5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Several previously released versions of IBM QRadar SIEM, and IBM QRadar Incident Forensics are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7.
CVE-ID: CVE-2015-0478
Description: An unspecified vulnerability in Oracle Java SE and JRockit related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/102339 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
CVE-ID: CVE-2015-0488
Description: An unspecified vulnerability in Oracle Java SE and Jrockit related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/102336 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVE-ID: CVE-2015-1916
Description: Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/101995 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVE-ID: CVE-2015-2613
Description: An unspecified vulnerability and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
CVE-ID: CVE-2015-2601
Description: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
CVE-ID: CVE-2015-4749
Description: An unspecified vulnerability related to the JNDI component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/104740 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
CVE-ID: CVE-2015-2625
Description: An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
CVE-ID: CVE-2015-1931
Description: IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/102967 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N
· IBM QRadar SIEM 7.2.5 Patch 3 and earlier versions.
· IBM QRadar SIEM 7.1 MR2 Patch 11 Interim Fix 01 and earlier versions.
· IBM QRadar Incident Forensics 7.2.5 Patch 3 and earlier versions
· IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 3 Interim Fix 01
· IBM QRadar SIEM 7.1 MR2 Patch 11 Interim Fix 02
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.1 | |
ibm security qradar siem | eq | 7.2 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P