Mitigations\n\nUntil you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:49:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T15:49:58", "id": "089455FB91FDFE7E0E828CF6E910A5D0E5BA1A056A27C13F87FC0F4D9B5A116A", "href": "https://www.ibm.com/support/pages/node/567435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:53:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM(R) SDK Java(TM) Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**Summary**\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n**Vulnerability Details**\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>)\n\n**Description:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.\n\nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>)\n\n**Description:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.\n\nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)\n\n**Description:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system.\n\nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)\n\n**Description:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>)\n\n**Description:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)\n\n**Description:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)\n\n**Description:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)\n\n**Description:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)\n\n**Description:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>)\n\n**Description:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137880> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)\n\n**Description:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)\n\n**Description:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.\n\nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)\n\n**Description:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.\n\nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)\n\n**Description:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)\n\n**Description:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)\n\n**Description:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)\n\n**Description:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)\n\n**Description:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**Affected Products and Versions**\n\nProduct | Version \n---|--- \nIBM Fabric Manager | 4.1 \n \n**Remediation/Fixes**\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nProduct | Fixed Version \n---|--- \nIBM Fabric Manager \n(ibm_sw_ifm-4.1.12.0057_linux_32-64.bin) \n(ibm_sw_ifm-4.1.12.0057_windows_32-64.exe) | 4.1.12.0057 \n \n**Workarounds and Mitigations**\n\nNone.\n\n**References**\n\n * [Complete CVSS V3 Guide](<http://www.first.org/cvss/user-guide>)\n * [On-line Calculator V3](<http://www.first.org/cvss/calculator/3.0>)\n * [IBM Java SDK Security Bulletin](<http://www.ibm.com/support/docview.wss?uid=swg22012965>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n26 March, 2018: Original Version Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-01-28T04:05:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-01-28T04:05:01", "id": "FC7CF2AAADA390A2F462964257D0D7991FF5A6813C6B635D5C2864BCDA584DFB", "href": "https://www.ibm.com/support/pages/node/842572", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8, Service Refresh 5 used by IBM Streams. IBM Streams has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * IBM Streams Version 4.2.1.3 and earlier \n * IBM InfoSphere Streams Version 4.1.1.5 and earlier \n * IBM InfoSphere Streams Version 4.0.1.5 and earlier \n * IBM InfoSphere Streams Version 3.2.1.6 and earlier \n * IBM InfoSphere Streams Version 3.1.0.8 and earlier \n * IBM InfoSphere Streams Version 3.0.0.6 and earlier\n\n## Remediation/Fixes\n\n**NOTE:** Fix Packs are available on IBM Fix Central. \n \nTo remediate/fix this issue, follow the instructions below: \n\n * Version 4.2.x: Apply [_4.2.1 Fix Pack 4 (4.2.1.4) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>).\n * Version 4.1.x: Apply [_4.1.1 Fix Pack 6 (4.1.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>).\n * Version 4.0.x: Apply [_4.0.1 Fix Pack 6 (4.0.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>).\n * Versions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T14:20:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Streams", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-16T14:20:00", "id": "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "href": "https://www.ibm.com/support/pages/node/570185", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018. \n\n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION: **Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium**\n\n| \n**Affected Versions** \n---|--- \nIBM Security Guardium | \n10.0-10.5 \n \n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium | 10.0-10.5 | [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/\u2026](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p505_Bundle_Jun-24-2018&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-09-07T15:14:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-09-07T15:14:08", "id": "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "href": "https://www.ibm.com/support/pages/node/715207", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0.10.15 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of IBM SDK, Java Technology Edition Quarterly CPU - Jan 2018 - Includes Oracle Jan 2018 CPU. [&lt;/ br&gt;] [&lt;/ br&gt;] \nIBM Cloud Manager with OpenStack has addressed these vulnerabilities. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you must evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Cloud Manager with OpenStack| 4.3 \nbr&gt; \nbr&gt;\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Cloud Manager with OpenStack| 4.3| Upgrade to 4.3 FP 10: \n[**_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&amp;fixids=4.3.0.10-IBM-CMWO-FP10&amp;source=SAR_**](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.10-IBM-CMWO-FP10&source=SAR>) \nbr&gt; \nbr&gt;\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-08T04:13:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-08-08T04:13:55", "id": "6C45A29D024C9D6F0CAB22E79C478F9FCA9379B61519F60C5A7C254D98E20DDE", "href": "https://www.ibm.com/support/pages/node/664851", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by z/TPF. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nz/TPF Enterprise Edition Version 1.1.14 - 1.1.15\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nz/TPF| 1.1.14 - 1.1.15| PJ45246| Download and install the `PJ45246_ibm-java-jre-8.0-5.10.tar.gz` package from the [IBM 64-bit Runtime Environment for z/TPF, Java Technology Edition, Version 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24043118>) download page. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:09:02", "id": "21C909AA925BE0E93928A0ED421E76EC14F61544DF856B3B672A7C484A22B9C6", "href": "https://www.ibm.com/support/pages/node/568141", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6, 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137891](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137870](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137880](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137933](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137833](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2018-1417](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/138823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nPlatform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1 \n\nPlatform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1\n\nPlatform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1\n\nSpectrum Cluster Foundation 4.2.2\n\n## Remediation/Fixes\n\n**Platform Cluster Manager 4.1.x &amp; Platform HPC 4.1.x**\n\n1\\. Download IBM JRE 6.0 x86_64 from the following location: [_http://www.ibm.com/support/fixcentral_](<http://www.ibm.com/support/fixcentral>). (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n\n3\\. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n\n4\\. On the management node, stop GUI and PERF services\n\nHA disabled:# pmcadmin stop \n# perfadmin stop allHA enabled:# egosh user logon -u Admin -x Admin \n# egosh service stop all\n\n5\\. On management node, extract new JRE files and replace some old folders with new ones.\n\n# tar -zxvf ibm-java-jre-6.0-16.60-linux-x86_64.tgz \n# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-60/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-60/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-60/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n6\\. On management node, start GUI and PERF services\n\nHA disabled:# pmcadmin start \n# perfadmin start allHA enabled:# egosh user logon -u Admin -x Admin \n# egosh service start all\n\n**Platform Cluster Manager 4.2.x &amp; Platform HPC 4.2.x &amp; Spectrum Cluster Foundation 4.2.2**\n\n1\\. Download IBM JRE 7.0 x86_64 from the following location: [_http://www.ibm.com/support/fixcentral_](<http://www.ibm.com/support/fixcentral>). (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n\n3\\. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n\n4\\. On the management node, stop GUI and PERF services\n\n# pcmadmin service stop --group ALL\n\n5\\. On management node, extract new JRE files and replace some old folders with new ones.\n\n# tar -zxvf ibm-java-jre-7.0-10.20-linux-x86_64.tgz \n# mv /opt/pcm/jre/bin /opt/pcm/jre/bin-old \n# mv /opt/pcm/jre/lib /opt/pcm/jre/lib-old \n# mv /opt/pcm/jre/plugin /opt/pcm/jre/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/jre/# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n6\\. On management node, start GUI and PERF services\n\n# pcmadmin service start --group ALL\n\n7\\. If high availability is enabled, start up standby management node, and replace bin, lib, plugin folders under /opt/pcm/web-portal/jre/linux-x86_64, on standby management node.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-05-23T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-05-23T05:10:01", "id": "3CC25C048EFF153229D754CCC6D44E3776394424BB1F44D1F35AEC5747AAB64B", "href": "https://www.ibm.com/support/pages/node/706173", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:50:38", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_Not Applicable_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=Not%20Applicable>) \n**DESCRIPTION: **Use this if you deliver IBM Java and are N/A to the IBM Java SDK update vulnerabilities because the vulnerabilities could not be exploited by your product. However, customers could run their own Java code using the IBM Java Runtime delivered with your product. \nCVSS Base Score: 0 \nCVSS Temporal Score: See for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: () \n \n**CVEID: **[_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION: **Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nSpectrum LSF Analytics: 9.1.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nSpectrum LSF Analytics | 9.1.4 | _None_ | 1\\. Download LSF Analytics 9.1.4 Fix 486808 installation package from the following location: <http://www.ibm.com/support/fixcentral>. Select the fix for download after searching product 'Platform Analytics' and version '9.1.4'. \n2\\. Install the package by LSF Analytics 9.1.4 Fix 486808 README file. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-09T11:21:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-07-09T11:21:26", "id": "0A3185367C4C819CB6D1F686A54CF066C2C0634F508315519FDBA3FECD7B7689", "href": "https://www.ibm.com/support/pages/node/713929", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:42:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM i.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected. \n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to the IBM i Operating System. \n \nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \n \nPlease see the Java document at this URL for the latest Java information for IBM i: \n[_https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Java%20on%20IBM%20i_](<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Java%20on%20IBM%20i>) \n \nThe IBM i Group PTF numbers containing the fix for these CVEs follow. Future Group PTFs for Java will also contain the fixes for these CVEs. \n \n** Release 7.1 \u2013 SF99572 level 31** \n** Release 7.2 \u2013 SF99716 level 16** \n**Release 7.3 \u2013 SF99725 level 8** \n \n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-12-18T14:26:38", "id": "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "href": "https://www.ibm.com/support/pages/node/688037", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:50:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK quarterly updates in January 2018. IBM PureApplication System has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM PureApplication System V2.2.3.0 \nIBM PureApplication System V2.2.3.1 \nIBM PureApplication System V2.2.3.2 \nIBM PureApplication System V2.2.4.0 \nIBM PureApplication System V2.2.5.0 \nIBM PureApplication System V2.2.5.1\n\n## Remediation/Fixes\n\nThe PureSystems\u00ae Managers on IBM PureApplication System is affected. The solution is to upgrade the IBM PureApplication System to the following fix level: \n \nIBM PureApplication System V2.2.5.2. \n \nIBM recommends upgrading to a fixed version of the product. Contact IBM for assistance. \n \nBluemix Local System is the evolution of the IBM PureApplication\u00ae System Intel\u2122 based offerings. \n \n**_AIX_** \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=2.2.5.2&amp;platform=All&amp;function=fixId&amp;fixids=Java_Update_AIX_Apr_2018-sys&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=ddp](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=All&function=fixId&fixids=Java_Update_AIX_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n**_Linux_** \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=2.2.5.2&amp;platform=Linux&amp;function=fixId&amp;fixids=Java_Update_Linux_Apr_2018-sys&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=ddp](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=Linux&function=fixId&fixids=Java_Update_Linux_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n**_Windows_** \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=2.2.5.2&amp;platform=Linux&amp;function=fixId&amp;fixids=Java_Update_Windows_Apr_2018-sys&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=ddp](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=Linux&function=fixId&fixids=Java_Update_Windows_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \nInformation about upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-02T14:53:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-07-02T14:53:57", "id": "308C17C0C6FCE405B0E11B61D017D5167AF357A61BC5A5CACF4B9D2A53C4762F", "href": "https://www.ibm.com/support/pages/node/715233", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:24", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n \nSpectrum LSF Analytics: v9.1.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/Fixes_ \n---|---|---|--- \nSpectrum LSF Analytics| 9.1.4| None| 1\\. Download LSF Analytics 9.1.4 Fix 486808 installation package from the following location: <http://www.ibm.com/support/fixcentral>. Select the fix for download after searching product 'Platform Analytics' and version '9.1.4'. \n2\\. Install the package by LSF Analytics 9.1.4 Fix 486808 README file. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:44:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T01:44:08", "id": "B526CAB1DCDE21FF18C6B51A82FBE7D2151C581A107178E0FC15F29D9F03CA71", "href": "https://www.ibm.com/support/pages/node/665311", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-27T21:55:41", "description": "## Summary\n\nMultiple vulnerabilities with IBM Java version shipped with IBM Transformation Extender Advanced. These vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N). \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N). \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N). \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137880](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n \n** CVEID: **[CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137870](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n \n** CVEID: **[CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n \n** CVEID: **[CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>) \n** DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137891](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>) \n** DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-1417](<https://vulners.com/cve/CVE-2018-1417>) \n** DESCRIPTION: **Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java Technology Edition 7.1 and 8.0) allows untrusted code running under a security manager to elevate its privileges. IBM X-Force ID: 138823. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/138823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a webservice. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L). \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n** CVEID: **[CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n \n** CVEID: **[CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n** DESCRIPTION: **Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u171 and 7u161; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploitedby supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137833](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L). \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137933](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n** DESCRIPTION: **Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N). \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/137886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n \n** Third Party Entry: **PSIRT-ADV0010955 \n** DESCRIPTION: ** \nCVSS Base score: 0 \nCVSS Vector: \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nTransformation Extender Advanced| 9.0 \nStandards Processing Engine| 2.0 \n \n\n\n## Remediation/Fixes\n\nUpgrade to ITXA version 9.0.1.0 or higher from Passport Advantage.\n\n## Workarounds and Mitigations\n\nCustomer may manually upgrade their ITXA installation to the latest version of IBM Java.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-05-15T17:55:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java shipped with IBM Transformation Extender Advanced", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2020-05-15T17:55:47", "id": "19FDDC2F74E05C9B42A0381D32E09D70E2D2150176C46C3EC98FC8C0DDA647DC", "href": "https://www.ibm.com/support/pages/node/6209685", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:11:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM Cloud APM Private 8.1.4, IBM Cloud Application Performance Management, and IBM Application Performance Management 8.1.3. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2018-2588](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2629](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137880> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2657](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2641](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2582](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2639](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1417](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138823> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Monitoring 8.1.3 \nIBM Application Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3 \nIBM Cloud Application Performance Management, Base Private 8.1.4 \nIBM Cloud Application Performance Management, Advanced Private 8.1.4 \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\n_Product_\n\n| _Product_ \n_VRMF_| _Remediation_ \n---|---|--- \nIBM Monitoring 8.1.3 \nIBM Application Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3| _8.1.3_| The vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0012 server patch to the system where the Performance Management server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003854](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003854>) \n \nThe vulnerability can be remediated by applying the following 8.1.3.0-IBM-IPM-GATEWAY-IF0008 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003853](<https://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003853>) \nIBM Cloud Application Performance Management, Base Private \nIBM Cloud Application Performance Management, Advanced Private| _8.1.4_| The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0004 server patch to the system where the Cloud APM server is installed: [http://www-01.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003783](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400003783>) \n \nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0003 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003809](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809>) \nIBM Cloud Application Performance Management| _N/A_| The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0003 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: [https://www.ibm.com/support/docview.wss?rs=0&amp;uid=isg400003809](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003809>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\nSecurity Bulletin: Multiple vulnerabilities may affect IBM SDK Java Technology Edition: <http://www-01.ibm.com/support/docview.wss?uid=swg22012965> \nOracle Critical Patch Update Advisory - January 2018: <http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html>\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 May 2018 Updated Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSTFXA\",\"label\":\"Tivoli Monitoring\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"8.1.3;8.1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:50:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM Java SDK affect IBM Performance management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T15:50:48", "id": "6877A290C4E483A82EA8A166F8741992C1817E945A9A02B43C11E02EC9E3AAFD", "href": "https://www.ibm.com/support/pages/node/569193", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:57", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.6, and Version 7 that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin: \n \n-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.2.3 Fix Pack 5 and 6.3.0 through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-2602 only) \n-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.2.3 Fix Pack 5 (JRE 1.6) and 6.3.0 throught 6.3.0 Fix Pack 7 (JRE 7) (All CVE's listed) \n \n\n\n## Remediation/Fixes\n\n**_Java (TEP) Remediation:_** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix below provides updated JRE packages for the portal server which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients. \n \n\n\n**_Fix_**| **_VRMF_**| **_How to acquire fix_** \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20180512| 6.2.3 FP1 through 6.3.0 FP7| <http://www.ibm.com/support/docview.wss?uid=swg24044851> \n \n \n \n**_Java (CANDLEHOME) Remediation:_** \nThe patch below should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows). \n \n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20180512| 6.2.3 through 6.3.0 FP7| <http://www.ibm.com/support/docview.wss?uid=swg24044852> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:51:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T15:51:34", "id": "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "href": "https://www.ibm.com/support/pages/node/570667", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases used by IBM Platform Symphony 6.1.1, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases used by IBM Platform Symphony 7.1 Fix Pack 1, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases used by IBM Platform Symphony 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Platform Symphony 6.1.1 \n\nIBM Platform Symphony 7.1 Fix Pack 1\n\nIBM Platform Symphony 7.1.1\n\nIBM Spectrum Symphony 7.1.2\n\nIBM Spectrum Symphony 7.2.0.2\n\n## Remediation/Fixes\n\n**Applicability** \nOperating systems: Linux x64 \n \nCluster type: Single grid cluster \n \n**Prerequisite** \nTo install or uninstall the .rpm packages for IBM Spectrum Symphony 7.1.2 and 7.2.0.2, you must have root permission and RPM version 4.2.1 or later must be installed on the host. \n \n**Before installation** \na. Log on to the master host as the cluster administrator. \nb. Disable your applications, stop services, and shut down the cluster: \n&gt; source profile.platform \n&gt; soamcontrol app disable all \n&gt; egosh service stop all \n&gt; egosh ego shutdown all \nc. For Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, back up the JRE folder (under $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/) on all hosts. \nFor example, in a Platform Symphony 7.1.1 cluster, back up the JRE folder at $EGO_TOP/jre/3.3/linux-x86_64/. \nd. For IBM Spectrum Symphony 7.1.2 and 7.2.0.2, uninstall the existing JRE. \na) Query the existing JRE package and uninstall it from the dbpath location, for example: \n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-1.8.0.3-408454.x86_64 \n&gt; rpm -e egojre-1.8.0.3-408454.x86_64 --dbpath /tmp/rpm --nodeps \nb) For IBM Spectrum Symphony 7.2.0.2, remove the leftover link under the jre folder, for example: \n&gt; rm -rf $EGO_TOP/jre/8.0.5.0 \n \n**Install this interim fix** \na. Log on to each host as the cluster administrator and replace your current JRE folder with the files in this interim fix. \nFor Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, remove the files in the existing JRE folder and extract the interim package to the JRE folder on all hosts. \nFor example, in a Platform Symphony 7.1.1 cluster, enter the following commands: \n&gt; rm -rf $EGO_TOP/jre/3.3/linux-x86_64/* \n&gt; tar zxfo symSetup_jre8sr5fp11_linux-64_build491204.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64 \nFor IBM Spectrum Symphony 7.1.2 and 7.2.0.2, use the same dbpath and prefix as the installation, for example: \n&gt; rpm \u2013ivh --dbpath /tmp/rpm --prefix /opt/platform egojre-1.8.0.511.x86_64.rpm \nb. Delete all subdirectories and files in the GUI work directory: \n&gt; rm -rf $EGO_TOP/gui/work/* \n&gt; rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory. \nc. Launch your browser and clear the browser cache. \nd. Log on to the master host as the cluster administrator, start the cluster and enable your applications: \n&gt; source profile.platform \n&gt; egosh ego start all \n&gt; soamcontrol app enable &lt;_appName_&gt; \n \n**Verify the installation** \n\u00b7 For Platform Symphony 6.1.1, the following example shows output for the java -version command: \n&gt; java -version \njava version \"1.6.0\" \nJava(TM) SE Runtime Environment (build pxa6460sr16fp60-20180213_02(SR16 FP60)) \nIBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr16fp60-20180125_377078 (JIT enabled, AOT enabled) \nJ9VM - 20180125_377078 \nJIT - r9_20180125_377078 \nGC - GA24_Java6_SR16_20180125_1132_B377078) \nJCL - 20180209_01 \n\u00b7 For Platform Symphony 7.1 Fix Pack 1, the following example shows output for the java -version command: \n&gt; java -version \njava version \"1.7.0\" \nJava(TM) SE Runtime Environment (build pxa6470sr10fp20-20180221_01(SR10 FP20)) \nIBM J9 VM (build 2.6, JRE 1.7.0 Linux amd64-64 Compressed References 20180126_377201 (JIT enabled, AOT enabled) \nJ9VM - R26_Java726_SR10_20180126_1056_B377201 \nJIT - r11_20180126_377201 \nGC - R26_Java726_SR10_20180126_1056_B377201_CMPRSS \nJ9CL - 20180126_377201) \nJCL - 20180221_01 based on Oracle jdk7u171-b11 \n\u00b7 For Platform Symphony 7.1.1, the following example shows output for the java -version command: \n&gt; java -version \njava version \"1.8.0_161\" \nJava(TM) SE Runtime Environment (build 8.0.5.11 - pxa6480sr5fp11-20180326_01(SR5 FP11)) \nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20180309_380776 (JIT enabled, AOT enabled) \nOpenJ9 - 49fcaf39 \nOMR - 5cbbadf \nIBM - 4453dac) \nJCL - 20180319_01 based on Oracle jdk8u161-b12 \n\u00b7 For IBM Spectrum Symphony 7.1.2, the following example shows output for the rpm -qa command: \n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-1.8.0.511-491204.x86_64 \n\u00b7 For IBM Spectrum Symphony 7.2.0.2, the following example shows output for the rpm -qa command: \n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-8.0.5.11-491204.x86_64 \n \n**Uninstallation** \nIf required, follow these instructions to uninstall this interim fix in your cluster: \na. Log on to the master host as the cluster administrator. \nb. Disable your applications, stop services, and shut down the cluster: \n&gt; source profile.platform \n&gt; soamcontrol app disable all \n&gt; egosh service stop all \n&gt; egosh ego shutdown all \nc. Log on to all hosts as the cluster administrator and restore the JRE folder from your backup. \nFor Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, restore your backup to the $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/ folder. For example, in a Platform Symphony 7.1.1 cluster, restore your backup to the $EGO_TOP/jre/3.3/linux-x86_64/ folder. \nFor IBM Spectrum Symphony 7.1.2 and 7.2.0.2, uninstall the existing JRE, then install the old one: \na) Uninstall the JRE fix, for example: \n&gt; rpm -e egojre-1.8.0.511-491204.x86_64 --dbpath /tmp/rpm/ --nodeps \nb) For IBM Spectrum Symphony 7.2.0.2, remove the leftover link under the jre folder, for example: \n&gt; rm -rf $EGO_TOP/jre/8.0.5.11 \nc) Extract the egojre .rpm package from the .bin installation package, for example, for IBM Spectrum Symphony 7.1.2: \n&gt; sym-7.1.2.0_x86_64.bin --extract /opt/extract \nd) Reinstall the old JRE package. Use the same dbpath and prefix as the installation, for example: \n&gt; rpm -ivh --dbpath /tmp/rpm --prefix /opt/extract/egojre-1.8.0.3.x86_64.rpm \nd. Delete all subdirectories and files in the GUI work directory: \n&gt; rm -rf $EGO_TOP/gui/work/* \n&gt; rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory. \ne. Launch your browser and clear the browser cache. \nf. Log on to the master host as the cluster administrator, start the cluster and enable your applications: \n&gt; source profile.platform \n&gt; egosh ego start all \n&gt; soamcontrol app enable &lt;_appName_&gt; \n \n**Packages:**\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM Platform Symphony_| _6.1.1_| _P102477_| _symSetup_jre6sr16fp60_linux-64_build491204.tar.gz: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-6.1.1-build491204&amp;includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-6.1.1-build491204&includeSupersedes=0>) \n_IBM Platform Symphony_| _7.1 Fix Pack 1_| _P102477_| _symSetup_jre7sr10fp20_linux-64_build491204.tar.gz: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1-build491204&amp;includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build491204&includeSupersedes=0>)_ _ \n_IBM Platform Symphony_| _7.1.1_| _P102477_| _symSetup_jre8sr5fp11_linux-64_build491204.tar.gz for Platform Symphony 7.1.1: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.1-build491204&amp;includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build491204&includeSupersedes=0>) \n_IBM Spectrum Symphony_| _7.1.2_| _P102477_| _egojre-1.8.0.511.x86_64.rpm: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.2-build491204&amp;includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build491204&includeSupersedes=0>) \n_IBM Spectrum Symphony_| _7.2.0.2_| _P102477_| _egojre-8.0.5.11.x86_64.rpm: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.2.0.2-build491204&amp;includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build491204&includeSupersedes=0>)_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:43:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T01:43:59", "id": "FF972FF475C6691212D41E145A91B62441337954697CD95DE31DD265512A07AD", "href": "https://www.ibm.com/support/pages/node/665265", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7, 7.1, and 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nAIX 5.3, 6.1, 7.1, 7.2 \nVIOS 2.2.x \n \nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed: \nFor Java7: Less than 7.0.0.620 \nFor Java7.1: Less than 7.1.0.420 \nFor Java8: Less than 8.0.0.510 \n \nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide. \n \nExample: ` lslpp -L | grep -i java`\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version. \n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and subsequent releases: \n32-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all>) \n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and subsequent releases: \n32-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all>) \n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and subsequent releases: \n32-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:42:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T01:42:33", "id": "39E450D4F111F857D19F138C03812ABD7F598DD51D9F08A4C97B699481E1BA33", "href": "https://www.ibm.com/support/pages/node/664651", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:59", "description": "## Summary\n\nJava SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability\n\n## Vulnerability Details\n\n**CVE IDs:** CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 CVE-2018-1417 \n\n**DESCRIPTION:** This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2018 Critical Patch Update. For more information please refer to [Oracle's January 2018 CPU Advisory](<http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA>) and the X-Force database entries referenced below.\n\nThis bulletin also describes one additional vulnerability which affects IBM SDK, Java Technology Edition.\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n \n**CVEID:** [CVE-2018-1417](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138823> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases\n\n## Remediation/Fixes\n\nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and subsequent releases \n\nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from [_here_](<http://www.ibm.com/developerworks/java/jdk/index.html>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [_IBM support_](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin.\n\n**APAR numbers are as follows****:**\n\n \n \n[IJ04031](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04031>) (CVE-2018-2639) \n[IJ04034](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04034>) (CVE-2018-2638) \n[IJ04036](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04036>) (CVE-2018-2633) \n[IJ04037](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04037>) (CVE-2018-2637) \n[IJ04038](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04038>) (CVE-2018-2634) \n[IJ04039](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04039>) (CVE-2018-2582) \n[IJ04040](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04040>) (CVE-2018-2641) \n[IJ04041](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04041>) (CVE-2018-2618) \n[IJ04042](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04042>) (CVE-2018-2657) \n[IJ04043](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04043>) (CVE-2018-2603) \n[IJ04044](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04044>) (CVE-2018-2599) \n[IJ04045](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04045>) (CVE-2018-2602) \n[IJ04046](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04046>) (CVE-2018-2678) \n[IJ04047](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04047>) (CVE-2018-2677) \n[IJ04051](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04051>) (CVE-2018-2663) \n[IJ04052](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04052>) (CVE-2018-2588) \n[IJ04053](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04053>) (CVE-2018-2579) \n[IJ04021](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04021>) (CVE-2018-1417) \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:08:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:08:50", "id": "6143803B3BA40C7530457C980DC767312A530B4633D43773E75FE39165A523D8", "href": "https://www.ibm.com/support/pages/node/303533", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:32", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM Spectrum Conductor with Spark. These issues were disclosed as part of the IBM Java updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n \n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-1417](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138823> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n \nIBM Spectrum Conductor with Spark 2.2.0, and IBM Spectrum Conductor with Spark 2.2.1, which support Linux and Linux on POWERLE.\n\n## Remediation/Fixes\n\n \n**Download steps** \n \nDownload the patch corresponding to your IBM Spectrum Conductor with Spark version from the following location: [_http://www.ibm.com/eserver/support/fixes/_](<http://www.ibm.com/eserver/support/fixes/>)\n\nIBM Spectrum Conductor with Spark 2.2.0 (x86_64)| cws-2.2.0.0_x86_64_build484357 \n---|--- \nIBM Spectrum Conductor with Spark 2.2.0 (ppc64le)| cws-2.2.0.0_ppc64le_build484357 \nIBM Spectrum Conductor with Spark 2.2.1 (x86_64)| cws-2.2.1.0_x86_64_build484485 \nIBM Spectrum Conductor with Spark 2.2.1 (ppc64le)| cws-2.2.1.0_ppc64le_build484485 \n \n**Installation steps ** \n \nFollow the steps in the readme file. \n \n1\\. Log on to each host in your cluster (root or sudo to root permission). \n \n2\\. Define the cluster properties by setting the following environment variables. If you do not set the optional environment variables, the default values are used. \n \nOption| Description \n---|--- \nCLUSTERADMIN| Mandatory if you are installing as root. Set to any valid operating user account, which then owns all installation files. For example: export CLUSTERADMIN=egoadmin \n \n3\\. Upgrade the JRE by using the RPM in this interim fix. \n \nNote: RPM version 4.2.1 or later must be installed on the host. Ensure that you replace dbpath_location in the following rpm commands to the path to your database. \n \nFor example, in IBM Spectrum Conductor with Spark 2.2.0: \n \n&gt; mkdir -p /tmp/cws22build484357 \n \n&gt; tar zxof cws-2.2.0.0_x86_64_build484357.tgz -C /tmp/cws22build484357 \n \n&gt; rpm -ivh --replacefiles --prefix $EGO_TOP --dbpath dbpath_location /tmp/cws22build484357/egojre-8.0.5.10.x86_64.rpm \n \nNote: The cshrc.jre file and the profile.jre file are updated in this step to the current JRE version. If you have made copies of these files, ensure that you update the copied files with the new JRE version. \n \n4\\. Start the cluster: \n \n&gt; egosh ego start all \n \n5\\. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups. \n \n**Verify the installation** \n \n1\\. Run the rpm \u2013qa command to verify the installation. For example: \n \n&gt; rpm -qa --dbpath dbpath_location |grep egojre \n \negojre-8.0.5.10-484357.x86_64 \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:42:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Conductor with Spark", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T01:42:22", "id": "DE61CF56AD0796A00528B0861C6C0A246E74C685E64843189E387E6635F982A0", "href": "https://www.ibm.com/support/pages/node/664561", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-11T15:34:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.5 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.5 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.5 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.5 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.5 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.5 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n**IMPORTANT CONSIDERATIONS:**\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [ Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www.ibm.com/support/docview.wss?uid=swg22013818>) to get the WAS remediation.\n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process: \n * * **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_\n * **Navigate to the server directory** in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions,_ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n**Windows:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"rem \" at the beginning of the line: \n \n**_Before modification:_** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_**_ ... \nAfter modification:_** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._ \n \n**Linux:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"# \" at the beginning of the line: \n \n**_Before modification:_** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_**_ ... \nAfter modification:_** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n \n \n \n\n * * **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup. _\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 5.0.2 or 6.0.2. Or optionally, upgrade to the latest 6.0.x version. \n \n2\\. Optionally, apply the latest ifix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * * * For the 6.0.5 release: **JRE 7.1.4.20****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP20_**) or **JRE 8.0.5.11****_(&lt;product&gt;-JavaSE-JRE-8.0SR5FP11_**) \n * [_Rational Collaborative Lifecycle Management 6.0.5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.5&platform=All&function=all>)\n * For the 6.0.2 release: **JRE 7.1.4.20****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP20_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases:\n * * IBM SDK Java\u2122 Technology Edition, Version 6 is no longer supported on distributed platforms. IBM Collaborative Lifecycle Management (CLM) products version 5.x use Java 6 and are affected. IBM highly recommends customers to upgrade to Extended Maintenance Release 6.0.2 for those wishing the stability and support of an EMR release, or to the latest 6.0.x version for those desiring the latest features. For additional details review: [Impact to CLM 5.x suite of products due to Java 6 EOS](<http://www.ibm.com/support/docview.wss?uid=swg22015069>)\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n5\\. Navigate to the server directory in your Rational product installation path, and go to jre/lib/security path. \n \n6\\. Open **_java.security_**_ _ file using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and remove MD5 option from the jdk.jar.disabledAlgorithms parameter set:\n\n * **_Before modification:_**\n\njdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize &lt; 1024\n\n * **_After modification:_**\n\njdk.jar.disabledAlgorithms=MD2, RSA keySize &lt; 1024\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology January 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-04-28T18:35:50", "id": "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "href": "https://www.ibm.com/support/pages/node/570815", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:49:52", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Metrics Manager. \n \nIBM Cognos Metrics Manager consumes OpenSSL. Multiple vulnerabilities have been addressed in OpenSSL. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 and IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that are used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3738](<https://vulners.com/cve/CVE-2017-3738>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136078> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \"error state\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137933](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137833](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n \n\n\n| Version | Interim Fix \n---|---|--- \nIBM Cognos Metrics Manager | 10.2.2 | [IBM Cognos Business Intelligence 10.2.2 Interim Fix 19](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) \nIBM Cognos Metrics Manager | 10.2.1 | [IBM Cognos Business Intelligence 10.2.1 Interim Fix 24](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) \nIBM Cognos Metrics Manager | 10.2 | [IBM Cognos Business Intelligence 10.2 Interim Fix 27](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-19T21:33:32", "type": "ibm", "title": "Security Bulletin: IBM Cognos Metrics Manager 2018 Q2 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0701", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0739", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-07-19T21:33:32", "id": "76FA12A14D94277858DB1075CD6A9F1E4AAF161AEC3B71FC67679D638C279BD5", "href": "https://www.ibm.com/support/pages/node/713459", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:41:59", "description": "## Summary\n\nThis Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics 2.0.6. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM Planning Analytics 2.0.5 and lower. IBM Planning Analytics 2.0.6 has addressed the applicable CVEs by upgrading to IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 5 Fix Pack 15. \n \nAs of version 2.0.6, IBM Planning Analytics is no longer compatible with IBM\u00ae Runtime Environment Java\u2122 Version 7. IBM Planning Analytics 2.0.6 (Windows) will install IBM\u00ae Runtime Environment Java\u2122 Version 8. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM\u00ae Runtime Environment Java\u2122 delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\". located in the References section for more information.\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3732](<https://vulners.com/cve/CVE-2017-3732>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagating bug in the x86_64 Montgomery squaring procedure. An attacker could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121313> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2016-0705](<https://vulners.com/cve/CVE-2016-0705>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploit this vulnerability to corrupt memory and cause a denial of service. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111140> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-1517](<https://vulners.com/cve/CVE-2018-1517>) \n**DESCRIPTION:** A flaw in the java.math component in IBM SDK, Java Technology Edition may allow an attacker to inflict a denial-of-service attack with specially crafted String data. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141681> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2018-1656](<https://vulners.com/cve/CVE-2018-1656>) \n**DESCRIPTION:** The IBM Java Runtime Environment''s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144882> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2964](<https://vulners.com/cve/CVE-2018-2964>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146827> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2973](<https://vulners.com/cve/CVE-2018-2973>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146835> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2952](<https://vulners.com/cve/CVE-2018-2952>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146815> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2940](<https://vulners.com/cve/CVE-2018-2940>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/146803> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12539](<https://vulners.com/cve/CVE-2018-12539>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to restrict the use of Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations to only the process owner. An attacker could exploit this vulnerability to execute untrusted native code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148389> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPlanning Analytics 2.0\n\nPlanning Analytics 2.0.1\n\nPlanning Analytics 2.0.2\n\nPlanning Analytics 2.0.3\n\nPlanning Analytics 2.0.4\n\nPlanning Analytics 2.0.5\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \n[Planning Analytics 2.0.6](<http://www.ibm.com/support/docview.wss?uid=swg24044974>) \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Planning Analytics.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0705", "CVE-2017-3732", "CVE-2017-3736", "CVE-2018-12539", "CVE-2018-1517", "CVE-2018-1656", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2940", "CVE-2018-2952", "CVE-2018-2964", "CVE-2018-2973"], "modified": "2020-02-24T07:27:10", "id": "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "href": "https://www.ibm.com/support/pages/node/732896", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:55:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR10 FP15 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2790_](<https://vulners.com/cve/CVE-2018-2790>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141946_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.1.0, 7.5.0.1, 7.5.0.0 \nWebSphere Cast Iron v 7.0.0.2, 7.0.0.1, 7.0.0.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.1.0 \n7.5.0.1 \n7.5.0.0| LI80072| [7.5.1.0-CUMUIFIX-021](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.scrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.vcrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.docker,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.32bit.studio,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.studio&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.2 \n7.0.0.1 \n7.0.0.0| LI80072| [7.0.0.2-CUMUIFIX-041](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.scrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.vcrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-win,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-win,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.32bit.studio,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794"], "modified": "2018-06-15T07:09:25", "id": "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "href": "https://www.ibm.com/support/pages/node/571891", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-28T21:58:24", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2018-2663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\nConsult [Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22016291>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30 May 2018: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSTU9C\",\"label\":\"Jazz Reporting Service\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.0;5.0.1;5.0.2;6.0;6.0.1;6.0.2;6.0.3;6.0.4;6.0.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:28:28", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:28:28", "id": "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "href": "https://www.ibm.com/support/pages/node/571515", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 versions 6, 7 and 8 used by IBM MQ. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n**_IBM MQ 9.0.0.x Long Term Support (LTS)_** \nMaintenance level 9.0.0.2 and earlier \n \n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nContinuous delivery update 9.0.4 and earlier \n \n**_IBM MQ 8.0 and IBM MQ Appliance 8.0_** \nMaintenance levels 8.0.0.8 and earlier \n \n**_WebSphere MQ 7.5_** \nMaintenance levels 7.5.0.8 and earlier \n \n**_WebSphere MQ 7.1_** \nMaintenance levels 7.1.0.8 and earlier\n\n## Remediation/Fixes\n\n**_IBM MQ 9.0.0.0_** \nApply fix pack [9.0.0.3](<http://www-01.ibm.com/support/docview.wss?uid=swg24044508>) \n \n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nUpgrade to [IBM MQ 9.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg24043463>) \n \n**_IBM MQ V8.0 and IBM MQ Appliance 8.0_** \nApply fix pack [8.0.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22015103>) \n \n**_Please note_**_: Users of MQ v8.0 on the HP-UX platform are advised that patches for these issues have not been released by the manufacturer for this JRE level (7.0) at this time. These updates will be published by IBM once available. _ \n \n**_WebSphere MQ 7.5_** \nApply iFix [IT23405](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.5&platform=All&function=aparId&apars=IT23405>) \n \n**_WebSphere MQ 7.1_** \nApply fix pack [7.1.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22010694>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:09:20", "id": "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "href": "https://www.ibm.com/support/pages/node/570791", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-22T01:47:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. \n\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: ** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: ** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: ** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM B2B Advanced Communications 1.0.0.2 - 1.0.0.6_2\n\n## Remediation/Fixes\n\n_**Release**_ | **_VRMF_** | **_How to acquire fix_** \n---|---|--- \n1.0.1.0 | 1.0.1.0 | IBM Fix Central &gt; [B2B_Advanced_Communications_V1.0.1.0_Media](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-01-15T18:15:02", "type": "ibm", "title": "Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "modified": "2019-01-15T18:15:02", "id": "26FDEF4686F824A255770B8961AB492AA5E4A9A534F8EC7775C73A50569E127C", "href": "https://www.ibm.com/support/pages/node/793713", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:47:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and IBM\u00ae Runtime Environment Java\u2122 Version 7 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications v3.0 \n\nIBM Content Collector for SAP Applications v4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for SAP Applications| 3.0| Use IBM Content Collector for SAP Applications [Interim Fix 7](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=3.0.0.2&platform=All&function=all>) \nIBM Content Collector for SAP Applications| 4.0| Use IBM Content Collector for SAP Applications[ Interim Fix 1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=4.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T12:19:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T12:19:27", "id": "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "href": "https://www.ibm.com/support/pages/node/567875", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:15", "description": "## Summary\n\nThere are multiple vulnerabilities related to IBM\u00ae Runtime Environment Java\u2122 Technology Edition which is used and shipped by different versions of IBM Rational License Key Server Administration and Reporting Tool Admin (ART) and Agent. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nThese vulnerabilities impact the following components and their releases: \n\n\n * RLKS Administration and Reporting Tool version 8.1.4.9\n * RLKS Administration and Reporting Tool version 8.1.5\n * RLKS Administration and Reporting Tool version 8.1.5.1\n * RLKS Administration and Reporting Tool version 8.1.5.2\n * RLKS Administration and Reporting Tool version 8.1.5.3\n \n\n\n * RLKS Administration Agent version 8.1.4.9\n * RLKS Administration Agent version 8.1.5\n * RLKS Administration Agent version 8.1.5.1\n * RLKS Administration Agent version 8.1.5.2\n * RLKS Administration Agent version 8.1.5.3\n\n## Remediation/Fixes\n\n \nUpgrade the RLKS Administration Agent to version 8.1.5.4. It can be downloaded through the following link. \n[IBM RLKS Administration And Reporting Agent 8154 on Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/Rational+Common+Licensing&release=All&platform=All&function=fixId&fixids=IBM_RLKS_Administration_And_Reporting_Agent_8154&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true>) \n \nUpgrade the RLKS Administration and Reporting Tool to version 8.1.5.4. It can be downloaded through the following link. \n[IBM RLKS Administration And Reporting Tool 8154 on Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/Rational+Common+Licensing&release=All&platform=All&function=fixId&fixids=IBM_RLKS_Administration_And_Reporting_Tool_8154&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:27:59", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin and Agent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2633", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:27:59", "id": "84519CF7C0BC0BBF920A3B4993A25CB95A81E31AB442E7DBDE6518F330A967A1", "href": "https://www.ibm.com/support/pages/node/569113", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 \nused by QRadar SIEM. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score:**3.70 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N \n \n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score:**4.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N \n \n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score:**4.80 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L \n \n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score:**4.50 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L \n \n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score:**5.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \n**CVSS Base Score:**8.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H \n \n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \n**CVSS Base Score:**7.40 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N \n \n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score:**5.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Not Applicable \n**CVSS Base Score:**4.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\n\n## Affected Products and Versions\n\nQRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4\n\nQRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \n_QRadar / QRM / QVM / QRIF / QNI_\n\n| \n\n_7.3.1 Patch 4_\n\n| \n\n_None_\n\n| [QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180720020816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n_QRadar / QRM / QVM / QRIF / QNI_\n\n| \n\n_7.2.8 Patch 11_\n\n| \n\n_None_\n\n| [QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20180416164940&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-15T16:28:10", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2678"], "modified": "2018-08-15T16:28:10", "id": "DEFEFB2B26B8AC90E2498D0927E571DF52F00DC6BF2D8D922349E48989CEC0DF", "href": "https://www.ibm.com/support/pages/node/719115", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:41:56", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Multiple Open Source OpenSSL vulnerabilities have also been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0733](<https://vulners.com/cve/CVE-2018-0733>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## \n\n## Affected Products and Versions\n\n * IBM Cognos Insight 10.2.1\n * IBM Cognos Insight 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical.\n\n**Cognos Insight Standard Edition 10.2.1 Fix Pack 2 Interim Fix 25**\n\nLink:_ _[_http://www-01.ibm.com/support/docview.wss?uid=swg24042434_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042434>)\n\n**Cognos Insight Standard Edition 10.2.2 Fix Pack 7 Interim Fix 14**\n\nLink:[_http://www.ibm.com/support/docview.wss?uid=swg24042420_](<http://www.ibm.com/support/docview.wss?uid=swg24042420>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3735", "CVE-2017-3736", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2663", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797"], "modified": "2020-02-24T07:27:10", "id": "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "href": "https://www.ibm.com/support/pages/node/716289", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-26T13:50:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Multiple Open Source OpenSSL vulnerabilities have also been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** _[CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>)_ \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2018-0733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733>)_ \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A\n\n**CVEID:** [CVE-2018-2795](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n * IBM Cognos TM1 10.2\n * IBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \nCognos TM1 10.2.0.2 Interim Fix 25 \n \nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24043912_](<http://www.ibm.com/support/docview.wss?uid=swg24043912>) \n \nCognos TM1 10.2.2.7 Interim Fix 14 \n \nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24043911_](<http://www.ibm.com/support/docview.wss?uid=swg24043911>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin (January 2018)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985393>) \n[_IBM Java SDK Security Bulletin (April 2018)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21997194>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n11 July 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS9RXT\",\"label\":\"Cognos TM1\"},\"Component\":\"Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.2;10.2.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3735", "CVE-2017-3736", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2663", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797"], "modified": "2020-02-24T07:27:10", "id": "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "href": "https://www.ibm.com/support/pages/node/716285", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:55:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nCICS Transaction Gateway v8.0.0.0 \u2013 8.0.0.6 \nCICS Transaction Gateway v8.1.0.0 \u2013 8.1.0.5 \nCICS Transaction Gateway v9.0.0.0 \u2013 9.0.0.4 \nCICS Transaction Gateway v9.1.0.0 \u2013 9.1.0.3 \nCICS Transaction Gateway v9.2.0.0 \u2013 9.2.0.2\n\n## Remediation/Fixes\n\nUpgrade the JRE used by CICS TG Java client applications and/or the CICS TG Gateway daemon. Updated JREs which can used with CICS TG Java client applications and the Gateway daemon are made available on Fix Central. \n \n\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nCICS Transaction Gateway for Multiplatforms| 9.2.0.0 \n9.2.0.1 \n9.2.0.2| Updated JRE's have been made available on Fix Central as Fix packs. \nAIX: [8.0.5-CICSTG-AIXpSeries32-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-AIXpSeries32-JRE-SR10&continue=1>) \nHP-UX: [8.0.5-CICSTG-HPUXIA32-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-HPUXIA32-JRE-SR10&continue=1>) \nxLinux: [8.0.5-CICSTG-Linuxx8632-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-Linuxx8632-JRE-SR10&continue=1>) \npLinux: [8.0.5-CICSTG-LinuxpSeries32-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-LinuxpSeries32-JRE-SR10&continue=1>) \nzLinux: [8.0.5-CICSTG-LinuxzSeries31-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-LinuxzSeries31-JRE-SR10&continue=1>) \nWindows:[8.0.5-CICSTG-Windowsx8632-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-Windowsx8632-JRE-SR10&continue=1>)| \n[https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&amp;query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&amp;query.release=9.2.0&amp;query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \n \nCICS Transaction Gateway for Multiplatforms| 9.1.0.0 \n9.1.0.1 \n9.1.0.2 \n9.1.0.3| Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.10-CICSTG-SolarisSPARC32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-SolarisSPARC32-JRE-SR20&continue=1>) \nAIX: [7.1.4-CICSTG-AIXpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-AIXpSeries32-JRE-SR20&continue=1>) \nxLinux: [7.1.4-CICSTG-Linuxx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-Linuxx8632-JRE-SR20&continue=1>) \npLinux: [7.1.4-CICSTG-LinuxpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-LinuxpSeries32-JRE-SR20&continue=1>) \nzLinux: [7.1.4-CICSTG-LinuxzSeries31-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-LinuxzSeries31-JRE-SR20&continue=1>) \nWindows: [7.1.4-CICSTG-Windowsx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-Windowsx8632-JRE-SR20&continue=1>)| \n[https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&amp;query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&amp;query.release=9.1.0&amp;query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \nCICS Transaction Gateway for Multiplatforms| 9.0.0.0 \n9.0.0.1 \n9.0.0.2 \n9.0.0.3 \n9.0.0.4 \n8.1.0.0 \n8.1.0.1 \n8.1.0.2 \n8.1.0.3 \n8.1.0.4 \n8.1.0.5 \n8.0.0.0 \n8.0.0.1 \n8.0.0.2 \n8.0.0.3 \n8.0.0.4 \n8.0.0.5 \n8.0.0.6| Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.10-CICSTG-SolarisSPARC32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-SolarisSPARC32-JRE-SR20&continue=1>) \nAIX: [7.0.10-CICSTG-AIXpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-AIXpSeries32-JRE-SR20&continue=1>) \nxLinux: [7.0.10-CICSTG-Linuxx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-Linuxx8632-JRE-SR20&continue=1>) \npLinux: [7.0.10-CICSTG-LinuxpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-LinuxpSeries32-JRE-SR20&continue=1>) \nzLinux: [7.0.10-CICSTG-LinuxzSeries31-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-LinuxzSeries31-JRE-SR20&continue=1>) \nWindows: [7.0.10-CICSTG-Windowsx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-Windowsx8632-JRE-SR20&continue=1>)| [https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&amp;query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&amp;query.release=9.0.0&amp;query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2678"], "modified": "2018-06-15T07:09:24", "id": "D472BB6070D3EAAA575EDD37698BF33CF68D69F2859D529D555F7ED693CF3311", "href": "https://www.ibm.com/support/pages/node/571689", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:05", "description": "## Summary\n\nJava SE issues disclosed in the Oracle April 2018 Critical Patch Update \n\n## Vulnerability Details\n\n**CVE IDs:** CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 \n\n**DESCRIPTION:** This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2018 Critical Patch Update. For more information please refer to [Oracle's April 2018 CPU Advisory](<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA>) and the X-Force database entries referenced below.\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60 and earlier releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60 and earlier releases \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and earlier releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and earlier releases \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and earlier releases \n \n**NOTE:** These releases are affected by CVE-2018-2814 on Solaris, HP-UX, and Mac OS only. \n \nFor detailed information on which CVEs affect which releases, please refer to the [IBM SDK, Java Technology Edition Security Vulnerabilities page](<https://developer.ibm.com/javasdk/support/security-vulnerabilities/>). \n\n## Remediation/Fixes\n\nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 65 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 65 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 25 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 25 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 15 and subsequent releases \n \nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the [developer center](<https://developer.ibm.com/javasdk/downloads/>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [IBM support](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin. \n \n**APAR numbers are as follows:**\n\n[IJ06342](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06342>) (CVE-2018-2794) \n[IJ06343](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06343>) (CVE-2018-2783) \n[IJ06344](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06344>) (CVE-2018-2799) \n[IJ06345](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06345>) (CVE-2018-2798) \n[IJ06346](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06346>) (CVE-2018-2797) \n[IJ06347](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06347>) (CVE-2018-2796) \n[IJ06348](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06348>) (CVE-2018-2795) \n[IJ06349](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06349>) (CVE-2018-2800) \n[IJ06351](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06351>) (CVE-2018-2790)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-06-15T07:09:13", "id": "7995C63D3451A7C3D84F616783736F8B888530FC2843FD646CEBBD9728452806", "href": "https://www.ibm.com/support/pages/node/570015", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:44:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Spectrum LSF Process Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141970>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Spectrum LSF Process Manager 10.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nIBM Spectrum LSF Process Manager | _10.2_ | _None_ | _See below steps_ \n \n**IBM Spectrum LSF Process Manager 10.2**\n\n1\\. Download IBM JRE 8.0 from the following location: [_http://www.ibm.com/support/fixcentral_](<http://www.ibm.com/support/fixcentral>). (The following steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the PM server host.\n\n3\\. Log on the PM server host as root, stop jfd.\n\n# jadmin stop\n\n4\\. On the PM server host, extract new JRE files and replace old folders with new ones.\n\n# tar -zxvf ibm-java-jre-8.0-5.15-linux-x86_64.tgz\n\n \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre-old \n# mkdir -p /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# cp -r ibm-java-x86_64-80/* /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/bin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/lib /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/plugin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# rm -rf /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre\n\n5\\. On the PM server host, start jfd\n\n# jadmin start\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-05-24T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum LSF Process Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2019-05-24T05:10:01", "id": "360DC7CD246693E2B1DE1202036FEC8857313D282295C1CF5B81C9D2168D8BC5", "href": "https://www.ibm.com/support/pages/node/665249", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:47:06", "description": "## Summary\n\nIBM Initiate Master Data Service is vulnerable to Oracle Java SE and Java SE Embedded issues and could allow remote attackers to affect the confidentiality, integrity, and availability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n \nIBM Initiate Master Data Service version 10.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n\n\n**_Product_**** ** | **_VRMF_** | **_APAR_** | **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service | \n\n10.1\n\n| None | [_10.1.050118_IM_Initiate_MasterDataService_ALL_Interim Fix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.050118_IM_Initiate_MasterDataService_ALL_Interm%20Fix&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-10-02T21:15:01", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2018 - Includes Oracle April 2018 CPU affects IBM InfoSphere Master Data Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-10-02T21:15:01", "id": "F1ECF74A0087969AEAB2A74D57C4E1ED4D9DC73748D06233229C4CC120CBD882", "href": "https://www.ibm.com/support/pages/node/732375", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:40:50", "description": "## Summary\n\nJava SE issues were disclosed in the Oracle April 2018 Critical Patch Update. IBM SDK, Java Technology Edition, is included with IBM Intelligent Operations Center products.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:**An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:**An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141951 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141956 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM Intelligent Operations Center V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, V5.1.0.6, V5.1.0.7, V5.1.0.8, V5.1.0.9, V5.1.0.10, V5.1.0.11, and V5.1.0.12 | IIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and earlier releases \nIBM Intelligent Operations Center for Emergency Management V1.6, V.5.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, and V5.1.0.6 \nIBM Intelligent Operations for Transportation V1.6.1 \nIBM Water Operations for Waternamics V5.1, V5.2.0, V5.2.0.1, V5.2.0.2, V5.2.0.3, V5.2.0.4, V5.2.0.5, and V5.2.0.6 \n \n## Remediation/Fixes\n\nConsult the security bulletin, [Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition](<http://www.ibm.com/support/docview.wss?uid=swg22015806>), for information about fixes.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-10-31T14:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition, in IBM Intelligent Operations Center products (April 2018 CPU)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-10-31T14:50:01", "id": "F3DAB8567AF331C8A8360A693B97E286F43D555C7AE51BE5F8AFBCB6E6CB4EDF", "href": "https://www.ibm.com/support/pages/node/572055", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:55", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141970>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com