Security Bulletins for Emptoris Program Management

2018-12-08T16:15:01

Description

## Question Security Bulletins for Emptoris Program Management ## Answer **This article tracks all Security Bulletins for Emptoris Program Management.** IBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see "[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)" for details.? Please use this information to take the appropriate actions. We recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here. October 13th 2017 * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_** October 13th 2017 * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>) October 13th 2017 * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>) May 2nd 2016 * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)** December 1st 2015 * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)** September 22?2015 * **[Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)](<https://emptoris.support.ibmcloud.com/ics/support/default.asp?deptID=31019&task=knowledge&questionID=22171&languageID=>)** August 26 2015 * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)** June 24 2015 * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)** April 8 2015 * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)** January 272015 * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)** December 312014 * **[Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)** September 17 2014 * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_emptoris_strategic_supply_management_ibm_emptoris_rivermine_telecom_expense_management_and_ibm_emptoris_services_procurement_cve_2014_4263_cve_2014_4244?lang=en_us>)** " [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYRER","label":"Emptoris Program Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]

{"id": "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletins for Emptoris Program Management", "description": "## Question\n\nSecurity Bulletins for Emptoris Program Management\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Program Management.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nWe recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here. \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nMay 2nd 2016\n\n * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)**\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\nSeptember 22?2015\n\n * **[Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)](<https://emptoris.support.ibmcloud.com/ics/support/default.asp?deptID=31019&task=knowledge&questionID=22171&languageID=>)**\n\nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n\nJanuary 272015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\nDecember 312014\n\n * **[Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n\nSeptember 17 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_emptoris_strategic_supply_management_ibm_emptoris_rivermine_telecom_expense_management_and_ibm_emptoris_services_procurement_cve_2014_4263_cve_2014_4244?lang=en_us>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "published": "2018-12-08T16:15:01", "modified": "2018-12-08T16:15:01", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/783531", "reporter": "IBM", "references": [], "cvelist": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-7450", "CVE-2016-2510", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "immutableFields": [], "lastseen": "2021-12-30T21:39:47", "viewCount": 25, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_FEB2015_ADVISORY.ASC", "JAVA_JUL2014_ADVISORY.ASC", "JAVA_OCT2014_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "OPENSSL_ADVISORY11.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-383", "ALAS-2014-387", "ALAS-2014-426", "ALAS-2014-429", "ALAS-2014-430", "ALAS-2014-431", "ALAS-2014-432", "ALAS-2015-471", "ALAS-2015-472", "ALAS-2015-480"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-11-01"]}, {"type": "archlinux", "idList": ["ASA-201410-6", "ASA-201412-18", "ASA-201501-14", "ASA-201501-15", "ASA-201501-16", "ASA-201501-18", "ASA-201501-19", "ASA-201501-20"]}, {"type": "attackerkb", "idList": ["AKB:BC293A26-1A78-4F0D-B4CE-04E218BA7440"]}, {"type": "centos", "idList": ["CESA-2014:0889", "CESA-2014:0890", "CESA-2014:0907", "CESA-2014:1620", "CESA-2014:1633", "CESA-2014:1634", "CESA-2014:1636", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085"]}, {"type": "cert", "idList": ["VU:577193"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1909", "CPAI-2015-1337"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2015-7450"]}, {"type": "cisco", "idList": ["CISCO-SA-20141015-POODLE", "CISCO-SA-20141211-CVE-2014-8730"]}, {"type": "citrix", "idList": ["CTX200238", "CTX216642"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77"]}, {"type": "cve", "idList": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2014-8730", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-2774", "CVE-2015-3642", "CVE-2015-4078", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-5537", "CVE-2015-6593", "CVE-2015-7450", "CVE-2016-2510", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"]}, {"type": "debian", "idList": ["DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-443-1:91EA1", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DLA-96-1:BD7DB", "DEBIAN:DSA-2980-1:9C2E3", "DEBIAN:DSA-2987-1:DAA89", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3077-1:D6D12", "DEBIAN:DSA-3080-1:2336D", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DSA-3147-1:2E393", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3489-1:1F09B", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3504-1:764CA", "DEBIAN:DSA-3504-1:AD20F"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3529", "DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2014-3574", "DEBIANCVE:CVE-2014-6457", "DEBIANCVE:CVE-2014-6593", "DEBIANCVE:CVE-2015-0410", "DEBIANCVE:CVE-2015-2774", "DEBIANCVE:CVE-2016-2510"]}, {"type": "f5", "idList": ["F5:K10065173", "F5:K15702", "F5:K15745", "F5:K15882", "F5:K16352", "F5:K16353", "SOL15702", "SOL15745", "SOL15882", "SOL16352", "SOL16353"]}, {"type": "fedora", "idList": ["FEDORA:0309060CF36E", "FEDORA:0FE8860E4374", "FEDORA:13EED60DC938", "FEDORA:1BCBD6087EFA", "FEDORA:2DDF56087EFC", "FEDORA:30C4560E4589", "FEDORA:30C4A60C450A", "FEDORA:361B46048FC9", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4329260E587A", "FEDORA:4413E6087D61", "FEDORA:4467B60E6CE0", "FEDORA:45EA7605A34A", "FEDORA:4EF2660E458B", "FEDORA:50E7D60F2C0C", "FEDORA:561B260CE121", "FEDORA:58A826087D72", "FEDORA:668136087902", "FEDORA:6D7C12253B", "FEDORA:7903222D89", "FEDORA:7B6DA60CB977", "FEDORA:955A2608A1F0", "FEDORA:997B660D68A4", "FEDORA:9E5776087B1A", "FEDORA:A8CDA60E1392", "FEDORA:ABDD7608A209", "FEDORA:AC832604E903", "FEDORA:B1D43608A1FC", "FEDORA:B758360EE970", "FEDORA:C4392608A4B4", "FEDORA:CA868607A1CD", "FEDORA:CF2EC6087E4E", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5", "FEDORA:E523360D8734", "FEDORA:E67696087B8D", "FEDORA:ED7C56087EF2", "FEDORA:F38FB60CBEE0"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "03532A19-D68E-11E6-9171-14DAE9D210B8", "0DAD9114-60CC-11E4-9E84-0022156E8794", "384FC0B2-0144-11E5-8FDA-002590263BF5", "76C7A0F5-5928-11E4-ADC7-001999F8D30B", "9E5BBFFC-D8AC-11E5-B2BD-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201411-10", "GLSA-201502-12", "GLSA-201507-14", "GLSA-201603-14", "GLSA-201606-11", "GLSA-201607-17"]}, {"type": "github", "idList": ["GHSA-5WFP-8643-C58X", "GHSA-GXG6-RC6C-V673", "GHSA-Q56H-JJJ6-52MF"]}, {"type": "hackerone", "idList": ["H1:216271", "H1:288966", "H1:318594"]}, {"type": "hp", "idList": ["HP:C04720842"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141215-01-POODLE"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "00CCE1573777F42ABE99718CA356421C893500F8774B2D76599D43AB2118F4F2", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756", "056E96784A0F2E360E8FFDD6166940DB126DC42CD8EE29A4F56654C90AA3DBAE", "06457DA2FE08EC56407EF05C2EAAA9080634D44807C2A8ABBDEA18DCD9364BAC", "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "07D4FB7502461B455170EC4A3723A261E0A884D8FD1326DEA1F8F1ECBB88F061", "085C6CA90DE627C71EE8BA457815CC459880B3A5A2A0DA73EADE9469DD73B572", "089A22DF45A6A61A3FF97373F238500A1D91A110E51A6F34A717E9D0666652FC", "08A60A414C2F101E8FBC77A91D981603CBCDA6F17B941F98E4CF7DDFE8C5D702", "098E1724D0D22BD8E0B54429E8D6B7A2A5B2B8403A792BB9788E96F4B4565340", "09EDE4E0CD7DF2699F28363782319D7EBC282776D733D8DA6183FF69A1E1027A", "0BFFC8DA3D20D61485D3B937CF8B08468DB94C6B523B29DE9871511B28C3EEAE", "0CA00743313ADA9239A64FA4BE3224177CE9000A26E81275E0B9655376730175", "0E00AA8941EDBCF93DDDD7088D2C303613B72667D550A884AF92B427590B6626", "0F125058B2B3EFA1B2F03EB765AC6FF907238C7C4AFFC71B6B86A5DA71D336AA", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "13C3D53BA54035028BA8B6CCC92D57C0C0AFB5754F2A746073C2E64512AF302A", "142BCF9DFE12C8120D0F10EB7F7C4EF6289BDECEFE22E9A922E1921894B7DD22", "14D6BD9FB21D986F7A7372B530E1023CD0FF42323E4743E166603718FA4482AC", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "163B562F5AFC1A99F9A2701D0E47704B52714A334C626B2B0BFE651FAD6898B8", "16851167A6E7D383CF52D5B447DED7E09886CA93B8A9A92A25FD7998659A49D8", "1696E1D8792540E46785AF5C86F8AD0F77D5F716A56F15223E99344280FB380A", "17B08F6F44F4DFD4020907C209D995B8B4BE03B83FAA709EEF0B6474E13631F8", "182B7E2B619361F12F4ED5FC874487EFED77E355247E741885559BD37BCBA877", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1B7D434E2F1C8DB76634F8CA2E3ABB8CF42C847FA670A06F5CA0DCC0AE9301F5", "1CC7A3B18C6A6840C27A5AD471020D77EDB5E679DE0DE0349AD85905B0A529BC", "1D2EB2EC38E4DB6C0CD2883CA6D9C794795FF7CA8083B7028EA7A644113427D7", "23ACC7BB2569417276597C257401F3783EB07FD152C4689F7E77CADFC4EDD536", "2550C20B34C7498DA6B51CE37BFE6E9597BF3F1E83701B79A8B4AEA4D63D815F", "2650AFBF84F5A110BE543D866E405B2673736E39406B209BB493BC69B63C62F5", "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "2909E108CC11D1534AEB2FA86A0301389E6AE2CF916951D7288B9507C4B4A871", "29BFF097F764F2E2870C5D0DC577733C5EEBC573E7B3FE466D280FD91D64FD0A", "2AD55644A16B08DC4CD7D5B0074C944128455FA5FB38A6CCCF95596E90E15198", "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "2BE9140C38522B6603DE40CBE860081AB9B8829B43238734C750961AB19A2022", "2D47C04E6DC96C33D762A696D877470267709B318694B545F251F97379605B87", "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "2E9D4568B743B9BD75F8462B4F4198F10C55ACF509C02151171249327D3AA277", "2F5E9F58C5211E4D42487F7A140F36650CEBDEBD701BADBE4FFD04B577E43B91", "2F816069CAA66A54C42E49ED29CB63DF268919E76E80D54190EC3F850E0D535A", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "305CFF54D1B74278AA889780BABE7E0790314E9D321B6262C0EA59170C7721E6", "3087E890AD1B34329596C16C2C76C102E962CDA62DC06323CFC97E0BC299949A", "30CE29210480BEEC2EB282BC15979827A9D22FD02B9CEC9C7CA1BFF2E6B78BD1", "34140B27A5D1A59AF1705275CDC6C3D56125ED159A93155B5AADAD5E28A13E2D", "3484930B9D1D577B443F9B6823E8F4CFC7578B80B89E16866C07AC9046A0F330", "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "3571B420A072DEE76E37DA221B03342365B3036A912A7CE6A01A988190A8F62D", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "38EA893B1CB49114E3D8196A772DD2EACB1D68746AC3215F7DC912F30D4B3635", "3918C76EC7F53EFDF9D130FFCD6246ECA57AF2056C25E6C5539574FCFF5D00AA", "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "3EF919878669EE41DD08409B9AA0E2DAA0F0DBC40CFE18712D5924A93F1806CF", "3F57B28A333795FE99F15204541692079D5FC8DC7D021B800C34913644FFC319", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "42312F10B1658E98D243F69333FFF10B2BDEDA9D5663B5D9DA8AA5CCFABD9196", "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21", "4429AE393D14D9DD1BA1A49D42CB67BB5D731909307AF189B937C047DFFB1943", "45287357CDFF0CBDD9F6FBC98FE84205AFD006DFB984C6B589393F8B09465C66", "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "45598BFB4E8D67B515A9DEBBBF4CF71F882A6EC2E045D148C250DA38513CBFC2", "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "47644FAFD6F6ABB09C9F2440BAAC192C1002C567818AF5F51FCF8952AB3DBEBE", "47854739A78D340A07A1A22935ECE0D3E40F068349563A968BDFFB20132370BE", "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "4809400533FD6C30023AE955C69A543142E0C7DF76FF919FD4AE1E2A5EE20F64", "4A325EAEADE0B2570B74B5CC599F3C1975F694E5A8FF485F9EF08D83AF509833", "4AAD2BFC5837F0CD9E63B31CC9644C3A90E942FA13F398384C4E1FBA2E175E09", "4B658A4E1DD9BEBA4FC01E63048598E09F50CB1F3DF1425149B30054D8A86861", "4B91F54351C8E2A7EB94FFBA49ABCF65F3B89CE008205B01064C1D209D4E3196", "4BC6D30CFD09083CDC5151EE89041D55BA6A3D117C87B28CD19B676AA7F1B10E", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4C3A7AF69520F85628AA81BD0558FE9A6C0B1D261F918B38C8DEA77475FD6DF2", "4CBB4033AC337E83AD3EA3A3DEC8A422E391B20F569BDE525FE1C1D993732484", "4D77034014EA28691F31F1A1AD3A78E0638E8CE056EBC57C6A804415C796E31B", "4E03B5B740C92279AC8C147BED2256A592F9E9668D22F421EC3C26ADF5BA60DE", "4E170B8FD5682769ED75972FAE0552F568BCBFC890B02D2B0B3E378720026C6B", "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "4ED2415E866AA27E2339351646BE68575D6DE777D3DA7E7EB9AC12F916F1C0DD", "4EF982C974766057C7B93AEAB363E572E77E92BC1EDE757D6871ACBFAED6158D", "5007847C128F9E3D31BFC95E261F4152F6B9DD1551B91A8CBFE6C1F12E8909A7", "517ED6B46A2D3B0E04DDB4B6B9CD4302B2390BD38C3C1127A87B5CADA67CA8DF", "523AA94D1E10269FAF98CA05CDCD7A695FB6F29B64D25ABFB286FC0B6B450921", "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "525C6BD08A7DEAC797E73609EA859FEB9C8E9C33062F7D8E6C8761C8DF6F813B", "527AEB02DC4029326B0DDB6C7A93716F28D3B32A5D2FFCEAC8C4A9ACE4F8F863", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "527C030C003106EDF08727B98AC10682E8DE0D0F67A43A4BBB5A977ECA249116", "529738DA56E39D786AE750710FE217BA8C730289CB3B2DF92E820F0305BC6957", "52BB0D1CF9E678E216D235F48151D232EC3E3224C07ECBA1A4139D390CBEE54D", "5437F11DF849786915473DEAC087A0DCA9C226BC4906E541DB85C2CD06792A56", "5650B581CC8825AC08D824C43E45D5DA6B9E168CF24E67CB80A5D3E2A616B96E", "581C275093B683BB779DBFE1995D5CE6F40E4DDF3105B319DBB43DD3270F0131", "58FD1DDCB55CCDF528A44B993538A2A81B510E99C4CDFFC005903C0A1A55C134", "5AC842C76A38BA7E6961E8ACD0BA85FA50688DCA05B04D73F870154778C0B550", "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5DE8B3EDE10727E701D4521B68C43392913E7992400F9779163E6AE7193811BC", "5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "5F07312D1C5E6FE8181D631352EDDAC9A1D6DA80B24005A4700B576A3B30DB78", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "63BA91B4612104EB8E2D55CEC2DCDE8AA7F8D44E79BC791C78F79931691CECF4", "65CCE741A79909EEA8CCDF87D99B902E3722DEA5437374949A3D3ACCC7F6F48A", "65D2023CA7B86139BF24CEEFE9E5ABD3F31BC8FB55B2BE141C6D0E3FC7228888", "65DB2DF1E5DFCD77CCBBB618503600B226ECB723619232D76182A80D58890F9D", "67615B3DF6F5568CA6CD3854B375F0630F95A2BC0B539101522BB1406AF01FA4", "689070AB4C011A979BBA5848242A400944D849D04225B611EB1D2B6DEFE03427", "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "6A04D5E4C99A2F50DCD4C5B4FAF20AD2C3B16AD9EA922F5FEE4DF718AE506672", "6A2DA1714DF56AB2FA9266DEE0E60C0909DF1F23FA7DD657461079248F078C7E", "6B1FE6B87F5632D0E3A2DF3894D6A87F2FF4EDBFA3CCDA8DACEEFCD473F77904", "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "6C099EB2D7A6A7FB08F677C5022E99A80942C8B6F6F4DD59D6C967A34499E8CB", "6D535A3AEF65DAA651A7961CBD4354AE631F476BC694CF73D20623E7518799AB", "6DFC02A34D3BB730D9CBA6C97A8D3284FFD1FB8F5F3DD7D9B65FE6CA089C2006", "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "7046138B9599A1C4F494C484A9BB676F47CE5DB50FD7EC9400CB6F191317A8B0", "705280D237DEDB26D3D68396BC2097819ADC8127D93D08AF8CFC027E9A703179", "709E27E3685930B945F2FBC357A30EA55914B7F6AA51DED371226AB763C07085", "70D598FB0EC5B16C61F969E93550D01E02981B6F45DF9C62FFECF6A39D205317", "7196C8D1335ADFCDC76659DB37704C37F43BFC5EAAC5070B6B965CB49E2ED826", "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "738DBBB869CB129A22934E3ED87B1E782CE0B27154E0BF24B9765FFE6499C6E6", "74076B236C6D5E1ADBBD56B5F7295074E99E48D62D66B33FFF3A6DC56689B9B6", "74703F913A5521ED32B7192E664187A2672BA346C48F8CAD66D4E9AD8D48F992", "76A453BCD047723CA1CC19571C2519F1D2D86C3F1ACD8A2638C598517C05E173", "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "7867594F3F661628BC072448F76C9D640CC551AA7B923B0ECA02D677F1DD75F3", "789948D6E2D3214CF6D14873F1BE91C91BC7007F1ACE3F9DD9D9CBFBB98592A9", "7939E3127B55B3B411285CE6E6FFE396E96A0EC351F6CD5E416BA1F9DBFBDA7C", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "79F7EB62DB5A8ECC70229B81AD83CA7190E2B816E6FC1DBE08ACE303AA36320B", "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "7AE79CBB38C9B30F603A5F44A9B8F142162D6B14888148AC3503AD993B81C776", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7CC639A842FFCB87CEB4C497DB1ABD24DBBACF8C16556A04B5249D0904F59838", "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E1AD56C932EE6022D560B647F3D701B90E917C8D245F2619F30EAFAE93014A2", "7E327BBFF3C6248340BB4D02D0AED4CFA65A1C13329D0793D3B72E11E963D084", "80CBA97D4C339564CDD3571C5AAD9B39B1141264FBCE736F56AFF8266EA88A1B", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "80F0700C72911776959FE504065DD82D18080F7C144E3ED2EAEB33082E18A72D", "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "838ABDA0AD5BAD7A418654E286EA8417E5463A5202CC7E5CF587241BDE82B377", "84ADA1A0F9193EF446D20A2AE6CBA8AD78BD934525DE84341357005D9E20113E", "84D2B6AAB4BBBF7A71EDDA602CFAE3C281479B9C53A36735C61F9CA5C55A781A", "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "85A0C504FF92CDB72A7CC6F51AB8821174675753CC976BCF65DA11E30A38515F", "86342A16183C947600A2D12FE2134D8199BF66CC53E099BBBD76E9F235DE5D41", "88EA896D99872F01F51690D372F7C62BE59380776AB1C1319EA3472BEF677AC8", "899EB53FF6D7EF5FCBB2C9D9531FFAF9D68313191F09BD0D43CD9D8F32F900AB", "89DB701FDA8D57E716DB17DC1D2B06DF3EA63347FFD5556F145651826A5D4927", "8A9198697F8388FC75E2DA73A2811AC8903D8787718F479A630B9674D8C0DC03", "8B09C9492941B8B6C6FB844862484437C6E439C77EC2B6E2EA1BC5C87B890DBB", "8B152CDC9A53DF1C3A7E1D3C9E764839F5ED8E125E207AE55304C80E5625D456", "8B8C66A4898A077124BBB8B80AF8131F97AB4CE33B457487C6EF966698FD1EC8", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8EE72E8CA9356EACD897B0AE9E0921956BE9AE31189C579F552223847F5A3B9B", "928B26714FC24270FC86337E21BBA3EB76F0E528762596275CC586405FE80B05", "92EA0DC3F7A8465E69CEB697E55CF662DB6A5BA1371C3DECF7FD51311822B1B6", "9461B23DBDFCC9C45ACA7AE476827AD44ADBC6048F675F99FD8C0E00A94791FE", "94729235EDC9141D44D07889E9CFEB3AB675CBD1FD02A8678D1FAE4F8578D84C", "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "94B0133D91DD1AAA87A9EB1F82E658000D52DE57AFAFF6E711787FF54BEEB5D7", "961E95FA88FD7A8C30DFE02BACBFE022B20A70E973DBD5962B95C70771F0CF07", "9A0B377B539E9EB3DEAE72601B316AC39529FEB48D77BA9C2660AD88E7DF662B", "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "9AE27752CE61B7806165EEC477048C9431337F2A610460AB42D12020D03EF964", "9AEF7943FC15601E8764D0053EBD7C1FB2D252A0A9CD314B104D203C2E9C2EB1", "9B3FAF8E25D910B37ECDE9CDDF654F23BFDC8BF7D845184A2769393D46FD9EC9", "9C2FBC3B37A5A1EF2FDE6E2AB0715EEFE928A3AD8B0C7BF17F4E6D6C0F5F729E", "9C49B3B910ACAB3C030BC5586AFC34DCFAEE7EC64D7D8447E2AADA6C76053457", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9CF7AFC641D593C078C001F6D73228861A95BD08ECC59A04A92C63E668ABAD78", "9E20D1855575208AB10D7A37A8F732F5FB0995B4D096646EBC735EE1706B18C6", "9E3FCEB3C8DC76AD3152DBCC2EFEFAB5F229FFCEF4CF1D756D45190726CF3D0D", "9EB1478AE17D3EDFE567B0697D2C2B0577C9714D05F5A2E7A80B66D0034D89D9", "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "9FD0A2153D7653CA93FDABF4A80D4F63FFD425F2201F266B744D51C1F6F9AB82", "A11D2235BC5E988753C51096BBFA7573650321F820029FF53DED3E229FB3EC76", "A1D0CE295E9257EABF11496E4A797CF7C164CD524E3E6EB07DE1E1D5DAE4AA1B", "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "A49F9EFECEFD840DBA180620BA6247AF2908F0E8D2F8C691E6322205046D5645", "A4AE0AF45FF24755B952291D5F049C1F1600B9586D7F2B414441DBEBE6AEFB53", "A53AB047D484B7CEFC288D2B4D810DAC537F3F75E6129B90A28D4BE9DA746C2D", "A6B089124F750729C2A5DCFDD551701AB74968E1A86A4C4BE83273F5F8E1BE38", "A6D627905BD66181BD363C0FB51F6E2406835F2FAE676E7F5BDB38D19625CFEF", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A9CFDC9D4807EDD132C8A5C5CC10D1E0ED146D4064FDA44CF9F4A843B35576CC", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AC33843924B6A7415E2B5520B228A4C48ECE79D3ED971F29EAFD5A574C45E7BF", "AC54A5DAFA15D91044EA9FE6159829752BCD0E35D53719860B2A80D7AB2DBBA9", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "AFC9403AC32DA755BDF787A3109DD90725B60FC88550DD0DCFCF727CE478E948", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B2AF94E4B4104CFC171D34D738F1AFC4758C45D61D537CBC43031028CB7E0EA4", "B45ABED8BD58C33A07263A55AF5D4FCACA1D1D4D41B9076C9B3E26F4C663C536", "B4C324A6FD8EF22AF23E006EF9A141FD3EBA5B12341EF67665F1428E1D1AA71F", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "B61AB1D0CA790E1ACAC9798122DF79FFCF9B8B2580CDC33E702C953B7EF6B140", "B634FF2E7FC1F3330432FBCA9743C474852276C64003951811F2A870EB1D6D85", "B80E857F01B07BE9A7EE60BFD8FF52F82A16A63194D34BC2560D982812DC6722", "B8393071180D09A57E5AFC802B4EEEBE28B5FB25848661776F530558F2D5B24B", "B8BB28CB59403D76B2A95C8494CFB748BC173FFC4D90F4B4EC299DE20491DE0A", "B92350DAAF295761666E616275C53B448D53547B60DB7478FE3FCCE518028947", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "BBC19469EB9B90D82D15BF345DE6BD2F2984CAE6A5427AAEAFBF0699FD85D085", "BC538E7A24A3F264E6A115EA74114AC127AAC2CFA0AB46C73FEE5F61F30AE94E", "BCF51D77CBD205786D05C4D39C68EB7B11A8D4D268F03AEF88EC8A6D66DD05DF", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BD9659A4CCD34A1F85D3F43EBB69A1C01B35156D02EAF7816113431881473F82", "BE9D2D904E7CA83543DFC946C3B3E45C2D3BCF72E299A05839DBB505E1C6FE03", "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "C03FA5EBB009D6B1F8AADC24B78B9ABD8ADACBA78E030EBADE0D37E5B4B8531B", "C08849A00434A559EE1C5504DAE1CDDB28E9D46EDC400E95B2136AC317DFE7A3", "C0CB005D40918A594B485753D241E190431C99968BA683F118D3A0D5E3AF3231", "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "C2176C99849CD1D5066FA3528DC99CF72650196833F987B090744BC9DC861D30", "C2589DFBD09C40CB0ED3C14A127AD44309E3A47D40C1ABCBAA157F4307C403C7", "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "C403B515AD85BA6F304B323F1F0F689BF0CDDCF4EDFA0E6814452628EDF493D1", "C4201BA18FD219F4998B9CD1F31247B019E4B70DABFE54578652DCDBE9377D5D", "C55D668E9DAA959DD19BE97127802F50A829DCC234E975F8050767FE8AEFE217", "C5DC7E3B34A4B9A3DC0E8C0FAFE2DA531B9CD3D402160B1BD2722664BB8814ED", "C62AB624FA8E71A4B6F2CD73B6999128ACB4E32E342A53788D5DE28061D561B5", "C693407B0F7B8607478D59AABF3C99D1C51F0E6FF5D6BDF44F43432791F63F7C", "C81F745CADFCC259B2A14EBD6E680E0A8600116D12D6EBCDB31D0E333B902F2E", "C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03", "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "CC1740D85628549D6FAC223D34127F158CD233478F25DBA7737A26EE508DE9C0", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CCEAF07B3C4566A99FF7B58897BFB19B97162AD85DD6BF5ED2A4C5775FDE77EC", "CDD5D9308405924ECE0A1229361AFBD87209C1702DF29EF3203AB9751206A3B4", "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "D23B506F373F085D0D95234FF39AA0BCD38839F8B4D1BDF9584496C6B93F1F28", "D25FC5FB8A8B1C59AB072CD2FAFBE0E65B654246DF1F523B2F0760F380BBA57D", "D2A8B7FD0D3A20180EBF8484490243C0DC038E552B987004A03D622D69BBA611", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D3418B2E96E89CF57CA80D7EF71EB4B4A624C51867F542D04AC6C83CF95EA96D", "D5A86407A1E7524D3163EB6F0FB9FE8BC066F582785B3CB1732BC9225609855C", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D66F1CF05D4FAEAA1D2A1BD6C942DFBCEFA7698121E07EA674D81BA77E984AF6", "D6EF0A354BC60FD9763CCD91736DAA8B1445C437C0A7B30389216581A9447D9D", "D71ECE9054A0423D2796261CBA40257762AA9E2D7719136781F2B173EA9107E9", "D75F49E7D6698E2E1DBE1E4198A1763D2D7D545AC9A36AAA8755892BFAD86388", "D7B1C15A62F7B531F511A5EF0469D5FE65B9DE7B0ECEECEAB48E9146B08B3514", "D807F98F285E9AA24C6982ECD7ECE986CC9DAEE3771B85EB11104E7DB3A38BAE", "D96A92F0CA03F4F2C88E154823F2DD614B2ACF76C06CFC4738D11985A72E18C3", "D995BFD7F2FE7D2B6BD9B254E3A2FFCCE7B6FC8B44FD9CE6285A91BD366E9BE9", "D9B33FAA9F87D18625F5A08EF5634D73168FBB4A49FD551EFF5B173DEC473E84", "D9F9C21739CE0374485FD9F451E99B1E3D3DD763F365282CE7DBE1FD581588A1", "DB22B3B68744FEE0B895F36BFE3C07C0C84967B87710DE01FEC11B662F3B8A89", "DB2B818A328E9D978E389CD017B47DF75CF8C64900E023A2B46B5D029C47E02F", "DBC08F11E8C546F68BF3DB9830663489611F4366FD7EB52BF39808F516F3BEA2", "DCF6197D1AF8FED8B2A2B076D22A3501063C90026F751721EA8B0587D5B4BFA9", "DF1E63CF8B14528F156628BE21730C46B9AD6FEBFA9BE46C21DFFEFE8A0D3852", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "E1956B84C4A8A327CE88C2A393674D2E29754B0D0DE5EA9CD732916AC207C1B2", "E3BAE9A30B20D04512C7C16881BAE14D80726FD5F24F3B32C3DF1C51B000477A", "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "E54048B186E2B0430A492A11B734CD6DBAB437E3800A622970DF288484B9F9CA", "E57295B2DF96E63714F13E4379EC8E7A499283CEEA7CE0853AF9B05661E32ED1", "E6153C35BD44471C95F1EFEED9B29C46E12A43C017CCADB1D87BD84154E4A620", "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "E6539A3BB2EB04D867564E210333C561765406B8A7B65151CA32F4CE21B0AE0B", "E675D51A7FB510C24E511865634B3A1ABAF3FFDC2E1EE1FB4F121D91BADD2E7D", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "E9094C448DDFA53F1801F49370E9B1301873155775CFD8E4A6A53500E27FBB43", "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "E9DF307FF5F2340A2C57BE0A4EAF0F3CDB6E89C8E7F4C882C103E8E0FAAC18A7", "EA74E641E79A078A4FD722F20D029127AA1107DE269BC715ABDD7893A034774D", "EB20B672B0F8880C0E9D8D5292F68305326883CCEA193494DABCBD14BB06A184", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "EC972C692BE3023B72017E1A0E500647A4508BA18E2201793D3A30F3A4FFF8F1", "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "F06BAB24D9E4E17DD0677BA61DD3C1AC11E4C85147BBF86EE8D3A92E535C3E14", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "F5BA0AA514CF99CA86DFB280C43745FF52D52633170D1E545ACF89151C65EEF0", "F631FBF3345C07F81D82B960695E1646F617E669785B8F63DB760D886F1B2C12", "F665A1245FF1694ED9B578D35C955B51DAA051F90350DA793AFAC0D05F2DCC0B", "F76E0893657D8DCCB46BCF1747D9BBFAC71F1F913691D424A22E90E2BA8CF4BA", "F7AEEAE35D7C39B759348EB1CEE9E7D07D0AE01CE51CB6E2A84C28B058E529B8", "F9ADD5C0B29D5EA4036B7F3A5477FA4502428CD7F7F7ABD1AF85EE16C6650D8F", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A", "FC1504B77932C679BCC73A0945FB064198F54C8877EF271F049BDB0D90B592F1", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FCF66C1A96FDC8625BB9D927E042CEAA982B68F998C9AFCE8CBB28E803F9F816", "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F"]}, {"type": "ics", "idList": ["ICSA-17-094-04", "ICSMA-18-058-02"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "kaspersky", "idList": ["KLA10359", "KLA10447", "KLA10452", "KLA10505", "KLA10507", "KLA10530", "KLA10570"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146", "KITPLOIT:7553690576096019209"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-NOSID", "LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0292", "MGASA-2014-0416", "MGASA-2014-0422", "MGASA-2014-0489", "MGASA-2014-0490", "MGASA-2014-0507", "MGASA-2014-0550", "MGASA-2015-0037"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784367"]}, {"type": "nessus", "idList": ["700649.PRM", "8332.PRM", "8550.PRM", "8552.PRM", "8562.PRM", "8897.PRM", "9081.PRM", "9700.PRM", "AIX_IV69768.NASL", "AIX_IV73316.NASL", "AIX_IV73319.NASL", "AIX_IV73324.NASL", "AIX_IV73416.NASL", "AIX_IV73417.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73973.NASL", "AIX_IV73974.NASL", "AIX_IV73975.NASL", "AIX_IV73976.NASL", "AIX_JAVA_FEB2015_ADVISORY.NASL", "AIX_JAVA_JUL2014_ADVISORY.NASL", "AIX_JAVA_OCT2014_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY11.NASL", "ALA_ALAS-2014-383.NASL", "ALA_ALAS-2014-387.NASL", "ALA_ALAS-2014-426.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2014-430.NASL", "ALA_ALAS-2014-431.NASL", "ALA_ALAS-2014-432.NASL", "ALA_ALAS-2015-471.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-480.NASL", "APACHE_TRAFFIC_SERVER_511.NASL", "APPLETV_7_0_1.NASL", "APPLE_IOS_81_CHECK.NBIN", "ASTERISK_AST_2014_011.NASL", "CENTOS_RHSA-2014-0889.NASL", "CENTOS_RHSA-2014-0890.NASL", "CENTOS_RHSA-2014-0907.NASL", "CENTOS_RHSA-2014-1620.NASL", "CENTOS_RHSA-2014-1633.NASL", "CENTOS_RHSA-2014-1634.NASL", "CENTOS_RHSA-2014-1636.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2014-1653.NASL", "CENTOS_RHSA-2014-1948.NASL", "CENTOS_RHSA-2015-0067.NASL", "CENTOS_RHSA-2015-0068.NASL", "CENTOS_RHSA-2015-0069.NASL", "CENTOS_RHSA-2015-0085.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-CUCM.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO_ANYCONNECT_3_1_5187.NASL", "CUPS_2_0_1.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-443.NASL", "DEBIAN_DLA-81.NASL", "DEBIAN_DLA-96.NASL", "DEBIAN_DSA-2980.NASL", "DEBIAN_DSA-2987.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3077.NASL", "DEBIAN_DSA-3080.NASL", "DEBIAN_DSA-3144.NASL", "DEBIAN_DSA-3147.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3489.NASL", "DEBIAN_DSA-3504.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-2509.NASL", "F5_BIGIP_SOL10065173.NASL", "FEDORA_2014-10171.NASL", "FEDORA_2014-10322.NASL", "FEDORA_2014-12951.NASL", "FEDORA_2014-13012.NASL", "FEDORA_2014-13069.NASL", "FEDORA_2014-13399.NASL", "FEDORA_2014-13647.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-13781.NASL", "FEDORA_2014-13794.NASL", "FEDORA_2014-14217.NASL", "FEDORA_2014-14234.NASL", "FEDORA_2014-14237.NASL", "FEDORA_2014-15379.NASL", "FEDORA_2014-15390.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2015-2087.NASL", "FEDORA_2015-9090.NASL", "FEDORA_2015-9110.NASL", "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_0DAD911460CC11E49E840022156E8794.NASL", "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL", "FREEBSD_PKG_9E5BBFFCD8AC11E5B2BD002590263BF5.NASL", "GENTOO_GLSA-201411-10.NASL", "GENTOO_GLSA-201502-12.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201603-14.NASL", "GENTOO_GLSA-201606-11.NASL", "GENTOO_GLSA-201607-17.NASL", "GLASSFISH_CPU_APR_2015.NASL", "HPSMH_7_4_1.NASL", "HP_SITESCOPE_HPSBMU03184.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_DOMINO_SWG21693142.NASL", "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "IBM_HTTP_SERVER_521711.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "JUNIPER_SPACE_JSA10659.NASL", "MACOSX_10_10.NASL", "MACOSX_10_10_2.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SERVER_2_2_5.NASL", "MACOSX_SERVER_3_2_2.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_SERVER_4_1.NASL", "MACOSX_XCODE_7_0.NASL", "MANDRIVA_MDVSA-2014-141.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2014-209.NASL", "MANDRIVA_MDVSA-2014-218.NASL", "MANDRIVA_MDVSA-2014-252.NASL", "MANDRIVA_MDVSA-2015-033.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-198.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_8ZC.NASL", "OPENSSL_1_0_0O.NASL", "OPENSSL_1_0_1J.NASL", "OPENSUSE-2014-605.NASL", "OPENSUSE-2014-640.NASL", "OPENSUSE-2014-647.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2014-772.NASL", "OPENSUSE-2014-773.NASL", "OPENSUSE-2015-91.NASL", "OPENSUSE-2016-1339.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2016-351.NASL", "OPENSUSE-2016-370.NASL", "OPENSUSE-2017-459.NASL", "ORACLELINUX_ELSA-2014-0889.NASL", "ORACLELINUX_ELSA-2014-0890.NASL", "ORACLELINUX_ELSA-2014-0907.NASL", "ORACLELINUX_ELSA-2014-1620.NASL", "ORACLELINUX_ELSA-2014-1633.NASL", "ORACLELINUX_ELSA-2014-1634.NASL", "ORACLELINUX_ELSA-2014-1636.NASL", "ORACLELINUX_ELSA-2014-1652.NASL", "ORACLELINUX_ELSA-2014-1653.NASL", "ORACLELINUX_ELSA-2014-1948.NASL", "ORACLELINUX_ELSA-2015-0067.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0069.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2014-0038.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2014-0040.NASL", "ORACLEVM_OVMSA-2014-0041.NASL", "ORACLEVM_OVMSA-2015-0068.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_JAVA_CPU_JAN_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2014.NASL", "ORACLE_JAVA_CPU_JUL_2014_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2014.NASL", "ORACLE_JAVA_CPU_OCT_2014_UNIX.NASL", "ORACLE_JROCKIT_CPU_JAN_2015.NASL", "ORACLE_JROCKIT_CPU_JUL_2014.NASL", "ORACLE_JROCKIT_CPU_OCT_2014.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2015.NBIN", "PUPPET_ENTERPRISE_331.NASL", "REDHAT-RHSA-2014-0889.NASL", "REDHAT-RHSA-2014-0890.NASL", "REDHAT-RHSA-2014-0902.NASL", "REDHAT-RHSA-2014-0907.NASL", "REDHAT-RHSA-2014-0908.NASL", "REDHAT-RHSA-2014-1033.NASL", "REDHAT-RHSA-2014-1036.NASL", "REDHAT-RHSA-2014-1041.NASL", "REDHAT-RHSA-2014-1042.NASL", "REDHAT-RHSA-2014-1620.NASL", "REDHAT-RHSA-2014-1633.NASL", "REDHAT-RHSA-2014-1634.NASL", "REDHAT-RHSA-2014-1636.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1657.NASL", "REDHAT-RHSA-2014-1658.NASL", "REDHAT-RHSA-2014-1692.NASL", "REDHAT-RHSA-2014-1876.NASL", "REDHAT-RHSA-2014-1877.NASL", "REDHAT-RHSA-2014-1880.NASL", "REDHAT-RHSA-2014-1881.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2014-1948.NASL", "REDHAT-RHSA-2015-0067.NASL", "REDHAT-RHSA-2015-0068.NASL", "REDHAT-RHSA-2015-0069.NASL", "REDHAT-RHSA-2015-0079.NASL", "REDHAT-RHSA-2015-0080.NASL", "REDHAT-RHSA-2015-0085.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0133.NASL", "REDHAT-RHSA-2015-0134.NASL", "REDHAT-RHSA-2015-0135.NASL", "REDHAT-RHSA-2015-0136.NASL", "REDHAT-RHSA-2015-0263.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1546.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20140721_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20141015_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20141015_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20141015_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20141015_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20141016_OPENSSL_ON_SL5_X.NASL", "SL_20141016_OPENSSL_ON_SL6_X.NASL", "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SMB_KB3009008.NASL", "SOLARIS10_142824-24.NASL", "SOLARIS11_OPENSSL_20141104.NASL", "SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SPLUNK_607.NASL", "SSL_POODLE.NASL", "STUNNEL_5_06.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_JAVA-1_6_0-IBM-140815.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_JAVA-1_7_0-IBM-140815.NASL", "SUSE_11_JAVA-1_7_0-IBM-141121.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-140721.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-141024.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_11_SUSEREGISTER-141121.NASL", "SUSE_SU-2014-1387-1.NASL", "SUSE_SU-2014-1422-1.NASL", "SUSE_SU-2014-1512-1.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2016-1457-1.NASL", "SUSE_SU-2016-2285-1.NASL", "SUSE_SU-2016-2329-1.NASL", "SUSE_SU-2016-2396-1.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_8_0_15.NASL", "UBUNTU_USN-2312-1.NASL", "UBUNTU_USN-2319-1.NASL", "UBUNTU_USN-2319-2.NASL", "UBUNTU_USN-2319-3.NASL", "UBUNTU_USN-2386-1.NASL", "UBUNTU_USN-2388-1.NASL", "UBUNTU_USN-2388-2.NASL", "UBUNTU_USN-2486-1.NASL", "UBUNTU_USN-2487-1.NASL", "UBUNTU_USN-2923-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL", "VMWARE_ESXI_5_5_BUILD_2352327_REMOTE.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0012.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2015-0003.NASL", "VMWARE_VCENTER_VMSA-2014-0012.NASL", "VMWARE_VCENTER_VMSA-2015-0001.NASL", "VMWARE_VCENTER_VMSA-2015-0003.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL", "WEBSPHERE_565975.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_0_0_10.NASL", "WEBSPHERE_8_5_5_3.NASL", "WEBSPHERE_8_5_5_4.NASL", "WEBSPHERE_8_5_5_5.NASL", "WEBSPHERE_CVE-2017-1380.NASL", "WEBSPHERE_CVE-2017-1382.NASL", "WEBSPHERE_JAVA_SERIALIZE.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AM.NASL"]}, {"type": "nmap", "idList": ["NMAP:SSL-POODLE.NSE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105190", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105283", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310105424", "OPENVAS:1361412562310105835", "OPENVAS:1361412562310105950", "OPENVAS:1361412562310108403", "OPENVAS:1361412562310108410", "OPENVAS:1361412562310108411", "OPENVAS:1361412562310111012", "OPENVAS:1361412562310120010", "OPENVAS:1361412562310120188", "OPENVAS:1361412562310120189", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120288", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310120341", "OPENVAS:1361412562310120343", "OPENVAS:1361412562310120344", "OPENVAS:1361412562310120409", "OPENVAS:1361412562310121285", "OPENVAS:1361412562310121351", "OPENVAS:1361412562310121395", "OPENVAS:1361412562310121456", "OPENVAS:1361412562310123198", "OPENVAS:1361412562310123200", "OPENVAS:1361412562310123201", "OPENVAS:1361412562310123202", "OPENVAS:1361412562310123269", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310123286", "OPENVAS:1361412562310123287", "OPENVAS:1361412562310123291", "OPENVAS:1361412562310123373", "OPENVAS:1361412562310123381", "OPENVAS:1361412562310123382", "OPENVAS:1361412562310702980", "OPENVAS:1361412562310702987", "OPENVAS:1361412562310703053", "OPENVAS:1361412562310703077", "OPENVAS:1361412562310703080", "OPENVAS:1361412562310703144", "OPENVAS:1361412562310703147", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310703504", "OPENVAS:1361412562310802087", "OPENVAS:1361412562310804687", "OPENVAS:1361412562310804862", "OPENVAS:1361412562310805266", "OPENVAS:1361412562310806125", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310806624", "OPENVAS:1361412562310806874", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310810232", "OPENVAS:1361412562310810233", "OPENVAS:1361412562310811254", "OPENVAS:1361412562310841928", "OPENVAS:1361412562310841936", "OPENVAS:1361412562310841944", "OPENVAS:1361412562310841968", "OPENVAS:1361412562310842010", "OPENVAS:1361412562310842012", "OPENVAS:1361412562310842026", "OPENVAS:1361412562310842076", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842680", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850671", "OPENVAS:1361412562310850771", "OPENVAS:1361412562310850791", "OPENVAS:1361412562310850800", "OPENVAS:1361412562310850849", "OPENVAS:1361412562310850875", "OPENVAS:1361412562310850889", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850955", "OPENVAS:1361412562310850983", "OPENVAS:1361412562310850985", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851239", "OPENVAS:1361412562310851252", "OPENVAS:1361412562310851323", "OPENVAS:1361412562310868191", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868453", "OPENVAS:1361412562310868454", "OPENVAS:1361412562310868455", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868467", "OPENVAS:1361412562310868468", "OPENVAS:1361412562310868471", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868597", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868601", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868693", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310868770", "OPENVAS:1361412562310868824", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869036", "OPENVAS:1361412562310869038", "OPENVAS:1361412562310869045", "OPENVAS:1361412562310869084", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310871201", "OPENVAS:1361412562310871202", "OPENVAS:1361412562310871208", "OPENVAS:1361412562310871258", "OPENVAS:1361412562310871260", "OPENVAS:1361412562310871261", "OPENVAS:1361412562310871270", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871297", "OPENVAS:1361412562310871303", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310881962", "OPENVAS:1361412562310881963", "OPENVAS:1361412562310881966", "OPENVAS:1361412562310881971", "OPENVAS:1361412562310882055", "OPENVAS:1361412562310882057", "OPENVAS:1361412562310882058", "OPENVAS:1361412562310882060", "OPENVAS:1361412562310882062", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882089", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882097", "OPENVAS:1361412562310882098", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882105", "OPENVAS:1361412562310882106", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220192509", "OPENVAS:702980", "OPENVAS:702987", "OPENVAS:703053", "OPENVAS:703077", "OPENVAS:703080", "OPENVAS:703144", "OPENVAS:703147", "OPENVAS:703253", "OPENVAS:703489", "OPENVAS:703504"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2014-1972956", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0889", "ELSA-2014-0890", "ELSA-2014-0907", "ELSA-2014-1620", "ELSA-2014-1633", "ELSA-2014-1634", "ELSA-2014-1636", "ELSA-2014-1652", "ELSA-2014-1653", "ELSA-2015-0067", "ELSA-2015-0068", "ELSA-2015-0069", "ELSA-2015-0085", "ELSA-2016-3621", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-157-1", "OSV:DLA-282-1", "OSV:DLA-400-1", "OSV:DLA-443-1", "OSV:DLA-81-1", "OSV:DLA-96-1", "OSV:DSA-2980-1", "OSV:DSA-2987-1", "OSV:DSA-3053-1", "OSV:DSA-3077-1", "OSV:DSA-3080-1", "OSV:DSA-3092-1", "OSV:DSA-3144-1", "OSV:DSA-3147-1", "OSV:DSA-3253-1", "OSV:DSA-3489-1", "OSV:DSA-3504-1", "OSV:GHSA-5WFP-8643-C58X", "OSV:GHSA-GXG6-RC6C-V673", "OSV:GHSA-Q56H-JJJ6-52MF"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132254", "PACKETSTORM:133054", "PACKETSTORM:134251", "PACKETSTORM:141631"]}, {"type": "paloalto", "idList": ["PAN-SA-2014-0005"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:0889", "RHSA-2014:0890", "RHSA-2014:0902", "RHSA-2014:0907", "RHSA-2014:0908", "RHSA-2014:1033", "RHSA-2014:1036", "RHSA-2014:1041", "RHSA-2014:1042", "RHSA-2014:1370", "RHSA-2014:1398", "RHSA-2014:1399", "RHSA-2014:1400", "RHSA-2014:1620", "RHSA-2014:1633", "RHSA-2014:1634", "RHSA-2014:1636", "RHSA-2014:1652", "RHSA-2014:1653", "RHSA-2014:1657", "RHSA-2014:1658", "RHSA-2014:1692", "RHSA-2014:1876", "RHSA-2014:1877", "RHSA-2014:1880", "RHSA-2014:1881", "RHSA-2014:1882", "RHSA-2014:1948", "RHSA-2015:0067", "RHSA-2015:0068", "RHSA-2015:0069", "RHSA-2015:0079", "RHSA-2015:0080", "RHSA-2015:0085", "RHSA-2015:0086", "RHSA-2015:0133", "RHSA-2015:0134", "RHSA-2015:0135", "RHSA-2015:0136", "RHSA-2015:0263", "RHSA-2015:0264", "RHSA-2015:0698", "RHSA-2015:1009", "RHSA-2015:1545", "RHSA-2015:1546", "RHSA-2016:0539", "RHSA-2016:0540", "RHSA-2016:1135", "RHSA-2016:1376", "RHSA-2016:2035", "RHSA-2019:1545"]}, {"type": "saint", "idList": ["SAINT:2A4358BF31AF1DF12CC0825DE2A0B1D2", "SAINT:66FBA7CC8FD20610677EE0D63C3A16A6", "SAINT:9C099C4B9A40BE916B04858EBBBB06B1", "SAINT:C049B327B327D8889E6EDEE0F0EFB1CB"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31293", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:DOC:31301", "SECURITYVULNS:DOC:31302", "SECURITYVULNS:DOC:31303", "SECURITYVULNS:DOC:31305", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31318", "SECURITYVULNS:DOC:31532", "SECURITYVULNS:DOC:31664", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:32516", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14062", "SECURITYVULNS:VULN:14063", "SECURITYVULNS:VULN:14164", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14697"]}, {"type": "seebug", "idList": ["SSV:92692"]}, {"type": "slackware", "idList": ["SSA-2014-288-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1331-1", "OPENSUSE-SU-2015:0190-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:0788-1", "OPENSUSE-SU-2016:0833-1", "SUSE-SU-2014:0961-1", "SUSE-SU-2014:1357-1", "SUSE-SU-2014:1361-1", "SUSE-SU-2014:1386-1", "SUSE-SU-2014:1387-1", "SUSE-SU-2014:1387-2", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1422-1", "SUSE-SU-2014:1526-1", "SUSE-SU-2014:1526-2", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0010-1", "SUSE-SU-2015:0336-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0345-1", "SUSE-SU-2015:0376-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2015:0503-1", "SUSE-SU-2015:0578-1", "SUSE-SU-2016:0699-1", "SUSE-SU-2016:0700-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1459-1"]}, {"type": "thn", "idList": ["THN:F73D624126468D834271728F43F4B725"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:9041B76CCCD278242DD81A2F7BFCE45E", "THREATPOST:C05160819B394668E33A3A4F7E49BBFD", "THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "ubuntu", "idList": ["USN-2312-1", "USN-2319-1", "USN-2319-2", "USN-2319-3", "USN-2386-1", "USN-2388-1", "USN-2388-2", "USN-2486-1", "USN-2487-1", "USN-2923-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3529", "UB:CVE-2014-3566", "UB:CVE-2014-3574", "UB:CVE-2014-4244", "UB:CVE-2014-4263", "UB:CVE-2014-6457", "UB:CVE-2014-6593", "UB:CVE-2015-0410", "UB:CVE-2015-2774", "UB:CVE-2016-2510"]}, {"type": "veracode", "idList": ["VERACODE:15664", "VERACODE:15667"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001", "VMSA-2015-0001.2", "VMSA-2015-0003", "VMSA-2015-0003.14"]}, {"type": "zdt", "idList": ["1337DAY-ID-24035", "1337DAY-ID-24503", "1337DAY-ID-27317"]}]}, "score": {"value": 1.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["NETTCP_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-387"]}, {"type": "archlinux", "idList": ["ASA-201501-16"]}, {"type": "attackerkb", "idList": ["AKB:BC293A26-1A78-4F0D-B4CE-04E218BA7440"]}, {"type": "centos", "idList": ["CESA-2014:0889", "CESA-2014:0890", "CESA-2014:0907", "CESA-2014:1620", "CESA-2014:1633", "CESA-2014:1634", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085"]}, {"type": "cert", "idList": ["VU:577193"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cisco", "idList": ["CISCO-SA-20141211-CVE-2014-8730"]}, {"type": "cve", "idList": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"]}, {"type": "debian", "idList": ["DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DSA-3053-1:A743E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3566"]}, {"type": "f5", "idList": ["F5:K10065173"]}, {"type": "fedora", "idList": ["FEDORA:0FE8860E4374", "FEDORA:4227660CA765", "FEDORA:955A2608A1F0", "FEDORA:9E5776087B1A", "FEDORA:CA868607A1CD", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["03532A19-D68E-11E6-9171-14DAE9D210B8", "9E5BBFFC-D8AC-11E5-B2BD-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201411-10"]}, {"type": "hackerone", "idList": ["H1:216271"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141215-01-POODLE"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "00CCE1573777F42ABE99718CA356421C893500F8774B2D76599D43AB2118F4F2", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "09EDE4E0CD7DF2699F28363782319D7EBC282776D733D8DA6183FF69A1E1027A", "13C3D53BA54035028BA8B6CCC92D57C0C0AFB5754F2A746073C2E64512AF302A", "23ACC7BB2569417276597C257401F3783EB07FD152C4689F7E77CADFC4EDD536", "29BFF097F764F2E2870C5D0DC577733C5EEBC573E7B3FE466D280FD91D64FD0A", "2F5E9F58C5211E4D42487F7A140F36650CEBDEBD701BADBE4FFD04B577E43B91", "2F816069CAA66A54C42E49ED29CB63DF268919E76E80D54190EC3F850E0D535A", "3571B420A072DEE76E37DA221B03342365B3036A912A7CE6A01A988190A8F62D", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21", "47854739A78D340A07A1A22935ECE0D3E40F068349563A968BDFFB20132370BE", "4AAD2BFC5837F0CD9E63B31CC9644C3A90E942FA13F398384C4E1FBA2E175E09", "4ED2415E866AA27E2339351646BE68575D6DE777D3DA7E7EB9AC12F916F1C0DD", "523AA94D1E10269FAF98CA05CDCD7A695FB6F29B64D25ABFB286FC0B6B450921", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5DE8B3EDE10727E701D4521B68C43392913E7992400F9779163E6AE7193811BC", "5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "63BA91B4612104EB8E2D55CEC2DCDE8AA7F8D44E79BC791C78F79931691CECF4", "67615B3DF6F5568CA6CD3854B375F0630F95A2BC0B539101522BB1406AF01FA4", "6B1FE6B87F5632D0E3A2DF3894D6A87F2FF4EDBFA3CCDA8DACEEFCD473F77904", "709E27E3685930B945F2FBC357A30EA55914B7F6AA51DED371226AB763C07085", "738DBBB869CB129A22934E3ED87B1E782CE0B27154E0BF24B9765FFE6499C6E6", "76A453BCD047723CA1CC19571C2519F1D2D86C3F1ACD8A2638C598517C05E173", "789948D6E2D3214CF6D14873F1BE91C91BC7007F1ACE3F9DD9D9CBFBB98592A9", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7CC639A842FFCB87CEB4C497DB1ABD24DBBACF8C16556A04B5249D0904F59838", "86342A16183C947600A2D12FE2134D8199BF66CC53E099BBBD76E9F235DE5D41", "8B8C66A4898A077124BBB8B80AF8131F97AB4CE33B457487C6EF966698FD1EC8", "94729235EDC9141D44D07889E9CFEB3AB675CBD1FD02A8678D1FAE4F8578D84C", "9C2FBC3B37A5A1EF2FDE6E2AB0715EEFE928A3AD8B0C7BF17F4E6D6C0F5F729E", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9EB1478AE17D3EDFE567B0697D2C2B0577C9714D05F5A2E7A80B66D0034D89D9", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "B45ABED8BD58C33A07263A55AF5D4FCACA1D1D4D41B9076C9B3E26F4C663C536", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "BD9659A4CCD34A1F85D3F43EBB69A1C01B35156D02EAF7816113431881473F82", "C5DC7E3B34A4B9A3DC0E8C0FAFE2DA531B9CD3D402160B1BD2722664BB8814ED", "C693407B0F7B8607478D59AABF3C99D1C51F0E6FF5D6BDF44F43432791F63F7C", "C81F745CADFCC259B2A14EBD6E680E0A8600116D12D6EBCDB31D0E333B902F2E", "D96A92F0CA03F4F2C88E154823F2DD614B2ACF76C06CFC4738D11985A72E18C3", "D995BFD7F2FE7D2B6BD9B254E3A2FFCCE7B6FC8B44FD9CE6285A91BD366E9BE9", "DF1E63CF8B14528F156628BE21730C46B9AD6FEBFA9BE46C21DFFEFE8A0D3852", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E1956B84C4A8A327CE88C2A393674D2E29754B0D0DE5EA9CD732916AC207C1B2", "E3BAE9A30B20D04512C7C16881BAE14D80726FD5F24F3B32C3DF1C51B000477A", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "FC1504B77932C679BCC73A0945FB064198F54C8877EF271F049BDB0D90B592F1"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}, {"type": "kaspersky", "idList": ["KLA10505"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/IBM-WAS-CVE-2017-1380/", "MSF:ILITIES/IBM-WAS-CVE-2017-1382/"]}, {"type": "nessus", "idList": ["8550.PRM", "8897.PRM", "9700.PRM", "AIX_IV73319.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73974.NASL", "AIX_JAVA_JUL2014_ADVISORY.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-472.NASL", "CENTOS_RHSA-2014-1633.NASL", "CENTOS_RHSA-2014-1652.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-443.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3504.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17587.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_9E5BBFFCD8AC11E5B2BD002590263BF5.NASL", "GENTOO_GLSA-201507-14.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "MACOSX_10_10_2.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "OPENSUSE-2016-351.NASL", "ORACLELINUX_ELSA-2014-0889.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "REDHAT-RHSA-2014-1033.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2015-0086.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_SU-2015-0503-1.NASL", "UBUNTU_USN-2319-3.NASL", "UBUNTU_USN-2386-1.NASL", "UBUNTU_USN-2923-1.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2015-0003.NASL", "VMWARE_VMSA-2015-0001.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_5_5_4.NASL", "XEROX_XRX15AJ.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105191", "OPENVAS:1361412562310105283", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310123287", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310804687", "OPENVAS:1361412562310811254", "OPENVAS:1361412562310841928", "OPENVAS:1361412562310841944", "OPENVAS:1361412562310842012", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850955", "OPENVAS:1361412562310868191", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310871260", "OPENVAS:1361412562310871261", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310882055", "OPENVAS:1361412562310882057", "OPENVAS:1361412562310882060", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882106", "OPENVAS:703253"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1652", "ELSA-2015-0085"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:134251"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:1042", "RHSA-2014:1658", "RHSA-2015:0069", "RHSA-2015:0080", "RHSA-2015:0133", "RHSA-2015:0263", "RHSA-2015:1545", "RHSA-2016:1135"]}, {"type": "saint", "idList": ["SAINT:9C099C4B9A40BE916B04858EBBBB06B1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31664", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14697"]}, {"type": "slackware", "idList": ["SSA-2014-288-01"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0961-1", "SUSE-SU-2014:1409-1"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:9041B76CCCD278242DD81A2F7BFCE45E"]}, {"type": "ubuntu", "idList": ["USN-2319-1", "USN-2923-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-4263", "UB:CVE-2014-6457"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001.2"]}, {"type": "zdt", "idList": ["1337DAY-ID-24035"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2014-3529", "epss": "0.002210000", "percentile": "0.585040000", "modified": "2023-03-17"}, {"cve": "CVE-2014-3566", "epss": "0.975070000", "percentile": "0.999620000", "modified": "2023-03-17"}, {"cve": "CVE-2014-3574", "epss": "0.011790000", "percentile": "0.828740000", "modified": "2023-03-17"}, {"cve": "CVE-2014-4244", "epss": "0.008490000", "percentile": "0.796520000", "modified": "2023-03-17"}, {"cve": "CVE-2014-4263", "epss": "0.008490000", "percentile": "0.796520000", "modified": "2023-03-17"}, {"cve": "CVE-2014-6457", "epss": "0.033060000", "percentile": "0.897970000", "modified": "2023-03-17"}, {"cve": "CVE-2014-6593", "epss": "0.191870000", "percentile": "0.954490000", "modified": "2023-03-17"}, {"cve": "CVE-2015-0410", "epss": "0.027360000", "percentile": "0.888790000", "modified": "2023-03-17"}, {"cve": "CVE-2015-1920", "epss": "0.005950000", "percentile": "0.750410000", "modified": "2023-03-17"}, {"cve": "CVE-2015-4939", "epss": "0.001540000", "percentile": "0.499740000", "modified": "2023-03-18"}, {"cve": "CVE-2015-4971", "epss": "0.000630000", "percentile": "0.253470000", "modified": "2023-03-18"}, {"cve": "CVE-2015-7450", "epss": "0.974190000", "percentile": "0.998580000", "modified": "2023-03-18"}, {"cve": "CVE-2016-2510", "epss": "0.090540000", "percentile": "0.936110000", "modified": "2023-03-17"}, {"cve": "CVE-2017-1380", "epss": "0.000780000", "percentile": "0.320430000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1382", "epss": "0.000420000", "percentile": "0.056370000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1501", "epss": "0.002500000", "percentile": "0.612080000", "modified": "2023-03-18"}], "vulnersScore": 1.4}, "_state": {"dependencies": 1662390704, "score": 1684013037, "affected_software_major_version": 1666695388, "epss": 1679165106}, "_internal": {"score_hash": "922d31efdf04ac8e78fd8fcee31154d7"}, "affectedSoftware": []}

{"ibm": [{"lastseen": "2021-12-30T21:39:39", "description": "## Question\n\nSecurity Bulletins for Emptoris Sourcing\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Sourcing.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nIn our effort to serve you better we recommend that you subscribe to this article for notification of future Security Bulletins and advisories posted here. \n \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nMay 11th 2016\n\n * **[Security Bulletin: IBM Emptoris Sourcing is affected by open redirect vulnerability (CVE-2016-0329) ](<http://www.ibm.com/support/docview.wss?uid=swg21982629>)**\n\nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\n \nSeptember 23 2015\n\n * **[Security Bulletin: Information disclosure vulnerability reported in IBM Emptoris Sourcing (CVE-2015-5024)](<http://www-01.ibm.com/support/docview.wss?uid=swg21967255>)**\n\n \nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\n \nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\n \nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n\n?January 27 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\n?December 31 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n\n?September 17 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\nAugust 23 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Emptoris Sourcing Portfolio (CVE-2014-3033 CVE-2014-4790 CVE-2014-3040) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21680665>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T15:10:02", "type": "ibm", "title": "Security Bulletins for Emptoris Sourcing", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3033", "CVE-2014-3040", "CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-4790", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-5024", "CVE-2015-7450", "CVE-2016-0329", "CVE-2016-3092", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T15:10:02", "id": "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "href": "https://www.ibm.com/support/pages/node/783533", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:49", "description": "## Question\n\nSecurity Bulletins for Emptoris Spend Analysis\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Spend Analysis.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nIn our effort to serve you better we recommend that you subscribe to this article for notification of future Security Bulletins and advisories posted here.\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\nAugust 26 2015\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.** ](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)\n \nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n\n?January 27 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\n? September 17 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\nAugust 23 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Emptoris Spend Analysis (CVE-2014-3061 CVE-2014-3035 CVE-2014-4790 CVE-2014-3040)](<http://www-01.ibm.com/support/docview.wss?uid=swg21681277>) ** \n?\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T15:10:02", "type": "ibm", "title": "Security Bulletins for Emptoris Spend Analysis", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3035", "CVE-2014-3040", "CVE-2014-3061", "CVE-2014-3566", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-4790", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-7450", "CVE-2016-3092", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T15:10:02", "id": "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "href": "https://www.ibm.com/support/pages/node/783535", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:55:00", "description": "## Summary\n\nWebSphere MQ Telemetry is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere MQ Telemetry has been published in a security bulletin. \n\n## Vulnerability Details\n\nFor vulnerability details, see the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere MQ Telemetry 7.0.1 - CVE-2014-4263, CVE-2014-4244, CVE-2015-0410, CVE-2014-6593_**](<http://www.ibm.com/support/docview.wss?uid=swg21684073>)**.**\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere MQ Telemetry shipped with WebSphere Remote Server (CVE-2014-4263, CVE-2014-4244, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:02:52", "id": "6B1FE6B87F5632D0E3A2DF3894D6A87F2FF4EDBFA3CCDA8DACEEFCD473F77904", "href": "https://www.ibm.com/support/pages/node/260581", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T21:39:49", "description": "## Question\n\nSecurity Bulletins for Emptoris Contract Management\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Contract Management.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions. \n \nWe recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here. \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Detailed error messages in IBM Emptoris Contract Management are vulnerable to attacks (CVE-2016-6018)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005664>)\n\n \nMay 2nd 2016\n\n * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)**\n\n \nFebruary?1st 2016\n\n * **_[Security Bulletin: Multiple vulnerabilities in IBM Emptoris Contract Management (CVE-2015-5050 CVE-2015-5042 CVE-2015-7398)](<http://www-01.ibm.com/support/docview.wss?uid=swg21973592>)_**\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n \nApril 82015\n\n * **_IBM [Security?Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)_**\n\n[J](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)anuary 27 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\n? December 31 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n\n?November 13 2014\n\n * **[Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\n?September 17 2014\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\n?August 23 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3041 CVE-2014-3034 CVE-2014-3040) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21680370>)**\n\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T16:15:01", "type": "ibm", "title": "Security Bulletins for Emptoris Contract Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3034", "CVE-2014-3040", "CVE-2014-3041", "CVE-2014-3490", "CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-5042", "CVE-2015-5050", "CVE-2015-7398", "CVE-2015-7450", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-6018", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T16:15:01", "id": "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "href": "https://www.ibm.com/support/pages/node/783529", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:49:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Version 5, 6 and 7 that is used by Rational Service Tester. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational Service Tester versions 8.1.*, 8.2.*, 8.3.*, 8.5.* and 8.6.*.\n\n## Remediation/Fixes\n\nIt is recommended to upgrade to Rational Service Tester version 8.7. \n\n \n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nRST| 8.6 - 8.6.0.2| \n| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.5 - 8.5.1.3| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.3 - 8.3.x| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.2 -8.2.x| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.1 - 8.1.x| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T05:00:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T05:00:45", "id": "6E716AF00EBE1CCCB4A3A865B0D40DE0514995999C202F88A202AF7954B1EA51", "href": "https://www.ibm.com/support/pages/node/257555", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Version 5, 6 and 7 that is used by Rational Performance Tester. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n## Affected Products and Versions\n\nRational Performance Tester versions 8.1.*, 8.2.*, 8.3.*, 8.5.* and 8.6.*.\n\n## Remediation/Fixes\n\nIt is recommended to upgrade to Rational Performance Tester version 8.7. \n\n \n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nRPT| 8.6 - 8.6.0.2| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.5 - 8.5.1.3| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.3 - 8.3.x| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.2 -8.2.x| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.1 - 8.1.x| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T05:00:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T05:00:45", "id": "22C97F8D26389180B6CF8D80471CCD5C903A0EA0B696342FE2B33FFCFA423812", "href": "https://www.ibm.com/support/pages/node/257579", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T21:39:54", "description": "## Question\n\nSecurity Bulletins for Emptoris Supplier Lifecycle Management\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Supplier Lifecycle Management.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nIn our effort to serve you better we recommend that you subscribe to this article for notification of future Security Bulletins and advisories posted here. \n\n\nNovember 6th 2017\n\n * **_[Security Bulletin: IBM Emptoris Supplier Lifecycle Management is affected by a Cross Site Scripting vulnerability (CVE-2016-6118 CVE-2017-1098)?](<http://www.ibm.com/support/docview.wss?uid=swg22005824>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities addressed in the IBM Emptoris Supplier Lifecycle Management product (CVE-2016-8949 CVE-2017-1448 CVE-2016-6121)_**](<http://www.ibm.com/support/docview.wss?uid=swg22006854>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\n \nSeptember 18?2015\n\n * # [Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)](<http://www-01.ibm.com/support/docview.wss?uid=swg21966754>)\n\nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\nJuly 8 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\nApril 8 2015\n\n * [IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)\n\nJanuary 27 2015\n\n * [IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)\n\n? September 17 2014\n\n * [IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<http://www-01.ibm.com/support/docview.wss?uid=swg21681277>) \n \n?\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYRC7\",\"label\":\"Emptoris Supplier Lifecycle Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T13:10:02", "type": "ibm", "title": "Security Bulletins for Emptoris Supplier Lifecycle Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-7450", "CVE-2016-3092", "CVE-2016-6118", "CVE-2016-6121", "CVE-2016-8949", "CVE-2017-1098", "CVE-2017-1448"], "modified": "2018-12-08T13:10:02", "id": "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "href": "https://www.ibm.com/support/pages/node/784303", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:40:18", "description": "## Question\n\nSecurity Bulletins for Emptoris Strategic Supply Management Platform.\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris?Strategic Supply Management Platform.** \n \nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm\">)\" for details.? Please use this information to take the appropriate actions. \n \nWe recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here.\n\nNovember 6th 2017\n\n * [**_Security Bulletin: IBM Emptoris Strategic Supply Management is affected by a Cross-Site Request Forgery vulnerability (CVE-2017-1097)?_**](<http://www.ibm.com/support/docview.wss?uid=swg22006963>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities addressed in IBM Emptoris Strategic Supply Management (CVE-2016-6021 CVE-2016-6029 CVE-2017-1190)_**](<http://www.ibm.com/support/docview.wss?uid=swg22006799>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22004442>)**\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22003479>)**\n \n \nJune 13th 2017?\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004642>)**\n \n \nJune 13th 2017\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1121](<http://www.ibm.com/support/docview.wss?uid=swg22004706>)**\n \n \nJune 12th 2017\n\n * **[Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1137)](<http://www.ibm.com/support/docview.wss?uid=swg22004666>)**\n \n \nJan 18th 2017\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement **](<http://www-01.ibm.com/support/docview.wss?uid=swg21996820>)\n \n \nMay 2nd 2016\n\n * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)**\n \nMarch 7 2016\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply **](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[Management](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[** and IBM Emptoris Services Procurement (CVE-2015-7575 CVE-2016-0466 CVE-2015-7417)?**](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)\n \nDecember 1st 2015\n\n * [**Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)\n \n \nNovember 06 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<http://www-01.ibm.com/support/docview.wss?uid=swg21969875>)**\n \nSeptember 18?2015\n\n * [**Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21966754>)\n \nAugust 26 2015\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.** ](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)\n \nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n \nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n \nJanuary 272015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n \nDecember 312014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n \nSeptember 17 2014\n\n * **[Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_emptoris_strategic_supply_management_ibm_emptoris_rivermine_telecom_expense_management_and_ibm_emptoris_services_procurement_cve_2014_4263_cve_2014_4244?lang=en_us>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU051\",\"label\":\"N\\/A\"},\"Product\":{\"code\":\"SUPPORT\",\"label\":\"IBM Worldwide Support\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB33\",\"label\":\"N\\/A\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2020-11-02T19:28:22", "type": "ibm", "title": "Security Bulletins for Emptoris Strategic Supply Management Platform.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7575", "CVE-2016-0466", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-6021", "CVE-2016-6029", "CVE-2016-8919", "CVE-2017-1097", "CVE-2017-1121", "CVE-2017-1137", "CVE-2017-1190", "CVE-2017-1380", "CVE-2017-1382"], "modified": "2020-11-02T19:28:22", "id": "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "href": "https://www.ibm.com/support/pages/node/783525", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:49", "description": "## Question\n\nSecurity Bulletins for Emptoris Services Procurement\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Services Procurement.** \n \nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm\">)\" for details.? Please use this information to take the appropriate actions. \n \nIn our effort to serve you better we recommend that you subscribe to this article for notification of new Security Bulletins and advisories posted here. \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: IBM Emptoris Services Procurement is affected by Information leakage vulnerability (CVE-2017-1547)_**](<http://www-01.ibm.com/support/docview.wss?uid=swg22007770>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22004442>)**\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22003479>)**\n \nJune 13th 2017?\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004642>)**\n \nJune 13th 2017\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1121](<http://www.ibm.com/support/docview.wss?uid=swg22004706>)**\n \nJune 12th 2017\n\n * **[Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1137)](<http://www.ibm.com/support/docview.wss?uid=swg22004666>)**\n \nJun 12 2017??????\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products. **](<http://www-01.ibm.com/support/docview.wss?uid=swg22004666&myns=swgother&mynp=OCSSYQ72&mynp=OCSSYR6U&mynp=OCSSYQAR&mynp=OCSSYR8W&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYQ72-OCSSYR6U-OCSSYQAR-OCSSYR8W-OCSSYRER-OCSSYQ89-_-E>)\n \n \nJan 18 2017\n\n * **[S](<http://www-01.ibm.com/support/docview.wss?uid=swg21996820>)**[**ecurity Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement** ](<http://www-01.ibm.com/support/docview.wss?uid=swg21996820>)\n \n \nJuly 14 2016\n\n * [**Security Bulletin: A JMX component vulnerability in IBM Java SDK and IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement (CVE-2016-3427)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21986797>)\n \n \nMarch 7 2016\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply **](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[Management](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[** and IBM Emptoris Services Procurement (CVE-2015-7575 CVE-2016-0466 CVE-2015-7417)?**](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)\n \nDecember 15 2015\n\n * [**Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used with IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2015-4872)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21972272>)\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n \nNovember 06 2015\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.**](<http://www-01.ibm.com/support/docview.wss?uid=swg21969875>)\n \nAugust 26th 2015\n\n * **Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.**\n \nJune 24th 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://emptoris.support.ibmcloud.com/ics/support/default.asp?deptID=31019&task=knowledge&questionID=21574&languageID=>)**\n \nApril 8th 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n?January 27th 2015\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n?January 20th 2015\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Services Procurement (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21694987>)**\nSeptember 17th 2014\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T16:15:01", "type": "ibm", "title": "Security Bulletins for Emptoris Services Procurement", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4872", "CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7575", "CVE-2016-0466", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-8919", "CVE-2017-1121", "CVE-2017-1137", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501", "CVE-2017-1547"], "modified": "2018-12-08T16:15:01", "id": "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "href": "https://www.ibm.com/support/pages/node/783543", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:52:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM&reg; SDK Java&trade; Technology Edition, Version 7.0 that is used by IBM Fabric Manager. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0 that is used by IBM Fabric Manager. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\nThis bulletin also addresses the \"FREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-0138](<https://vulners.com/cve/CVE-2015-0138>)\n\n**Description:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.\n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100691> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\n**Description:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100153> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has no partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6558](<https://vulners.com/cve/CVE-2014-6558>)\n\n**Description:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n## Affected products and versions\n\n * IBM Fabric Manager 4.1.00.24 and earlier versions.\n\n## Remediation/Fixes:\n\nIBM recommends updating to version [ 4.1.02.0031](<http://www-933.ibm.com/support/fixcentral/systemx/selectFixes?parent=x222+Compute+Node&product=ibm/systemx/7916&&platform=All&function=fixId&fixids=ibm_sw_ifm-4.1.02.0031_linux_32-64&includeSupersedes=0>) or later. Firmware updates are available through IBM Fix Central - <http://www.ibm.com/support/fixcentral/> . \n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nTo avoid CVE-2014-3566 (POODLE), SSL 3.0 can be disabled by using the IFM \"TLS 1.2 only\" setting. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6558", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2019-01-31T01:55:01", "id": "9B73D553C5721DEF146CFAFEC1F0FF71EB7E3943ED00FB587A9862A47029FA57", "href": "https://www.ibm.com/support/pages/node/866792", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM&reg; SDK Java&trade; Technology Edition, Version 7 that is used by IBM System Networking Switch Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability(CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 that is used by IBM System Networking Switch Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n**CVE-ID:** [CVE-2014-6512](<https://vulners.com/cve/CVE-2014-6512>)\n\n**Description:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97147> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100153> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\n**Description:** Unspecified vulnerability in the Java allows remote attackers to affect availability via unknown vectors related to Security. It can be exploited by supplying data to APIs such as a web service.\n\nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and versions\n\nAll versions of IBM System Networking Switch Center prior to and including 7.1.3.1\n\n## Remediation/Fixes\n\nIt is recommended to upgrade the affected versions of IBM System Networking Switch Center to version 7.3.1.2. However, upgrading an affected version to the version listed below is acceptable if upgrading to 7.3.1.2 is not possible:\n\n 1. 7.1.3.x to 7.1.3.3\n 2. 7.2.1.x to 7.2.1.12\n\nThe install packages for these releases can be found on IBM's Passport Advantage website: <http://www-01.ibm.com/software/passportadvantage/>\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (CVE-2014-3566, CVE-2014-6512, CVE-2014-6457 CVE-2015-0410, CVE-2015-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-6593"], "modified": "2019-01-31T01:55:01", "id": "11596B3AE485614191981CD105B5C3198DDE5220B476FCE39692616915A9A04B", "href": "https://www.ibm.com/support/pages/node/866990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:41:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, and 7 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in July and October 2014 and are included in the October update.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n \n \n\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:**** **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n \n\n\n**CVE-ID: **[_CVE-2014-3065_](<https://vulners.com/cve/CVE-2014-3065>)\n\n**Description:**** **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.\n\n**CVSS Base Score:** 6 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:C/I:C/A:C)\n\n \n \n\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Product Name**\n\n| **Versions Affected** \n---|--- \nRational Developer for Power Systems Software| 7.6, 7.6.0.1, 7.6.0.2, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.3, 8.0.3.1, 8.5, 8.5.1 \nRational Developer for i| 9.0, 9.0.0.1, 9.0.1, 9.1 \nRational Developer for AIX and Linux, AIX COBOL Edition| 9.0, 9.0.0.1, 9.0.1, 9.1 \nRational Developer for AIX and Linux, C/C++ Edition| 9.0, 9.0.0.1, 9.0.1, 9.1 \n \n## Remediation/Fixes\n\nUpdate the Java Development Kit of the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Developer for Power Systems Software| 7.6 through 8.5.1| \n\n * For all versions, apply [IBM Java Quarterly Critical Patch Update - October 2014 - RD Power](<http://www.ibm.com/support/docview.wss?uid=swg24038954>) \nRational Developer for i| 9.0 through to 9.1| \n\n * For all versions, update the currently installed product using Installation Manager. ** **For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.1.0/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * Or, you can optionally download the update manually and apply [IBM Java Quarterly Critical Patch Update - October 2014 - RDi](<http://www.ibm.com/support/docview.wss?uid=swg24038952>) \nRational Developer for AIX and Linux| 9.0 through to 9.1| \n\n * For all client versions, update the currently installed product using Installation Manager. For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSPSQF_9.1.0/com.ibm.etools.install.rdal.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * For server updates or to manually download and apply the client updates see [IBM Java Quarterly Critical Patch Update - October 2014 - RDAL](<http://www.ibm.com/support/docview.wss?uid=swg24038953>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software (CVE-2014-4263, CVE-2014-3566, CVE-2014-3065, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-4263", "CVE-2014-6457"], "modified": "2018-08-03T04:23:43", "id": "B6EAD05385EED895F3061A046F58BA672C8248DB63A938B6C09DD2DBF9FBEB48", "href": "https://www.ibm.com/support/pages/node/521071", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:38:17", "description": "## Summary\n\nA possible security vulnerability has been reported in the JSSE component of IBM Java shipped with Rational Synergy.\n\n## Vulnerability Details\n\n**CVE-ID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)\n\n**Description:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \n\n**CVSS Base Score:** 2.4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93756> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:**** **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score**: 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nThis vulnerability impacts the following Rational Synergy releases: \n\n * Rational Synergy release 7.2.1.3 or earlier.\n * Rational Synergy release 7.2.0.6.002 or earlier.\n * Rational Synergy release 7.1.0.7.005 or earlier.\n\n## Remediation/Fixes\n\nReplace the JRE used in Rational Synergy. \n \n**Steps to download and replace JRE in Rational Synergy 7.1.0.7.005, 7.2.0.6.002 and 7.2.1.3:** \n\n\n 1. Open the list of [_Synergy downloads on Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Synergy&release=All&platform=All&function=all&source=fc>)[](<http://www.ibm.com/support/fixcentral>) \n \n\n 2. Select the SDK and Readme for Rational Synergy which applied to your release as follows: \n \n**Note:** The fix will use the following naming convention: \n**_<V.R.M.F>_**_-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-_**_<platform>_**** \n \n**Where **<V.R.M.F> = release **& **<platform> = operating system**\n * Rational Synergy 7.2.1 (uses 7.2.1.3 release designation) \n \nExample: **7.2.1.3-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-Linux \n \n**\n * Rational Synergy 7.2.0 (uses 7.2.0.6 release designation) \n \nExample: **7.2.0.6-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-Windows \n \n**\n * Rational Synergy 7.1 (uses 7.1.0.7 release designation) \n \nExample: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-AIX \n**Example: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-Solaris** \n \n\n* Follow the steps in the [_Install instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27042896>) to replace the JRE. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-12-22T18:05:37", "type": "ibm", "title": "Security Bulletin: Rational Synergy vulnerability (CVE-2014-4263, CVE-2014-3068,CVE-2014-3566,CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-3566", "CVE-2014-4263", "CVE-2014-6457"], "modified": "2020-12-22T18:05:37", "id": "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "href": "https://www.ibm.com/support/pages/node/522151", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-01-01T21:54:27", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of WebSphere Service Registry and Repository. Information about security vulnerabilities affecting WebSphere Application Server have been published in four security bulletins.\n\n## Vulnerability Details\n\nPlease consult the security bulletins: \n\n\n * [Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)](<https://www.ibm.com/support/docview.wss?uid=swg22004786>) [](<https://www.ibm.com/support/docview.wss?uid=swg22004792>)\n * [Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)](<https://www.ibm.com/support/docview.wss?uid=swg22004792>)\n * [WebSphere Application Server may have insecure file permissions (CVE-2017-1382)](<https://www.ibm.com/support/docview.wss?uid=swg22004785>)\n * [Security Bulletin: Potential security vulnerability in the WebSphere Application Server Admin Console (CVE-2017-1501)](<https://www.ibm.com/support/docview.wss?uid=swg22006810>)\n \nfor vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\nPrinciple Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nWebSphere Service Registry and Repository V8.5| WebSphere Application Server Network Deployment V8.5.5 \nWebSphere Service Registry and Repository V8.0| WebSphere Application Server Network Deployment V8.0 \n \n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 August 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Product\":{\"code\":\"SSWLGF\",\"label\":\"WebSphere Service Registry and Repository\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF035\",\"label\":\"z\\/OS\"}],\"Version\":\"8.5;8.0\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.2}, "published": "2018-06-15T07:07:55", "type": "ibm", "title": "Multiple vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Service Registry and Repository (CVE-2017-1380, CVE-2017-1381, CVE-2017-1382, CVE-2017-1501)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1380", "CVE-2017-1381", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-06-15T07:07:55", "id": "056E96784A0F2E360E8FFDD6166940DB126DC42CD8EE29A4F56654C90AA3DBAE", "href": "https://www.ibm.com/support/pages/node/565979", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:42:10", "description": "## Summary\n\nMultiple security vulnerabilities exist in IBM SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server Community 3.0.0.4.\n\n## Vulnerability Details\n\n**CVE-ID:** C[VE-2015-0383](<https://vulners.com/cve/CVE-2015-0383>)\n\n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.\n\n \n**CVSS Base Score:** 5.4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:M/Au:N/C:N/I:P/A:C) \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 3.0.0.4\n\n## Workarounds and Mitigations\n\nUpgrade your IBM SDK for Java to an interim fix level as determined below: \nIBM SDK 6.0: \nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 and subsequent releases \n \nIBM SDK 7.0: \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-25T05:54:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere Application Server Community Edition 3.0.0.4 related to Java Technology Edition Quarterly CPU - January 2015(CVE-2015-0383,CVE-2014-3566,CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2018-06-25T05:54:54", "id": "1F070315F8215C347FAB32FCD311C9E9E15B46919249CA009FC9A6BFC1ABC51F", "href": "https://www.ibm.com/support/pages/node/260945", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-06-24T06:00:56", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK for Java\u2122 Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM SDK for Java\u2122 Technology Edition updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n * IBM WebSphere Business Services Fabric Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n * IBM WebSphere Business Services Fabric for z/OS Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Business Services Fabric version as described in the [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21695362>) document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-19T23:26:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Business Services Fabric", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-08-19T23:26:06", "id": "C05450FFDB392481643414F88F9150BF56385662E006B27CB5BA3386DA5295BC", "href": "https://www.ibm.com/support/pages/node/527313", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T05:58:18", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK for Java\u2122 Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for JavaTechnology Edition updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nWebSphere Process Server 6.1.x, 6.2.x, 7.0.x \n\nIf you are using an unsupported version, IBM strongly recommends to upgrade.\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Process Server version as described in the [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21695362>) document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-09-15T18:54:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Process Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-09-15T18:54:57", "id": "BF245510DD3456E6B91B4CAC1041A675D62C74E268B2C0039096D2A32DE43FDE", "href": "https://www.ibm.com/support/pages/node/527315", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-09-25T10:35:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.1 that is used by Bluemix Workflow. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThis vulnerability affected IBM Workflow for Bluemix.\n\n## Remediation/Fixes\n\nThe production system has been upgraded. A user action is not required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2023-03-06T14:45:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Bluemix Workflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2023-03-06T14:45:22", "id": "28A87AA21A3A63B76EB06532DDE145D08BAEA75DA55EB8D6ED802A5FCD8BF7CC", "href": "https://www.ibm.com/support/pages/node/258547", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:58:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014. \n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them. \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n** \nCVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository 6.3, 7.0, 7.5, 8.0, 8.5 \n\nWebSphere Service Registry and Repository Studio 8.5\n\n## Remediation/Fixes\n\nTo fix the WebSphere Service Registry and Repository server, please apply the fix indicated in the WebSphere Application Server bulletin at [http://www.ibm.com/support/docview.wss?uid=swg21687740](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>)\n\nIf you wish to also apply a fix to WebSphere Service Registry and Repository Studio, please either contact IBM support for a fix, or replace Studio's bundled JRE with the updated JRE version 6 SR16-FP2. The fixed JRE can be downloaded from <https://www.ibm.com/developerworks/java/jdk/>.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository October 2014 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-15T07:02:16", "id": "B33BA093E26C24718FB2E47578193B258F94FDECDEE8A133C5A2091D423CBD1E", "href": "https://www.ibm.com/support/pages/node/521529", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Rational Directory Server. These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n\n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**Product**\n\n| **Version** \n---|--- \nRational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix004 \nRational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix005 \nRational Directory Administrator| 6.0 - 6.0.0.1_iFix01 \n \n## Remediation/Fixes\n\n \n\n\n**Product**| **Download link** \n---|--- \nIBM Rational Directory Server 5.2 (Tivoli) and above| [_RDS 5.2.1 iFix005_](<http://www.ibm.com/support/docview.wss?uid=swg24039391>) \nIBM Rational Directory Server 5.1.1 (Apache) and above| [_RDS 5.1.1.2 iFix006_](<http://www.ibm.com/support/docview.wss?uid=swg24039390>) \nIBM Rational Directory Administrator 6.0 and above| [_RDA 6.0.0.2_](<http://www.ibm.com/support/docview.wss?uid=swg24039389>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:59:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects Rational Directory Server (CVE-2014-6457, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6457", "CVE-2014-6593"], "modified": "2018-06-17T04:59:51", "id": "15E5B71ACD8F825980E0777DD552514D667555BF1B6B940E499C389766649F84", "href": "https://www.ibm.com/support/pages/node/526623", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-13T09:36:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-6512_](<https://vulners.com/cve/CVE-2014-6512>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97147_](<http://xforce.iss.net/xforce/xfdb/97147>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97148_](<http://xforce.iss.net/xforce/xfdb/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2014-6558_](<https://vulners.com/cve/CVE-2014-6558>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97151_](<http://xforce.iss.net/xforce/xfdb/97151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)** \n** \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB) prior to release R2.1 are affected. In addition, microcode versions of releases R2.1, R3.0, R3.1 and R3.2 prior to and including the following are also affected: \n\n**Release**\n\n| **Version** \n---|--- \nR3.2| 8.32.0.88 \nR3.1| 8.31.0.92 \nR3.0| 8.30.3.4 \nR2.1| 8.21.0.178 \n \n## Remediation/Fixes\n\nContact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of vtd_exec.202, vtd_exec.213, vtd_exec.214 and vtd_exec.215 as needed. Minimum microcode levels are shown below: \n\n**Release**\n\n| **Fix** \n---|--- \nR3.2| 8.32.0.88 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \n**\\- OR -** \n8.32.1.8 + vtd_exec.202 \nR3.1| 8.31.0.92 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \nR3.0| 8.30.3.4 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 \nR2.1| 8.21.0.178 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \nOlder Releases| 8.21.0.178 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \n \nPlease note that vtd_exec packages carry their own internal version numbers. For the vulnerabilities reported in this Security Bulletin, the minimum required vtd_exec versions are as follows: **Package**| **Version** \n---|--- \nvtd_exec.202| 1.5 \nvtd_exec.213| 1.03 \nvtd_exec.214| 1.03 \nvtd_exec.215| 1.03 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-18T00:09:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2014 & January 2015", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6558", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-18T00:09:23", "id": "B34877D991F21B254E16D92D7328B03658AA2122E7631AA85688801D398E5BAF", "href": "https://www.ibm.com/support/pages/node/690373", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Identity Insight. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIdentity Insight 8.0 and 8.1\n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Identity Insight_| _8.0.0_ \n_8.1.0_| \n| _From the WebSphere_[__ Security Bulletin__](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>)__. __ \n \n_Apply Interim Fix _[_PI20799_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038094>)_: Will upgrade you to IBM Java SDK Version 6 Service Refresh 16 Fix Pack 1 _ \n\n\n**\\--OR--**\n\nApply IBM Java SDK shipped with WebSphere Application Server Fix pack 35 (7.0.0.35) or later (targeted to be available 13 October 2014). \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {}, "published": "2018-06-16T13:07:03", "type": "ibm", "title": "Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Identity Insight 8.0 and 8.1 (CVE-2014-4263) and (CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-16T13:07:03", "id": "8D3804B575A7E87C1484204810222309FE33191C0BBD4CD0124D794927D44623", "href": "https://www.ibm.com/support/pages/node/248525", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:48:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 5 and 6 that are used by IBM CommonStore for Lotus Domino and IBM Content Collector. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM CommonStore for Lotus Domino 8.4 \nIBM Content Collector 2.1 - 4.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM CommonStore for Lotus Domino| 8.4.0.0| Contact IBM Software Support for further assistance \nIBM Content Collector | 2.1.0.0 - 2.1.1.4| Contact IBM Software Support for further assistance \nIBM Content Collector| 2.2.0.0 - 2.2.0.5| Apply Fix Pack 2.2.0.6-ICC-FP006 and Interim Fix 2.2.0.5-IBM-ICC-NotesClient-IF001, available from Fix Central \nIBM Content Collector| 3.0.0.0 - 3.0.0.5| Apply Fix Pack 3.0.0.6-ICC-FP006 and Interim Fix 3.0.0.5-IBM-ICC-NotesClient-IF001, available from Fix Central \nIBM Content Collector | 4.0.0.0 - 4.0.0.2| Apply Fix Pack 4.0.0.3-ICC-FP003, available from Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:09:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CommonStore and IBM Content Collector (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T12:09:39", "id": "0B19E913072BACF99DAC664F1DE39DA349C72875FB366603AD24C5FD1330FADE", "href": "https://www.ibm.com/support/pages/node/521685", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:41:03", "description": "## Summary\n\nFlaws in the IBM Java runtime Secure Sockets implementation may expose ClearQuest Web and EmailRelay communications to an attacker.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n \n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * * Rational ClearQuest Web greater than and inclusive of ClearQuest v7.1\n * ClearQuest EmailRelay, versions 8.0.0.3 - 8.0.0.12 and 8.0.1 - 8.0.1.5.\n \nNote: ClearQuest EmailRelay was introduced in ClearQuest 8.0.0.3. \n\n## Remediation/Fixes\n\nFor EmailRelay, apply a fix pack appropriate for your release of ClearQuest. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearQuest Fix Pack 6 (8.0.1.6)](<http://www.ibm.com/support/docview.wss?uid=swg24038912>) \n \n8.0.0.x\n\n| Install [Rational ClearQuest Fix Pack 13 (8.0.0.13)](<http://www.ibm.com/support/docview.wss?uid=swg24038915>) \n \nFor ClearQuest Web: \n \nClearQuest 7.1.x releases ship with, install and configure WAS version 6.1.0.25. Review technote[ 1390803:](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) [How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1](<http://www.ibm.com/support/docview.wss?uid=swg21390803>)\n\nClearQuest 8.x releases have separated the WAS installation from the ClearQuest installation. \n\nDirectly follow WebSphere Application Server instructions for updating your version of WAS.\n\n**Note:** Determine the version of WAS that your deployment is using and follow the instructions at\n\n \n[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>) to update your version of the JRE supplied by WAS. This applies for all versions of ClearQuest Web Server greater than and inclusive of v7.1. \n\n## Workarounds and Mitigations\n\nDisable any ratlperl or cqperl scripts and hooks that use SSL until you apply the fixes listed above.\n\n## ", "cvss3": {}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-09-29T18:04:03", "id": "CC51D6515952A450E445A6BC543BDA719FEB4C186C2E51CBF7CA2BDD875651A9", "href": "https://www.ibm.com/support/pages/node/521283", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:54:55", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos TM1 10.1.1.2 \nIBM Cognos TM1 10.2.0.2 \nIBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \nIBM Cognos TM1 10.1.1.2 Interim Fix 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038887> \n \nIBM Cognos TM1 10.2.0.2 Interim Fix 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038927> \n \nIBM Cognos TM1 10.2.2 Fix Pack 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038876> \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T22:34:28", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T22:34:28", "id": "1C25B8D7E5F259D9791EB4AC60A74AF9C437CD71730127C99E8EA01ECB4D9D1C", "href": "https://www.ibm.com/support/pages/node/522395", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:47:23", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.3.0 \nTivoli Netcool/OMNIbus 7.3.1 \nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_OMNIbus_| _7.3.0.14_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24036692> \n_OMNIbus _| _7.3.1.10_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24036685> \n_OMNIbus_| _7.4.0.5_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24036689> \n_OMNIbus _| _8.1.0.1_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24037996> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T14:49:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool OMNIbus (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T14:49:34", "id": "A15555C24F7D69B2946A7F9E355B25433D1485E935599D986226BA15E905FF8E", "href": "https://www.ibm.com/support/pages/node/251545", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Image Construction and Composition Tool v2.2.1.3 \nIBM Image Construction and Composition Tool v2.3.1.0 \nIBM Image Construction and Composition Tool v2.3.2.0 \n\n## Remediation/Fixes\n\nThe solution is to apply the following IBM Image Construction and Composition Tool version fixes. \n \nUpgrade the IBM Image Construction and Composition Tool to the following fix levels: \n\n * For IBM Image Construction and Composition Tool v2.2.1.3\n * IBM Image Construction and Composition Tool v2.2.1.3 Build 28\n \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=1.1.0.5&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.2.1.3-28&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=1.1.0.5&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.2.1.3-28&includeSupersedes=0>)\n * For IBM Image Construction and Composition Tool v2.3.1.0\n * IBM Image Construction and Composition Tool v2.3.1.0 Build 38\n \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-38&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-38&includeSupersedes=0>)\n * For IBM Image Construction and Composition Tool v2.3.2.0\n * IBM Image Construction and Composition Tool v2.3.2.0 Build 12\n \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.0.0&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-12&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.0.0&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-12&includeSupersedes=0>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:24", "id": "055125DDCC24FED6338E6230B841A6E09BEF122BD1DAAD92C212B50D47EC635A", "href": "https://www.ibm.com/support/pages/node/532531", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-07-30T09:49:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.6.0 that is used by FlashSystem 840. These issues were disclosed as part of the IBM Java SDK updates in January 2015\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**IBM FlashSystem 840:** \nMachine Type 9840, model -AE1 (all supported releases) \nMachine Type 9843, model -AE1 (all supported releases) \n \n**IBM FlashSystem V840:** \nMachine Type 9846, model -AE1 (all supported releases) \nMachine Type 9848, model -AE1 (all supported releases) \n\nCode level 1.1.3.6 and earlier are affected. \n\n## Remediation/Fixes\n\nYou should verify applying this fix does not cause any compatibility issues. \n \n\n\n_<Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**840 MTMs: ** \n9840-AE1 & \n9843-AE1 \n \n**V840 MTMs:** 9846-AE1 & \n9848-AE1| _A code fix is now available, the VRMF of this code level is 1.1.3.7 (or later)_| _ __N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AE1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AC0) in the customer's V840. \n \n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>) \n\n\n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2023-02-18T01:45:50", "id": "AECB9FD70A6404FA7005BB0B63AEA0C202F897DEC1684BD883D622BFC19210DD", "href": "https://www.ibm.com/support/pages/node/690391", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-25T10:32:29", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**DESCRIPTION:** A flaw in the TLS implementation allows a man-in-the-middle attacker to force the connection into plaintext. The TLS implementation provides communications security by encrypting the data while being transferred over a computer network. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) [](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100153>)[](<http://xforce.iss.net/xforce/xfdb/100153>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running code releases 1.1 to 7.4.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code level or higher: \n \n7.3.0.10 \n7.4.0.3 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2023-03-29T01:48:02", "id": "B892E6DDD2043AD25A84B33AE4FC3F18A7E39D06BB44F4BED23DE68891B4CDF8", "href": "https://www.ibm.com/support/pages/node/690429", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\uff6e Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console (DSWC). These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\n**CVE-ID: **[CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n** ** \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVE ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Data Studio Web Console versions 3.1, 3.1.1, 3.2, 4.1 and 4.1.1**.**\n\n## Remediation/Fixes\n\nThe fix for this vulnerability requires the upgrade of the IBM Java Runtime that is installed with DSWC. Install one of the following IBM Java Runtime versions: \n\n\n * IBM Java Runtime, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 9 and subsequent releases\n * IBM Java Runtime, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases \n * IBM Java Runtime, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 and subsequent releases\n * IBM Java Runtime, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases\n * IBM Java Runtime, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases\n \nDetailed instructions are provided in the tech-note \"[Updating the IBM Runtime Environment, Java Technology Edition for IBM Data Studio web console](<http://www.ibm.com/support/docview.wss?&uid=swg21684744>)[](<http://www.ibm.com/support/docview.wss?&uid=swg21684744>)\". \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:10:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-16T13:10:05", "id": "4B780DD01351913C8F55A02550FDBC93B18C0845DB6F8786276597FEF7A05199", "href": "https://www.ibm.com/support/pages/node/257169", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 (Service Refresh 16-FP2 and earlier) and 7 (Service Refresh 8 and earlier), that is used by IBM TM1. These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * * IBM Cognos TM1 10.2.2\n * IBM Cognos TM1 10.2\n * IBM Cognos TM1 10.1.1\n\n## Remediation/Fixes\n\nDownload fixes at the following location: \n\nTM1 9.5.2.3 Interim Fix 7 _<http://www-01.ibm.com/support/docview.wss?uid=swg24039812>_ \nTM1 10.2.0.2 Interim Fix 4: _<http://www-01.ibm.com/support/docview.wss?uid=swg24039814>_ \nTM1 10.1.1.2 Interim Fix 4: _<http://www-01.ibm.com/support/docview.wss?uid=swg24039813>_\n\n \nTM1 10.2.2 FP3: [_http://www.ibm.com/support/docview.wss?uid=swg24039764_](<http://www.ibm.com/support/docview.wss?uid=swg24039764>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T22:36:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T22:36:55", "id": "F4181AD0980C5242583BA857E8250D1937A0FB0CB5F088B327E941B2375EF935", "href": "https://www.ibm.com/support/pages/node/263679", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:53:59", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7R1 Service Refresh 2 and earlier releases, Version 7 Service Refresh 8 and earlier releases, Version 6 Service Refresh 16 Fix Pack 2 and earlier releases that are used by various Optim data server tools desktop products. These issues were disclosed as part of the IBM Java SDK updates in January, 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Data Studio client 4.1.1 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW 4.1.1 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS 4.1.1 and earlier \nInfoSphere Data Architect 9.1.2 and earlier\n\n## Remediation/Fixes\n\nEach affected product and version requires the upgrade of the IBM SDK, Java Technology Edition that is installed with the client. Install one of the following IBM Java SDK versions: \n\n\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases \n \nDetailed instructions are provided in the tech-note \u201c[_Updating the IBM SDK, Java Technology Edition for Optim data server tools desktop clients_](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)\u201d \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:09:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-16T13:09:38", "id": "7A06F4886237ED5A9366C9277F1BC87516C50BA79DA9B3A8DC0C8CC22975EA4F", "href": "https://www.ibm.com/support/pages/node/527049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:46:10", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 that is used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\nDESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5\n\n \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4\n\n \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM MessageSight V1.2 and earlier\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM MessageSight_| _1.1_| _IT07005_| _1.1.0.1-IBM-IMA-IFIT07005_ \n_IBM MessageSight_| _1.2_| _IT07005_| _1.2.0.0-IBM-IMA-IFIT07005_ \n \n## ", "cvss3": {}, "published": "2018-06-17T15:12:14", "type": "ibm", "title": "Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM MessageSight (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T15:12:14", "id": "04BF6B9ACF259BBC739CBEC95BCD6A91ADA2CCD627D58A7C76168826F046BA8B", "href": "https://www.ibm.com/support/pages/node/526203", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * IBM Workload Deployer version 3.1 and later\n\n## Remediation/Fixes\n\nThe solution is to apply the IBM Workload Deployer interim fix7. \n \nUpgrade the IBM Workload Deployer to the following fix level: \n \n\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Workload Deployer System| Release V3.1.0.7| V3.1.0.7 interim fix, \n \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix7-IBM_Workload_Deployer&includeSupersedes=0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix7-IBM_Workload_Deployer&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:24", "id": "FD9296971F33C160691FE87750981EEC52B98086D4AAE319167431ABB58B362F", "href": "https://www.ibm.com/support/pages/node/532533", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:48:18", "description": "## Summary\n\n \nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n \nIBM eDiscovery Analyzer Version 2.1 \nIBM InfoSphere eDiscovery Analyzer Version 2.1.1 \nIBM eDiscovery Analyzer Version 2.2 \nIBM eDiscovery Analyzer Version 2.2.1 \nIBM eDiscovery Analyzer Version 2.2.2\n\n## Remediation/Fixes\n\nFor versions 2.2.1.1 and 2.2.2.1, the recommended solution is to apply the available fix as soon as practical. Contact IBM Support if you are using versions 2.1, 2.1.1 or 2.2. \n\nGo to Fix Central site([eDiscovery Analyzer](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=All&platform=All&function=all>)) and install the fix applicable to the version that you have installed and your platform.\n\n * 2.2.1.1 Interim Fix 3\n * 2.2.2.2 Interim Fix 1\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:10:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM eDiscovery Analyzer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T12:10:14", "id": "E6539A3BB2EB04D867564E210333C561765406B8A7B65151CA32F4CE21B0AE0B", "href": "https://www.ibm.com/support/pages/node/255851", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:15:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 that is used by Power Hardware Management Console. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/100151_**](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n\n\n**CVEID:** [_CVE-2014-6593_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/100153_**](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nPower HMC V7.7.3.0 \nPower HMC V7.7.7.0 \nPower HMC V7.7.8.0 \nPower HMC V7.7.9.0 \nPower HMC V8.8.1.0 \nPower HMC V8.8.2.0\n\n## Remediation/Fixes\n\nFixes are available for the the HMC versions mentioned below: \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nPower HMC| V7.7.3.0 SP7| MB03888| Apply eFix MH01500 \nPower HMC| V7.7.7.0 SP4| MB03889| Apply eFix MH01501 \nPower HMC| V7.7.8.0 SP2| MB03899| Apply eFix MH01511 \nPower HMC| V7.7.9.0 SP1| MB03900| Apply eFix MH01512 \nPower HMC| V8.8.1.0 SP1| MB03886| Apply eFix MH01498 \nPower HMC| V8.8.2.0 SP1| MB03837| Apply eFix MH01499 \n \n \n**Note:** \n1\\. After applying the PTF, you should restart the HMC. \n2\\. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called \"PERCS\" and \"IH\". End Of Service date for managing all other server models was 2013.05.31. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect Power Hardware Management Console (CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2021-09-23T01:31:39", "id": "5F07312D1C5E6FE8181D631352EDDAC9A1D6DA80B24005A4700B576A3B30DB78", "href": "https://www.ibm.com/support/pages/node/646171", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T05:37:54", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V9000. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n_FlashSystem V9000 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AC2 and 9848-AC2. \n\n## Remediation/Fixes\n\nYou should verify that applying this fix does not cause any compatibility issues.\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V9000 MTMs:** \n9846-AE2, \n9848-AE2, \n9846-AC2, \n9848-AC2| _A code fix is now available, the VRMF of this code level is 7.4.1.1 (or later) for both the storage enclosure nodes (-AEx) and the control nodes (-ACx)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V9000, (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-18T00:09:43", "id": "82B8484D57594A12CED295DEF2A7F68637EFFA7865C77083F06B45E70EFA9D3E", "href": "https://www.ibm.com/support/pages/node/690517", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T09:36:54", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**DESCRIPTION:** A flaw in the TLS implementation allows a man-in-the-middle attacker to force the connection into plaintext. The TLS implementation provides communications security by encrypting the data while being transferred over a computer network. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) [](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100153>)[](<http://xforce.iss.net/xforce/xfdb/100153>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \n \nAll products are affected when running code releases 1.3, 1.4 and 1.5 except for version 1.5.2.0 and above. \n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM Storwize V7000 Unified to the following code level or higher: \n \n1.5.2.0_ \n__ \n_[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nWorkaround(s) : None. \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall. \n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:10", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-18T00:09:10", "id": "84DC30A405D819D9F72421CFCF62433DDA70DC06700E0CB421B3B3D55EC8C8AE", "href": "https://www.ibm.com/support/pages/node/690235", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM PureApplication System V1.1 \nIBM PureApplication System V2.0 \nIBM PureApplication System V2.1 \n\n## Remediation/Fixes\n\nThe solution is to upgrade the IBM PureApplication System to the following fix level: \n \nIBM PureApplication System V2.1 \nUpgrade to IBM PureApplication System V2.1.0.1 \n \nIBM PureApplication System V2.0 \nUpgrade to IBM PureApplication System V2.0.0.1 Interim Fix 4 \n \nIBM PureApplication System V1.1 and earlier: \n\nContact IBM customer support for upgrade options.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:24", "id": "3E76F5CF462289D90F38342D1368D301EF32CEEA27AA1B485901A311EE59AC0F", "href": "https://www.ibm.com/support/pages/node/532535", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T05:38:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V840. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1. The Service Assist GUI is the only component in these products that uses the Apache Struts library. \n\n## Remediation/Fixes\n\nYou should verify that applying this fix does not cause any compatibility issues.\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V840 MTMs:** 9846-AC0, \n9846-AC1, \n9848-AC0, \n9848-AC1| _A code fix is now available, the VRMF of this code level is 1.1.3.8 (or later) for the storage enclosure nodes and 7.4.0.4 for the control nodes._| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AC1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AE1) in the customer's V840. \n\n\n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)\n\n \n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840, (CVE-2014-6593 and CVE-2015-0410))", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-18T00:09:27", "id": "AEBB057B7823F905E1350F9D4877CAB71BB0E06AB36C7779980A0F7C8BD72BB6", "href": "https://www.ibm.com/support/pages/node/690421", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:49:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7SR8, that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nRational Automation Framework 3.0.1, 3.0.1.1, 3.0.1.2.x, 3.0.1.3.x on all supported platforms.\n\n## Remediation/Fixes\n\nUpgrade to [RAF 3.0.1.3 ifix4](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Automation+Framework&release=3.0.1.3i4&platform=All&function=all>) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:04:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0410 and CVE-2014-6593 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T05:04:13", "id": "74703F913A5521ED32B7192E664187A2672BA346C48F8CAD66D4E9AD8D48F992", "href": "https://www.ibm.com/support/pages/node/531811", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM OS Images for Red Hat Linux Systems and AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM OS Image for Red Hat Linux Systems 2.0.0.1 and earlier. \nIBM OS Image for AIX 2.0.0.1 and earlier.\n\n## Remediation/Fixes\n\nThe deployed Red Hat Linux-based and AIX virtual machines on IBM PureApplication Systems types are affected. The solution is to apply the following IBM PureApplication System fix to the deployed virtual machines. \n \nJava Update for Linux \n__[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=+Java_Update_Linux_2++&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=+Java_Update_Linux_2++&includeSupersedes=0>)__ \n__ \n__Java Update for AIX \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=+Java_Update_AIX_2++&includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=+Java_Update_AIX_2++&includeSupersedes=0>) \n \n\n\n 1. Import the fix into the Emergency Fix catalogue.\n 2. For deployed instances, apply this emergency fix on the VM. The IBM Java SDKwill be upgraded to IBM Java JDK 7.0 SR8 FP10 interim fix and IBM Java JDK 6.0 SR16 FP3 interim fix\n 3. Restart the deployed instance after the fix is applied.\n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems and AIX (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:25", "id": "17ACD206EE31B39ACA37FF9ADB5354BF5B5C918AD56B4A16A497861E4C1983D2", "href": "https://www.ibm.com/support/pages/node/532815", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:49:23", "description": "## Summary\n\nThis bulletin covers remediation measures for the CVEs published in Oracle's July 2014 CPU that affect Rational RequisitePro.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n \n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n \n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Rational RequisitePro versions: \n \n\n\n**Version**| **Status** \n---|--- \n7.1.4 through 7.1.4.5| Affected \n7.1.3 through 7.1.3.12| Affected \n7.1.0.x, 7.1.1.x (all versions), 7.1.2 through 7.1.2.15| Affected \n \n## Remediation/Fixes\n\nApply a fix pack for your appropriate ReqPro release. \n \n\n\n**Affected Version**| **Applying the fix** \n---|--- \n7.1.4.x| Install [Rational RequisitePro Fix Pack 6 (7.1.4.6) for 7.1.4](<http://www.ibm.com/support/docview.wss?uid=swg24038941>) \n7.1.3.x| Install [Rational RequisitePro Fix Pack 13 (7.1.3.13) for 7.1.3](<http://www.ibm.com/support/docview.wss?uid=swg24038940>) \n7.1.2.x| Install [Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24038939>) \n7.1.1.x \n7.1.0.x| Install [Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24038939>) \n**Note: **7.1.2.16 interoperates with all 7.1.x.x systems, and can be installed in the same way as 7.1.x.x fix packs. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:59:01", "type": "ibm", "title": "Security Bulletin: Rational RequisitePro affected by Java vulnerabilities (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T04:59:01", "id": "142BCF9DFE12C8120D0F10EB7F7C4EF6289BDECEFE22E9A922E1921894B7DD22", "href": "https://www.ibm.com/support/pages/node/521465", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:19", "description": "## Summary\n\nThis Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager (ODM), IBM ILOG JRules and IBM WebSphere Business Events (WBE). For those products, this Security Bulletin provides the fixes to the security vulnerabilities reported in Oracle's Critical Patch Update releases of July 2014.\n\n## Vulnerability Details\n\n### CVE ID: [CVE-2014-4263](<https://vulners.com/cve/CVE-2014-4263>)\n\n \n**DESCRIPTION: ** \nThe JSSE component's Diffie-Hellman key exchange implementation is vulnerable to a man-in-the-middle attack. \nThe fix adds a new check to prevent this vulnerability from occurring in the future \n**CVSS:** \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n\n\n### CVE ID: [CVE-2014-4244](<https://vulners.com/cve/CVE-2014-4244>)\n\n \n**DESCRIPTION: ** \nIf a remote attacker can observe local variables (temperature, RF, sound), they can deduce the RSA private key based on changes in those variables. \nThe fix introduces \"dead\" computations (aka blinding) to foil the remote attacks. \n**CVSS:** \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * IBM WebSphere Business Events 7.0\n * IBM WebSphere ILOG JRules v7.1\n * IBM WebSphere Operational Decision Management v7.5 \n * IBM Operational Decision Manager v8.0 \n * IBM Operational Decision Manager v8.5\n * IBM Operational Decision Manager v8.6\n\n## Remediation/Fixes\n\n \nIBM WebSphere ILOG JRules V7.1: \nInterim fix 42 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **7.1.1.5-WS-BRMS_JDK-WIN-IF042** \n \nIBM WebSphere Business Event 7.0: \nInterim fix RS01752 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **7.0.1.1-WS-BE-<OS>-RS01572** \n \nIBM WebSphere Operational Decision Management v7.5: \nInterim fix 40 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **7.5.0.4-WS-ODM_JDK-<OS>-IF040** \n\n\nIBM Operational Decision Manager v8.0: \n\n \nInterim fix 37 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): ** 8.0.1.0-WS-ODM_JDK-<OS>-IF****037** \n\n\nIBM Operational Decision Manager v8.5:\n\n \nInterim fix 39 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **8.5.1.0-WS-ODM_JDK-<OS>-IF****039** \n\n\nIBM Operational Decision Manager v8.6:\n\n \nInterim fix 4 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **8.6.0.0-WS-ODM_JDK-<OS>-IF****004**\n\n## Workarounds and Mitigations\n\nnone known, apply fix\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:43", "type": "ibm", "title": "Security Bulletin: IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events: Multiple security vulnerabilities in IBM JRE (CVE-2014-4244,CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:43", "id": "497072F109072DA8AD18E4F8D79E137EAFD73968147CD9DEEE100B144EB01A31", "href": "https://www.ibm.com/support/pages/node/251603", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:43:37", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM SDK, Java\u2122 Technology Edition, which is shipped with IBM SmartCloud Orchestrator.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit that is related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit that is related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM SmartCloud Orchestrator V2.2, V2.2 Fix Pack 1, and IBM SmartCloud Orchestrator V2.3, V2.3.0 Fix Pack 1 up to Interim Fix 5 \n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Upgrade to [IBM SmartCloud Orchestrator 2.3.0 Fix Pack 1, Interim Fix 6](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+SmartCloud+Orchestrator&release=2.3.0.1&platform=All&function=fixId&fixids=2.3.0.1-CSI-ISCO-IF0006&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:50", "type": "ibm", "title": "Security Bulletin: IBM SmartCloud Orchestrator - Multiple security vulnerabilities exist in the IBM SDK, Java\u2122 Technology Edition ( CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T22:30:50", "id": "275BF0687D425AD146FCEED93769F4172BDD6B6EA894BF5F6233B13D4B76D94C", "href": "https://www.ibm.com/support/pages/node/521167", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:43:41", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM SDK, Java\u2122 Technology Edition that is shipped with IBM SmartCloud Provisioning (CVE-2014-4263, CVE-2014-4244).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nSmartCloud Provisioning 2.3, 2.3 Fix Pack 1 up to iFix 4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n**Fix:** \nUpgrade to IBM SmartCloud Provisioning 2.3 Fix Pack 1, iFix 6\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:12", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java\u2122 Technology Edition affect SmartCloud Provisioning (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T22:30:12", "id": "AA3CEFA9FA0EC7375DC22015A3FC8B6C84A4C21EEFF4C639EEFA85AC96182967", "href": "https://www.ibm.com/support/pages/node/524447", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:47:25", "description": "## Summary\n\nVulnerabilities have been identified in IBM Runtime Environment, Java\u2122 Technology Edition, Version 6, utilized by the Enterprise Common Collector (a component of IBM Tivoli zEnterpise Monitoring Agent, a component of IBM Tivoli Monitoring). \n\n## Vulnerability Details\n\n**CVEID: **[__CVE-2014-4263__](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION: **An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID: **[__CVE-2014-4244__](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION: **An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n_*_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Affected Products and Versions\n\n_Enterprise Common Collector 1.1.0 (a component of IBM Tivoli zEnterpise Monitoring Agent, a component of IBM Tivoli Monitoring v6.2.3 and v6.3.0)_\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Operating System_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nIBM Tivoli zEnterpise Monitoring Agent (Enterprise Common Collector v1.1.0 component) \n\n| \n\nv6.2.3\n\n| AIX\u00ae| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-AIX-IF0002&includeSupersedes=0>) \n \nLinux\u00ae on System z\u00ae| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Linuxz-IF0002&includeSupersedes=0>) \n \nLinux\u00ae on Intel\u00ae 32-bit| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Linuxx32-IF0002&includeSupersedes=0>) \n \nLinux\u00ae on Intel\u00ae 64-bit| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Linuxx64-IF0002&includeSupersedes=0>) \n \n32-bit Windows\u00ae| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Windows32-IF0002&includeSupersedes=0>) \n \n64-bit Windows\u00ae| \n\n[_Fix Central link_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Windows64-IF0002&includeSupersedes=0>) \n \n** **Note: IBM Tivoli zEnterprise Monitoring Agent v6.2.3 is a component of ITM v6.2.3 and v6.3.0. \n\n## Workarounds and Mitigations\n\nThe Enterprise Common Collector (ECC) v1.1.0 must be at at least fixpack level 2 (also known as v1.1.0.2) before applying this fix. If you have a back level fixpack of the Enterprise Common Collector (v1.1.0.0 or v1.1.0.1), please upgrade to version 1.1.0.2 (which can be found on [_Passport Advantage_](<http://www-01.ibm.com/software/passportadvantage/pao_customer.html>) \u2013 part # CIN10ML).\n\n## ", "cvss3": {}, "published": "2018-06-17T14:48:53", "type": "ibm", "title": "Security Bulletin: A component of IBM Tivoli zEnterpise Monitoring Agent is potentially affected by multiple vulnerabilities that have been identified in IBM Runtime Environment, Java\u2122 Technology Edition, Version 6 (CVE-2014-4263 and CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T14:48:53", "id": "8E38E2849008E331115684946847E91DA520C65669D6ACAD9A91B99B08577AAA", "href": "https://www.ibm.com/support/pages/node/250529", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:41:42", "description": "## Summary\n\nFlaws in the Java runtime Secure Sockets implementation may expose CCRC communications to an attacker.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n \n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nOnly the ClearCase Remote Client/ClearTeam Explorer component of ClearCase is affected. \n \n\n\n**ClearCase Remote Client/ClearTeam Explorer version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.5\n\n| \n\nAffected \n \n8.0 through 8.0.0.12\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.15\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n7.0.x\n\n| \n\nNot affected \n \n## Remediation/Fixes\n\nThe solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 6 (8.0.1.6)](<http://www.ibm.com/support/docview.wss?uid=swg24038911>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 13 (8.0.0.13)](<http://www.ibm.com/support/docview.wss?uid=swg24038913>) \n \n7.1.2.x \n7.1.1.x \n7.1.0.x\n\n| Customers with extended support contracts should install [Rational ClearCase Fix Pack 16 (7.1.2.16)](<http://www.ibm.com/support/docview.wss?uid=swg24038914>) \n \n**Notes: **\n\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), you should update the Java\u2122 Virtual Machine used by Eclipse to include a fix for CVE-2014-4263 and CVE-2014-4244. Contact the supplier of your Eclipse or Java\u2122 Virtual Machine for instructions on updating Eclipse.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Java security vulnerabilities in ClearCase Remote Client (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-07-10T08:34:12", "id": "79F7EB62DB5A8ECC70229B81AD83CA7190E2B816E6FC1DBE08ACE303AA36320B", "href": "https://www.ibm.com/support/pages/node/255219", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:51:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1\n\n## Remediation/Fixes\n\nThe recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available. \n \n\n\n**_Fix*_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \nInterim Fix 1.0.0.1_3| 1.0.0.1| IT03591| IBM Fix Central > [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>)[IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T19:39:08", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Multi-Enterprise Integration Gateway (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-16T19:39:08", "id": "FA053090EC72B4B22D26600960D138D5FE7F871074B1BFED4F4D77F3DF12C308", "href": "https://www.ibm.com/support/pages/node/247345", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:47:25", "description": "## Summary\n\nIBM\u00ae SDK Java\u2122 Technology Edition integrated within WebSphere Application Server is shipped as a component of IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n\n## Vulnerability Details\n\nPlease consult the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>) for vulnerability details.\n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as a component \n---|--- \nTivoli Network Manager 3.8| Bundled the TIP version 1.1.1.x, IBM WebSphere version 6.1.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 5. \nTivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Manager 4.1| Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Manager 4.1.1| Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \n \n## Remediation/Fixes\n\nUpgrade your SDK to an interim fix level as determined below: \n**_<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>_****_ \n_** \nDownload and apply the interim fix APARs below, for your appropriate release: \n \n**For Tivoli Network Manager IP Edition 3.9, 4.1 and 4.1.1 versions, WebSphere V7.0.0.0 through 7.0.0.33:**\n\n * Apply Interim Fix [_PI20799_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038094>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037515>):[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036968>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036504>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035397>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034997>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034443>) Will upgrade you to IBM Java SDK Version 6 Service Refresh 16[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) Fix Pack 1 \n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 35 (7.0.0.35) or later (targeted to be available 13 October 2014). \n** \nFor Tivoli Network Manager IP Edition 3.8 version, WebSphere V6.1.0.0 through 6.1.0.47:**\n\n * Contact IBM Support and apply Interim Fix PI20800[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037458>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035396>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034996>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034418>): Will upgrade you to IBM Java SDK Version 5.0 Service Refresh 16 Fix Pack 7 \n\n## ", "cvss3": {}, "published": "2018-06-17T14:47:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Java SDK affecting WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2014-4263 and CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T14:47:29", "id": "529738DA56E39D786AE750710FE217BA8C730289CB3B2DF92E820F0305BC6957", "href": "https://www.ibm.com/support/pages/node/248275", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:41:24", "description": "## Summary\n\nAn unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact, reported on July 15, 2014.\n\n## Vulnerability Details\n\n**CVE-ID: ** [_CVE-2014-4263_](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4263>) \n \n**DESCRIPTION: **Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to \"Diffie-Hellman key agreement.\" \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVE-ID: ** [_CVE-2014-4244_](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4244>) \n \n**DESCRIPTION**: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nGuardium Database Activity Monitor 8.0, 8.2, 9.0, 9.1\n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nGuardium Database Activity Monitor| _9.0_| \n| | [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-9.0p1036_Security_Update&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-9.0p1036_Security_Update&includeSupersedes=0&source=fc>)| \n---|--- \n \n| \n \nGuardium Database Activity Monitor| 8.2| \n| [_http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-8.2p239_Security_Update&includeSupersedes=0&source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-8.2p239_Security_Update&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-07-16T10:15:46", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Guardium Database Activity Monitor is affected by: CVE-2014-4263 and CVE-2014-4244", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-07-16T10:15:46", "id": "FE76EBEE1297EA99B4DEAF443A4AFEF8EDB41FABB23A314759F431205EF3D346", "href": "https://www.ibm.com/support/pages/node/249527", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:06:47", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Global Name Management. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nGlobal Name Management 5.0\n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Global Name Management_| _5.0.0_| [](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>)| __From the __[__WebSphere Security Bulletin__](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>)__. __ \n \n_Apply Interim Fix__ _[_PI20798_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)_:_**__ __**_Will upgrade you to IBM Java SDK Version 6R1 Service Refresh 8 Fix Pack 1 _ \n \n**\\--OR--**\n\nApply IBM Java SDK shipped with WebSphere Application Server Fix pack 10 (8.0.0.10) or later (targeted to be available 16 February 2015). \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {}, "published": "2022-04-20T17:04:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Global Name Management 5.0 (CVE-2014-4263) and (CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-04-20T17:04:55", "id": "9461B23DBDFCC9C45ACA7AE476827AD44ADBC6048F675F99FD8C0E00A94791FE", "href": "https://www.ibm.com/support/pages/node/248523", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T05:53:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Express 9.0 \n\nIBM Cognos Express 9.5\n\nIBM Cognos Express 10.1\n\nIBM Cognos Express 10.2.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix in one of the IBM Cognos Express versions listed as soon as practical: \n \n[IBM Cognos Express 10.1 FP1](<http://www.ibm.com/support/docview.wss?uid=swg24039223>) \n[IBM Cognos Express 10.2.1 FP3](<http://www.ibm.com/support/docview.wss?uid=swg24039224>) \n \nIBM Cognos Express 9.0 and 9.5 customers should upgrade to a more current version and apply the corresponding update. Please contact Customer Support with any questions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-11-10T12:06:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Express (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-11-10T12:06:25", "id": "7470FAC726E920247C258BE65FFCE5C0CD77F771B7B35DCB2885D29A187B71C8", "href": "https://www.ibm.com/support/pages/node/524301", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Performance Tester and were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nRational Performance Tester versions 8.1 - 8.6\n\n## Remediation/Fixes\n\nUpgrade to [Rational Performance Tester Fix Pack 1 (8.6.0.1) for 8.6](<http://www.ibm.com/support/docview.wss?uid=swg24037362>) \n \nRational Performance Tester 8.6.0.1 provides IBM JRE 7 iFixes which corrects these issues. \n \n**_Vendor Fix(es):_** \n \nExample: \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRPT| 8.5 - 8.5.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.5.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \nRPT| 8.3 - 8.3.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.3.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \nRPT| 8.2 -8.2.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.2.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \nRPT| 8.1 - 8.1.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.1.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:57:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T04:57:17", "id": "D7DED9F0194F39D089620BB049986AF997C28045E89C1BFA7154D5B86C137103", "href": "https://www.ibm.com/support/pages/node/251547", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:58:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in July 2014. \n\n## Vulnerability Details\n\nThe following two advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere eXtreme Scale may be vulnerable to them. \n \nCVEID: [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \nDESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \nCVEID: [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \nDESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**WebSphere eXtreme Scale client and server 7.1.0 at all fix pack and interim fix levels.** \n** WebSphere eXtreme Scale client and server 7.1.1 at all fix pack and interim fix levels.** \n** WebSphere eXtreme Scale client and server 8.5.0 at all fix pack and interim fix levels.** \n** WebSphere eXtreme Scale client and server 8.6.0 at all fix pack and interim fix levels prior to 8.6.0.6.** \n \n**When WebSphere eXtreme Scale clients or servers are deployed within WebSphere Application Server, the Java SDK of the WebSphere Application Server is used, and therefore it is not necessary to install a new level of WebSphere eXtreme Scale. See the security bulletin for WebSphere Application Server at this link: **[**_https://www-304.ibm.com/support/docview.wss?uid=swg21680418_**](<https://www-304.ibm.com/support/docview.wss?uid=swg21680418>)\n\n## Remediation/Fixes\n\nApply an interim fix or fix pack as documented in the table. Later versions of WebSphere DataPower XC10 Appliance fixes and fix packs will also include the fix for APAR PI31212. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nWebSphere eXtreme Scale| Version 7.1.0| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.0.3&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.0.3&platform=All&function=all>) \nWebSphere eXtreme Scale| Version 7.1.1| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.1.1&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.1.1&platform=All&function=all>) \nWebSphere eXtreme Scale| Version 8.5.0| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=8.5.0.3&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=8.5.0.3&platform=All&function=all>) \nWebSphere eXtreme Scale| Version 8.6.0| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0-WS-WXS-FP0000006&includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0-WS-WXS-FP0000006&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:16", "type": "ibm", "title": "Security Bulletin: Several Vulnerabilities in the Java SDK affect WebSphere eXtreme Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:02:16", "id": "7867594F3F661628BC072448F76C9D640CC551AA7B923B0ECA02D677F1DD75F3", "href": "https://www.ibm.com/support/pages/node/521587", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Service Tester and were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nRational Service Tester versions 8.1 - 8.6\n\n## Remediation/Fixes\n\nUpgrade to [Rational Service Tester for SOA Quality Fix Pack 1 (8.6.0.1) for 8.6](<http://www.ibm.com/support/docview.wss?uid=swg24037362>) \n \nRational Service Tester 8.6.0.1 provides IBM JRE 7 iFixes which corrects these issues. \n \n**_Vendor Fix(es):_** \n \nExample: \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRST| 8.5 - 8.5.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.5.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \nRST| 8.3 - 8.3.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.3.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \nRST| 8.2 -8.2.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.2.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \nRST| 8.1 - 8.1.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.1.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:57:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T04:57:17", "id": "9A332AF9365C662A856919E84FA647993F65B0E6F6E22786914A7A4BD74A439D", "href": "https://www.ibm.com/support/pages/node/251549", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:00:59", "description": "## Summary\n\nRemote execution vulnerability in Apache Commons Collections affects Intelligent Operations Center components WebSphere Application Server (WAS) or WAS Hypervisor Edition.\n\n## Vulnerability Details\n\n**CVE ID**:** **[](<https://vulners.com/cve/CVE-2014-3566>)[CVE-2015-7450](<https://vulners.com/cve/CVE-2015-7450>) \n \nDescription: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107918_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107918>) for the current score \nCVSS Environmental Score*: Undefined \n\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects editions of WebSphere Application Server and bundling products, and all versions and releases of IBM WebSphere Application Server in: \n\nVersions 1.5 and 1.6, all sub-versions, of\n\n * IBM Intelligent Operations Center\n * IBM Intelligent Operations for Water\n * IBM Intelligent Operations for Transportation\n * IBM Intelligent City Planning and Operations\n \nVersions 5.1 and all sub-versions of \nIBM Intelligent Operations Center \n\n## Remediation/Fixes\n\nIf you have version 5.1 or later, see **_For Intelligent Operations Center 5.1.x_** below. \n \n**_For Intelligent Operations Center (IOC), Intelligent Transportation, and Intelligent Water Versions 1.6 Standard or High Availability:_** \nFor High Availability, the same steps apply. Stop both Analytics servers and both Applications servers and perform the upgrade by using IBM Installation Manager on the second Analytics server and the second Applications server after you perform the upgrade on the primary Analytics server and the primary Applications server. \n \nYou must update WebSphere Application Server on all Analytics servers and all Applications servers. \n \n**Installation prerequisites for Analytics and Applications servers.** \n \n1) You must have a Passport Advantage ID and password. \n \n2) Log in as root on each server. \n \n3) All servers should have access to the internet for the following instructions. \n\nIf the servers do not have access to the internet, you can download the fix or interim fix from the internet on another system and transfer the fix or interim fix to the file system on each server that must be updated. Follow the instructions in the link below and in the refer-to section. \n \nDownload the files that contain the fixes from Fix Central, and use local updating. For the following steps that use IBM Installation Manager to install the WebSphere update, use the URL: \n[`**_https://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en_**`](<https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en>) \n \nThe fix that you must download for WebSphere is located here: \n[`_http://www-01.ibm.com/support/docview.wss?uid=swg21970575_`](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n4) **Either perform the update using a graphical user interface (GUI):**\n\nLog in to a GUI desktop on Linux. \nThe desktop can be either Gnome or KDE. \nIf a desktop is not installed, you can use these steps to install a desktop: a) Enter the command: `**yum -y groupinstall \"X Window System\" Desktop**` b) Modify the file `**/etc/inittab**` to contain the line: `**id:5:initdefault:**` c) Reboot the operating system. ** Or**** perform the update by using a command prompt:**\n\nIf you have not installed a desktop, and you do not wish to install a desktop for the IBM Installation Manager, you can install interim fixes from a command prompt by following the syntax and commands described here: <https://www.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.installation.base.doc/info/aes/ae/tins_install_fixes_dist_cl.html?lang=en> Follow the advice in this link wherever the IBM Installation Manager is mentioned in the rest of these procedures. \n5) Either use `IOCControl` with the IOC Topology password to stop WebSphere on the Analytics servers and on the Applications servers, or stop WebSphere by using another method such as the IBM Integrated Console. \n \n \n**Upgrading WebSphere Application Server on the Analytics servers** \n \n \nTo perform the upgrade, follow these steps: \n \n1) Log on to each Analytics server through a terminal server: \n\nLog on as user `**ibmadmin**` if possible. \nIf `**ibmadmin**` is unavailable, \nlog on as user `**root**` and enter the command: `**perform \"su - ibmadmin\".**` \n2) Enter the command: `**IOCControl -a stop -c ana -p \"ioc topology password\"**` When the **IOCControl** command finishes, you should see output such as this: \n\n`**IBM COGNOS Enterprise node agent (anacognosnode) - [ off ] \nIBM COGNOS Enterprise dispatcher (anacognosdisp) - [ off ] \nIBM COGNOS Enterprise gateway (anacognosgw) - [ off ] \nIBM ILOG CPLEX Optimization Studio node agent (anacplexnode) - [ off ] \nIBM ILOG CPLEX Optimization Studio server (anacplexserv) - [ off ]**` \n`**IBM SPSS Modeler server (anaspss) - [ on ]**` \n3) Log on to the Analytics server as user `**root**` by using the Gnome desktop or the KDE desktop. \n \n4) Configure the Installation Manager: \n\na) Start the Installation Manager through the GUI : **Applications -> IBM Applications Installation Manager** b) In **File -> Preferences .... Passport Advantage**, select **\"Connect to Passport Advantage\"** Click **Apply** and then click **OK.** \nc) In **File -> Preferences .... Repository**, clear the selection for every repository that begins with the string `**\"/tmp/ioc\" or \"/installMedia/*\"**`. These repositories are no longer relevant, and can be deleted. d) Select `**\"Search service repositories during installation and updates\"**`. Click **Apply** and then click **OK.** e) In `**File -> Preferences --> Updates**`, select `**\"Search for Installation Manager updates ..\"**`. Click **Apply** and then click **OK.** The Installation Manager then looks for updates for the IBM Installation Manager Program itself. \nf) Stop and restart the IBM Installation Manager. \n5) Update the components on the Analytics server: \n\na) Start the Installation Manager through the GUI: **Applications -> IBM Applications Installation Manager** b) Select` ``**'Update'**`. \nc) Select `**'Next'**` repeatedly until you are prompted for an IBM ID and password. On the next screen, where you are prompted for a Master Password, click `**'Cancel'**`. d) If you are prompted to perform an update to a new version of Installation Manager, click `**'Yes'**` to perform the upgrade, and then click `**'OK'**` to restart the Installation Manager when prompted. e) If you upgraded the Installation Manager, select `**\"Update\"**` again. \ng) If you are prompted to attach to the IBM WebSphere Application Server Repository, select `**'Yes'**`. h) Enter your IBM ID and password. \ni) On the \"Update Packages\" screen, in the Package Group Name column, select \"IBM WebSphere Application Server Network Deployment V8.0\", and click `**'Next'**`. \n**_Do not select \"IBM SPSS Collaboration and Deployment Services 7.0\", and do not select \"Update all packages with recommended updates and recommended fixes\". IOC is incompatible with the upgrade to SPSS._** j) Select all available fixes for \"WebSphere Application Server Network Deployment\". You must apply the Apache Commons fix **8.0.0.0-WS-WAS-IFPI52103**. \n**Note: This fix might not appear initially. You might have to apply earlier fixes to WebSphere Application Server before you can see this fix.** \nIf necessary, re-run IBM Installation Manager, select `**\"Update Packages for IBM WebSphere Application Server Network Deployment V8.0\"**`, and then select `**\"All available fixes for WebSphere Application Server Network Deployment\"**`. \nApply all outstanding WebSphere Application Server updates. \n6) Log in at a terminal prompt as user `**ibmadmin**`. \n\n7) Start the Analytics server by entering the command: `**IOCControl -a start -c ana -p ibmioc16**` Wait for these lines to appear in the output: `**IBM COGNOS Enterprise node agent (anacognosnode) - [ on ]**` `** IBM COGNOS Enterprise dispatcher (anacognosdisp) - [ on ] \nIBM COGNOS Enterprise gateway (anacognosgw) - [ on ] \nIBM ILOG CPLEX Optimization Studio node agent (anacplexnode) - [ on ] \nIBM ILOG CPLEX Optimization Studio server (anacplexserv) - [ on ]**` \n`** IBM SPSS Modeler server (anaspss) - [ on ]**` \n8) To verify that the fixpacks and ifixes are installed on WebSphere Application Server, perform the following steps: \na) Log on to a terminal session as user `**root**`. \nb) Enter the commands: `**cd /opt/IBM/WebSphere/AppServer/bin **` \n`**./versionInfo.sh -fixpacks **` \n`**./versionInfo.sh -ifixdetail **` For more information on the `**versionInfo.sh**` command, see:[_http://www.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en_](<http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en>) \nThe upgrade to WebSphere Application Server on the Analytics server is now complete. \n \n**Upgrading WebSphere Application Server on the Applications servers** \n \nTo perform the upgrade, follow these steps: \n \n1) Log on to the Analytics server through a terminal server. \n\nLog on as user `**ibmadmin**` if possible. \nIf `**ibmadmin**` is unavailable, \nlog on as user `**root**` and enter the command: `**perform \"su - ibmadmin\".**` \n2) Enter the command: `**IOCControl -a stop -c app -p \"topology password\"**` \nWhen the **IOCControl** command finishes, you should see output such as this: `** IBM WebSphere Application Server Network Deployment (appdmgr) - [ off ] \nIBM Business Monitor node agent (appbmonnode) - [ off ] \nIBM Business Monitor server (appbmonserv) - [ off ] \nIBM Lotus Sametime Proxy node agent (appstproxynode) - [ off ] \nIBM Lotus Sametime Proxy server (appstproxyserv) - [ off ] \nIBM Worklight node agent (appwrkltnode) - [ off ] \nIBM Worklight server (appwrkltserv) - [ off ] \nIBM WebSphere Portal Enable node agent (appwpenode) - [ off ] \nIBM WebSphere Portal Enable server (appwpeserv) - [ off ] \nIOP SVC tool node agent (appiopnode) - [ off ] \nIOP SVC tool server (appiopserv) - [ off ] \nIBM HTTP Server administration server - web server (webihsadm) - [ off ]**` \n`** IBM HTTP Server web server - web server (webihsserv) - [ off ]**` \n \n3) Log on to the Applications server as `**root**` by using the Gnome desktop or the KDE desktop. \n \n4) Configure the Installation Manager: \n\na) Start the Installation Manager through the GUI: **Applications -> IBM Applications Installation Manager** b) In **File -> Preferences .... Passport Advantage**, select **\"Connect to Passport Advantage\".** Click **Apply** and then click **OK.** \nc) In **File -> Preferences .... Repository**, clear the selection for every repository that begins with the string `**\"/tmp/ioc\"**` or `**\"/installMedia/*\"**`. These repositories are no longer relevant, and can be deleted. d) Select `**\"Search service repositories during installation and updates\"**`. Click **Apply** and then click **OK.** e) In `**File -> Preferences --> Updates**`, select `**\"Search for Installation Manager updates ..\"**`. Click **Apply** and then click **OK.** The Installation Manager then looks for updates for the IBM Installation Manager Program itself. \nf) Stop and restart the IBM Installation Manager. \n5) Update the components on the Applications server: a) Start the Installation Manager through the GUI: `**Applications -> IBM Applications Installation Manager**` b) Select `**'Update'**`. \nc) Select `**'Next'**` repeatedly until you are prompted for an IBM ID and password. On the next screen, that prompts for a Master Password, click `**'Cancel'**`. d) If you are prompted to perform an update to a new version of Installation Manager, click `**'Yes'**` to perform the upgrade, and then click `**'OK'**` to restart the Installation Manager when prompted. e) If you upgraded the Installation Manager, select `**\"Update\"**` again. \nf) If you are prompted to attach to the IBM WebSphere Application Server Repository, select `**'Yes'**`. g) Enter your IBM ID and password. \nh) On the \"Update Packages\" screen, in the Package Group Name column, select \"IBM WebSphere Application Server Network Deployment V8.0\" and click `**'Next'**`. \n**_Do not select \"IBM SPSS Collaboration and Deployment Services 7.0\", and do not select \"Update all packages with recommended updates and recommended fixes\". IOC is incompatible with the upgrade to SPSS._** i) Select all available fixes for \"WebSphere Application Server Network Deployment\". You must apply the Apache Commons fix `**8.0.0.0-WS-WAS-IFPI52103**`. \n**Note: This fix might not appear initially. You might have to apply earlier fixes to WebSphere Application Server before you can see this fix.** \nIf necessary, re-run IBM Installation Manager, select `**\"Update Packages for IBM WebSphere Application Server Network Deployment V8.0\"**` and then select `**\"All available fixes for WebSphere Application Server Network Deployment\"**`. Apply all outstanding WebSphere Application Server updates. \n6) Log on to a terminal prompt as user `**ibmadmin**`. \n \n7) Start the Applications server by entering the command: \n\n`**IOCControl -a start -c app -p **``**\"ioc topology password\"**` Wait for these lines to appear in the output: \n`** IBM WebSphere Application Server Network Deployment (appdmgr) - [ on ]**` \n`** IBM Business Monitor node agent (appbmonnode) - [ on ] \nIBM Business Monitor server (appbmonserv) - [ on ] \nIBM Lotus Sametime Proxy node agent (appstproxynode) - [ on ] \nIBM Lotus Sametime Proxy server (appstproxyserv) - [ on ] \nIBM Worklight node agent (appwrkltnode) - [ on ]**` \n`** IBM Worklight server (appwrkltserv) - [ on ]**` \n`** IBM WebSphere Portal Enable node agent (appwpenode) - [ on ]**` \n`** IBM WebSphere Portal Enable server (appwpeserv) - [ on]**` \n`** IOP SVC tool node agent (appiopnode) - [ on ] \nIOP SVC tool server (appiopserv) - [ on ] \nIBM HTTP Server administration server - web server (webihsadm) - [ on ]**` \n`** IBM HTTP Server web server - web server (webihsserv) - [ on ]**` \n8) To verify that the fix packs and interim fixes are installed on WebSphere Application Server, perform the following steps: a) Log on to a terminal session as user `**root**`. \nb) Enter the commands: `**cd /opt/IBM/WebSphere/AppServer/bin **` \n`**./versionInfo.sh -fixpacks **` \n`**./versionInfo.sh -ifixdetail **` For more information on the `**versionInfo.sh**` command, see:[_http://www.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en_](<http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en>) \nThe upgrade to WebSphere Application Server on the Applications server is now complete. \n \n**_For Intelligent Operations Center 5.1.x:_** \n \n**Installation prerequisites for Analytics and Applications servers.** \n \n1) You must have a Passport Advantage ID and password. \n \n2) Log in as user `**root**` on each server. \n \n3) All servers should have access to the internet for the following instructions. If the servers do not have access to the internet, you can download the fix or interim fix from the internet on another system and transfer the fix or interim fix to the file system on each server that must be updated. Follow the instructions in the link below and in the refer-to section. \n \nDownload the files that contain the fixes from Fix Central, and use local updating. For the following steps that use IBM Installation Manager to install the WebSphere update, use the URL: \n[`**_https://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en_**`](<https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en>) \n \nThe fix that you must download for WebSphere is located here: \n[`_http://www-01.ibm.com/support/docview.wss?uid=swg21970575_`](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n \n4) **Either perform the update using a ****graphical user interface (****GUI):**\n\nLog in to a GUI desktop on Linux. \nThe desktop can be either Gnome or KDE. \nIf a desktop is not installed, you can use these steps to install a desktop: a) Enter the command: `**yum -y groupinstall \"X Window System\" Desktop**` b) Modify the file `**/etc/inittab**` to contain the line: `**id:5:initdefault:**` c) Reboot the operating system. ** Or perform the update by using a command prompt:**\n\nIf you have not installed a desktop, and you do not wish to install a desktop for the IBM Installation Manager, you can install interim fixes from a command prompt by following the syntax and commands described here: <https://www.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.installation.base.doc/info/aes/ae/tins_install_fixes_dist_cl.html?lang=en> Follow the advice in this link wherever the IBM Installation Manager is mentioned in the rest of these procedures. \n**Detailed Steps to perform the upgrade:** \n \n1) Stop the Liberty server that runs on the Applications server. \n\na) Log on to the Applications server as `root`. \nb) Enter the commands: `**cd /opt/ibm/ioc51install/sample**` \n`**./maint.sh**` c) Under the title `**\"Control an IOC single-server instance\"**`, select `**\"4b) Stop Liberty <**``**_server_**``**>\"**`. \n2) Log on to the Applications server as `**root**` by using the Gnome desktop or the KDE desktop. \n \n3) **_Either_****_ _****_perform the update using a GUI:_**\n\nUpdate the components on the Applications server, including Liberty: a) Start the Installation Manager through the GUI: **Applications -> IBM Applications Installation Manager** b) Select `**'Update'**`. \nc) Select `**'Next'**` repeatedly until you are prompted for an IBM ID and password. \nd) If you are prompted to perform an update to a new version of Installation Manager, click `**'Yes'**` to perform the upgrade and then click `**'OK'**` to restart the Installation Manager when prompted. e) If you upgraded the Installation Manager, select `**\"Update\"**` again. \nf) On the `\"Configuration for IBM WebSphere Application Server Liberty Network Deployment 8.5.5.7\"` panel, select `**\"Launch Asset Selection Wizard\"**`. \ng) Select `**\"Update all packages with recommended updates and recommended fixes\"**` \nh) Enter your IBM ID and password. \ni) Accept the terms of the license agreement, and click `**'Finish'**`. \nj) On the \"Update Packages\" screen, in the Package Group Name column, select \"IBM WebSphere Application Server Network Deployment V8.0\" and click `**'Next'**`. \n**_Do not select \"IBM SPSS Collaboration and Deployment Services 7.0\", and do not select \"Update all packages with recommended updates and recommended fixes\". IOC is incompatible with the upgrade to SPSS._** k) Select all available fixes for \"WebSphere Application Server Network Deployment\". You must apply the Apache Commons fix **8.0.0.0-WS-WAS-IFPI52103**. \n**Note: This fix might not appear initially. You might have to apply earlier fixes to WebSphere Application Server to see this fix.** \nIf necessary, re-run IBM Installation Manager, select `**\"Update Packages for IBM WebSphere Application Server Network Deployment V8.0\"**` and then select `**\"All available fixes for WebSphere Application Server Network Deployment\"**`. \nApply all outstanding WebSphere Application Server updates. \nWhen you have applied all the WebSphere Application Server fixes, proceed to the next step. \n**_Or perform the update using a command line:_**\n\na) Download the `**8.5.5.7-WS-WLP-DistOnly-IFPI52103**``**.zip**` file to a local system. \nb) Upload the compressed file to the `**/tmp**` file system on the Application Server. \nc) Log on to a terminal session as the `root` user. \nd) Execute these two commands to perform the installation: `**cd /opt/IBM/InstallationManager/eclipse/tools**` \n \n`**/imcl install 8.5.5.7-WS-WLP-DistOnly-IFPI52103**` `** -installationDirectory /opt/IBM/WebSphere/wlp -repositories**` \n`** /tmp/8.5.5.7-ws-wlp-distonly-ifpi52103.zip**` \nThese commands install `8.5.5.7-WS-WLP-DistOnly-IFPI52103_8.5.5007.20151114_2058` to the `/opt/IBM/WebSphere/wlp` directory. \ne) To validate the installation perform the command: `**./imcl listInstalledPackages -long**` \n4) Start the Liberty server with the commands: \n\n`**cd /opt/ibm/ioc51install/sample**` \n`**./maint.sh**` 5) Under the title `**\"Control an IOC single-server instance\"**`, \n\nselect `**\"4a) Start Liberty <**``**_server_**``**>\"**`.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons in\u00a0IBM WebSphere Application Server affects Intelligent Operations Center and related products\u00a0(CVE-2015-7450)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2015-7450"], "modified": "2022-08-19T21:04:31", "id": "63DAED287E5E589CB66DEE42D6AD62CBADA57BF5A22C757E4A6252674CC1D266", "href": "https://www.ibm.com/support/pages/node/272121", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-05T17:35:38", "description": "## Summary\n\nIBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed are vulnerable to attacks related to Java vulnerabilites. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566).\n\n## Vulnerability Details\n\nIBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed servers are Java applications running in WebSphere Application Server container. Due to discovered Java vulnerabilities, the servers are vulnerable as specified by the following advisories: \n\n**CVEID:** [CVE-2014-3566](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>)** \nDESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused\n\n \nby a design error when using the SSLv3 protocol. A remote user with the ability to conduct a \nman-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On \nDowngraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of \nencrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2014-6457_](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial \nconfidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Tivoli Asset Discovery for Distributed v7.2.2 & v7.5, IBM License Metric Tool v7.2.2, v7.5 & v 9.0, IBM Endpoint Manager for Software Use Analysis v9.0\n\n## Remediation/Fixes\n\nIf your product is version 7.2.2 or 7.5: \n\n * Apply Interim Fix for your version of WebSphere as described in the following technote: [](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)<http://www.ibm.com/support/docview.wss?uid=swg21687740>. Products with version 7.2.2 use WebSphere 6.1, and products with version 7.5 use WebSphere 7.0.\nIf your product is version 9.0: \n * Upgrade your product to version 9.1.0.2 manually or with a fixlet.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.5;9.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-19T23:26:06", "type": "ibm", "title": "Security Bulletin: IBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed Java-related vulnerabilities - October 2014", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2022-08-19T23:26:06", "id": "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "href": "https://www.ibm.com/support/pages/node/525721", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, versions 1.5, 1.6 and 1.7 which are used by IBM Rational RequisitePro. These issues were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n \n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score: **4 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Version**\n\n| **Status** \n---|--- \n7.1.4 through 7.1.4.6| Affected \n7.1.3 through 7.1.3.13| Affected \n7.1.0.x, 7.1.1.x (all versions), 7.1.2 through 7.1.2.16| Affected \n \n## Remediation/Fixes\n\n**Affected Version**\n\n| **Applying the fix** \n---|--- \n7.1.3.x and 7.1.4.x| These releases use an installation of WAS separately installed and maintained from the ReqPro installation. \n\nDetermine the version of WAS that your deployment is using and follow the instructions at [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) to update your version of the JRE supplied by WAS. \n \n7.1.0.x, 7.1.1.x and 7.1.2.x| \nThese releases ship with, install and configure WAS version 6.1.0.25. review document 1390803: [_How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1_](<http://www.ibm.com/support/docview.wss?uid=swg21390803>). The same instructions apply to RequisitePro. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:59:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect RequisitePro (CVE-2014-3566 and CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T04:59:29", "id": "D528CCE84D3A26BB724A3D7A450784D5AE4C51476CEE59FD639160121DCCD849", "href": "https://www.ibm.com/support/pages/node/524685", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.5, 1.6, 1.7 that is used by IBM Rational Build Forge. These issues were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>) \n \n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n\nAs the new version of JDK does not support secure communication with protocol SSLV3 and below (review article [1688165: IBM SDK, Java Technology Edition fixes to mitigate against the POODLE security vulnerability (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21688165>) for details), ensure that your connections (JDBC, agent to console connection, Java API to Build Forge service) doesn't use SSLV1, SSLV2, SSLV3 protocol; otherwise it will cause `Error: SSLv3 SSLContext not available.` \n \nFor example:\n\nIf your BuildForge uses sqlserver 2005 and sqlserver 2005 enables sslv3 for its connection, \nBuildForge will throw the following exception when connectting to sqlserver 2005 by jdbc: \n \n`Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create \nPoolableConnectionFactory (The driver could not establish a secure \nconnection to SQL Server by using Secure Sockets Layer (SSL) \nencryption. Error: SSLv3 SSLContext not available.) \nCaused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver \ncould not establish a secure connection to SQL Server by using Secure \nSockets Layer (SSL) encryption. Error: SSLv3 SSLContext not available. `\n\n## Affected Products and Versions\n\nAffected versions: 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3, 7.1.3, 7.1.3.1, 7.1.3.2, 7.1.3.3, 7.1.3.4, 7.1.3.5, 7.1.3.6, 8.0, 8.0.0.1, 8.0.0.2\n\n## Remediation/Fixes\n\nApply the correct fix pack or iFix for your version of Build Forge: \n\n**Affected Version**| **Fix** \n---|--- \nBuild Forge 7.1.1.0 - 7.1.1.4| 7.1.1.4 iFix (not released yet) or upgrade to 7.1.2.x or 7.1.3.x \n \n**Note:** If you need 7.1.1.4 iFix contact IBM support \nBuild Forge 7.1.2.0 - 7.1.2.3| [7.1.2.3 iFix 4](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=buildforge-7.1.2.3-4-0090&source=SAR>) \nBuild Forge 7.1.3.0 - 7.1.3.6| [7.1.3.6 iFix 2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=buildforge-7.1.3.6-2-0078&source=SAR>) \nBuild Forge 8.0 - 8.0.0.2| [8.0.0.2 iFix 3](<https://jazz.net/downloads/rational-build-forge/releases/8.0.0.2iFix3>) \n \n## Workarounds and Mitigations\n\nIf BuildForge does not enable SSL for the Console and Agent communication, or Console and API communication, you are not affected by **CVE-2014-6457.**\n\nIf BuildForge was installed with WebSphere Application Server (WAS), and BuildForge is using the WAS JDK, refer to the [WAS security bulletin](<http://www.ibm.com/support/docview.wss?uid=swg21692943>).\n\n**WORKAROUND:**\n\nUpgrade the IBMJDK, which is under Build Forge installation\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:58:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Build Forge (CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T04:58:43", "id": "C9B9C3B74AA9C47FD1EE5FC9560776AAE66F55010D974D183FA7510A40CE37A3", "href": "https://www.ibm.com/support/pages/node/521015", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:46:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireless Platform . This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014\n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them:- \n \n**CVE ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused \nby a design error when using the SSLv3 protocol. A remote user with the ability to conduct a \nman-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On \nDowngraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of \nencrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVE ID**: [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n \n**DESCRIPTION**: An unspecified vulnerability related to the JSSE component has partial \nconfidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \nPlease consult the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Oct 2014 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) for vulnerability details. \n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as component \n---|--- \nTivoli Network Performance Manager 1.4| Bundled the Jazz for Service Management version 1.1.0.2, IBM WebSphere version 8.5.0.1 and the JRE from IBM SDK Java 2 Technology Edition Version 7. \nTivoli Network Performance Manager 1.3.2| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Performance Manager 1.3.1| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \n \n## Remediation/Fixes\n\n[Upgrade your SDK to an interim fix level as determined below: ](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) \n<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T14:53:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server shipped with IBM Tivoli Network Performance Manager Wireless Platform (CVE-2014-3566 and CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T14:53:40", "id": "D14EDC67B834C0978CC140C1E958B367C219D7AC61409ECE5A3D8285E6A6E34E", "href": "https://www.ibm.com/support/pages/node/520885", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:54:54", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 (Service Refresh 16-FP1 and earlier) and 7 (Service Refresh 7-FP1 and earlier) that is used by IBM Cognos TM1. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos TM1 10.1.1 \n\nIBM Cognos TM1 10.2.0\n\nIBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix in one of the IBM Cognos TM1 interim fixes listed as soon as practical. \n \n[IBM Cognos TM1 10.1.1.2 IF3](<http://www-01.ibm.com/support/docview.wss?uid=swg24039380>)\n\n[IBM Cognos TM1 10.2.0.2 IF3](<http://www-01.ibm.com/support/docview.wss?uid=swg24039379>)\n\n[IBM Cognos TM1 10.2.2 FP2](<http://www-01.ibm.com/support/docview.wss?uid=swg24038876>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T22:35:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T22:35:24", "id": "4236525AFBF4BBBAB3E2E3C6F2354D45B065C144D4682294F539A06FF126BE91", "href": "https://www.ibm.com/support/pages/node/527205", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:46:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireline Platform . This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them. \n\nCVE-ID: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n \nDESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\nCVEID: [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\nPlease consult the security bulletin [_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Oct 2014 CPU_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) for vulnerability details. \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected IBM WebSphere Application Server Version \n---|--- \nTivoli Netcool Performance Manager version 1.3.1, 1.3.2, 1.3.3, 1.4.0| WAS version 6.1, 7.0, 8.0, 8.5 \n \n## Remediation/Fixes\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T14:54:01", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in IBM Java SDK shipped with WebSphere Application Server affect Tivoli Netcool Performance Manager TNPM Wireline (CVE-2014-3566 and CVE-2014-6457).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T14:54:01", "id": "336E9B55A0ECBC8F9A88833E9FA9380FAFD9D55323FC4120FA081C19C27D9AE7", "href": "https://www.ibm.com/support/pages/node/522089", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:58:08", "description": "## Summary\n\nTwo vulnerabilities are present in IBM\u00ae SDK Java\u2122 Technology Edition as embedded in the WebSphere DataPower XC10 Appliance. This issue was disclosed as part of the IBM SDK Java updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections.\n\n \n \n \n\n\n**CVSS Base Score: 4.3 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**\n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n \n \n \n\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \n \n\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance Version 2.1 \n \n \n\n\nWebSphere DataPower XC10 Appliance Version 2.5\n\n## Remediation/Fixes\n\nThe only remediation is to apply the following fix: \n \n\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_WebSphere DataPower XC10 Appliance_| _Version 2.1_| _IT06459_| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.1.0.3&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.1.0.3&platform=All&function=all>) \n_WebSphere DataPower XC10 Appliance_| _Version 2.5_| _IT06459_| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \n_WebSphere DataPower XC10 Virtual Appliance_| _Version 2.5_| _IT06459_| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \n \nA previous fix for the IBM DataPower XC10 Appliance versions 2.1 and 2.5 provided protection from CVE-2014-3566, by making it possible to disable SSLv3 on the appliance. With that fix, it was still possible, although not recommended, to configure the appliance to use the SSLv3 protocol. \n \nOnce the fix from the previous table is applied, the appliance can no longer be configured to support SSLv3 at all. IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol, and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is to disable SSLv3. Verify that disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:25", "type": "ibm", "title": "Security Bulletin: Two vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition affect WebSphere DataPower XC10 Appliance:CVE-2014-3566,CVE-2014-6457", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:02:25", "id": "E9207C14E450070B517EE19B6B8FA6D70E28356D6250001905B7277FBDB352CA", "href": "https://www.ibm.com/support/pages/node/525731", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:41:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by ClearQuest Web and ClearQuest EmailRelay. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * * Rational ClearQuest Web greater than and inclusive of ClearQuest v7.1\n * ClearQuest EmailRelay, versions 8.0.0.3 and newer, and versions 8.0.1 and newer.\n \nNote: ClearQuest EmailRelay was introduced in ClearQuest 8.0.0.3. \n\n## Remediation/Fixes\n\nClearQuest Web and ClearQuest EmailRelay use the Java runtime that is included with WebSphere Application Server. Follow instructions for updating your version of WebSphere Application Server to a version that includes the fixes. \n \nFor ClearQuest 7.1.x \nThese releases ship with, install and configure WAS version 6.1.0.25. Review technote[ 1390803:](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) [How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) \n \nFor ClearQuest 8.x \nThese releases use an installation of WAS separately installed and maintained from the ClearQuest installation. \n\nDetermine the version of WAS that your deployment is using and follow the instructions at\n\n \n[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) to update your version of the JRE supplied by WAS. This applies for all versions of ClearQuest Web Server greater than and inclusive of v7.1. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-09-29T18:04:03", "id": "92640DE0D3329771AA9E911C69D90A4970D57D796CCD9827561C866C175BDB7C", "href": "https://www.ibm.com/support/pages/node/523369", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:54:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by IBM PureApplication System. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>) \n \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Image Construction and Composition Tool v2.2.1.3 \nIBM Image Construction and Composition Tool v2.3.1.0 \nIBM Image Construction and Composition Tool v2.3.2.0\n\n## Remediation/Fixes\n\nThe solution is to apply the following IBM Image Construction and Composition Tool version fixes. \n \nUpgrade the IBM Image Construction and Composition Tool to the following fix levels or higher: \n \n\uf0b7 For\uf020IBM Image Construction and Composition Tool v2.2.1.3 \n\n\uf0b7 IBM Image Construction and Composition Tool v2.2.1.3 Build 23 \n\uf0b7 For IBM Image Construction and Composition Tool v2.3.1.0 \n\n\uf0b7 IBM Image Construction and Composition Tool v2.3.1.0 Build 38 \n\uf0b7 For\uf020IBM Image Construction and Composition Tool v2.3.2.0 \n\n\uf0b7 IBM Image Construction and Composition Tool v2.3.2.0 Build 7 \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:03:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2014-3566 and CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:03:05", "id": "ADB7392FA5FC9A8AAEE54A64933ADC904DAABB8A3306D84D94E7EF94FFB5FFE5", "href": "https://www.ibm.com/support/pages/node/264737", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:55:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by IBM Workload Deployer. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)** \n \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Workload Deployer version 3.1 and later\n\n## Remediation/Fixes\n\nThe solution is to apply the IBM Workload Deployer Interim Fix6. \n \nUpgrade the IBM Workload Deployer to the following fix level: \n \n\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Workload Deployer System| Release V3.1.0.7| IWD 3.1.0.7 Interim Fix 6 \n \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix6-IBM_Workload_Deployer&includeSupersedes=0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix6-IBM_Workload_Deployer&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer. (CVE-2014-6457, CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:02:44", "id": "F0650A373BAAFA4560B631CEF4532A331D4E8099892CB3991846949884E9E3CE", "href": "https://www.ibm.com/support/pages/node/259253", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:41:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 5 and 6 that are used by IBM Rational ClearCase. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nOnly the ClearCase Remote Client/ClearTeam Explorer component of ClearCase is affected. \n \n\n\n**ClearCase Remote Client/ClearTeam Explorer version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.6\n\n| \n\nAffected \n \n8.0 through 8.0.0.13\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.16\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nThe solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 7 (8.0.1.7) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24039409>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 14 (8.0.0.14) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24039407>) \n \n7.1.2.x \n7.1.1.x \n7.1.0.x\n\n| Customers on extended support contracts should install [Rational ClearCase Fix Pack 17 (7.1.2.17) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24039405>) \n \n**Notes: **\n\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), you should update the Java\u2122 Virtual Machine used by Eclipse to include a fix for CVE-2014-3566 and CVE-2014-6457. Contact the supplier of your Eclipse or Java\u2122 Virtual Machine for instructions on updating Eclipse.\n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-07-10T08:34:12", "id": "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "href": "https://www.ibm.com/support/pages/node/257183", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:20", "description": "## Summary\n\nTwo possible security vulnerabilities have been reported in RLKS Administration and Reporting Tool. There have been no reported exploits of these vulnerabilities.\n\n## Vulnerability Details\n\n**CVE ID: **[CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE ID: **[CVE-2014-4244](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4\n\nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability impacts the following RLKS components and its releases: \n\n * RLKS Administration and Reporting Tool version 8.1.4\n * RLKS Administration and Reporting Tool version 8.1.4.2\n * RLKS Administration and Reporting Tool version 8.1.4.3\n * RLKS Administration and Reporting Tool version 8.1.4.4\n * RLKS Administration and Reporting Tool version 8.1.4.5\n * * RLKS Administration Agent version 8.1.4\n * RLKS Administration Agent version 8.1.4.2\n * RLKS Administration Agent version 8.1.4.3\n * RLKS Administration Agent version 8.1.4.4\n * \n**Note:** This vulnerability has been fixed in RLKS Administration Agent version 8.1.4.5. \n\n## Remediation/Fixes\n\nReplace the JRE used in RLKS Administration and Reporting Tool and IBM Rational License Key Server Administration Agent. \n\n**_Steps to replace the JRE in _****_RLKS Administration and Reporting Tool (All Versions)_**\n\n 1. Go to [Fix Central](<http://www.ibm.com/support/fixcentral>) \n\n 2. On the **Find product** tab, enter _Rational Common Licensing_ in the **Product Selector** field and hit enter. \n\n 3. Select the **Installed Version** and hit continue button. \n\n 4. Select the platform of the machine where RLKS Administration and Reporting Tool is installed and hit continue button. \n\n 5. On the **Identify fixes** page, select **Browse for fixes** and select **Show fixes that apply to this version** and hit continue button. \n\n 6. Download the Java runtime iFix for RLKS Administration and Reporting Tool. \n \n**Note:** Although the name of the iFix is ** RLKS_Administration_And_Reporting_Tool_8145_Admin_iFix****_1****_<Platform>_<Architecture>**, the same ifix is applicable to all previous RLKS Administration and Reporting Tool versions. \n\n 7. Shutdown RLKS Administration and Reporting Tool. \n\n 8. Go to the installation location of RLKS Administration and Reporting Tool. \n\n 9. Rename <install location>/server/jre folder to **<install location>/server/jre_back**. \nThis step backs up the existing JRE. \n\n 10. Extract the downloaded JRE into <install location>/server/ folder \nExample: <install location>/server/jre \n\n 11. Startup RLKS Administration and Reporting Tool. \n \n\n 12. Login to the tool using rcladmin user and verify that you see the configured license servers under 'Server' tab.\n \n\n\n* * *\n\n**_Steps to replace the JRE in _****_RLKS Administration Ag_****_ent _****_[Versions 8.1.4, 8.1.4.2, 8.1.4.3, 8.1.4.4]_**_ \n_\n\nThis vulnerability has been fixed in RLKS Administration Agent 8.1.4.5. Upgrade the RLKS Administration Agent to version 8.1.4.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:59:34", "type": "ibm", "title": "Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerabilities (CVE-2014-3566, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-4244"], "modified": "2018-06-17T04:59:34", "id": "BA6814371CACE2399DA5E125DB3A16275A6BBBC34A07D0728B2EEF88D9D60F96", "href": "https://www.ibm.com/support/pages/node/524643", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:13:28", "description": "## Summary\n\nThe IBM Emptoris Program Management, IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis and IBM Emptoris Services Procurement are affected by a vulnerabilities that exists in the IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-1380_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1380>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2017-1382_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1382>)** \nDESCRIPTION:** IBM WebSphere Application Server might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Emptoris Program Management 10.0.0 through 10.1.x \nIBM Emptoris Sourcing 9.5 through 10.1.x \nIBM Emptoris Contract Management 9.5 through 10.1.x \nIBM Emptoris Spend Analysis 9.5 through 10.1.x \nIBM Emptoris Services Procurement 10.x\n\n## Remediation/Fixes\n\nAn interim fix has been issued for the IBM WebSphere Application Server (WAS) which are not susceptible to this vulnerabilities. Customers running any of the IBM Emptoris products listed below should apply the interim fixes to all IBM WebSphere Application Server installations that are used to run IBM Emptoris applications. \n \nPlease refer following Security bulletins for details \n\n * [Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004786>) .\n * [Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004785>)\n \nSelect the appropriate WebSphere Application Server fix based on the version being used for IBM Emptoris product version. The following table lists the IBM Emptoris application versions along with the corresponding required version of IBM WebSphere Application Server and a link to the corresponding fix version where further installation instructions are provided. \n \n \n\n\n**Emptoris Product Version**\n\n| \n\n**WAS Version**\n\n| \n\n**Interim Fixes** \n \n---|---|--- \n9.5.x.x| 8.0.0.x| Apply Interim Fixes [_ PI82078_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043881>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) and [_PI79343_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043871>)_ _ \n \n10.0.0.x, 10.0.1.x| 8.5.0.x \n10.0.2.x , \n10.0.4| 8.5.5.x \n10.1.x| 8.5.5.x \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 August 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Platform\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-16T20:11:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380, CVE-2017-1382)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1380", "CVE-2017-1382"], "modified": "2018-06-16T20:11:23", "id": "42312F10B1658E98D243F69333FFF10B2BDEDA9D5663B5D9DA8AA5CCFABD9196", "href": "https://www.ibm.com/support/pages/node/295449", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-23T21:52:25", "description": "## Summary\n\nThere are multiple vulnerabilities in Oracle Java SE Runtime Environment, Versions 1.6.0 and 1.7.0 that is used by IBM Flex System Manager (FSM) SMIA Configuration Tool. These issues were disclosed as part of the Oracle updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in Oracle Java SE Runtime Environment, Versions 1.6.0 and 1.7.0 that is used by IBM Flex System Manager (FSM) SMIA Configuration Tool. These issues were disclosed as part of the Oracle updates in October 2014 and January 2015.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\n**Description:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100153> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6468](<https://vulners.com/cve/CVE-2014-6468>)\n\n**Description:** An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.\n\nCVSS Base Score: 6.9 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97138> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-6517](<https://vulners.com/cve/CVE-2014-6517>)\n\n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to obtain sensitive information.\n\nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97145> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6512](<https://vulners.com/cve/CVE-2014-6512>)\n\n**Description:** Oracle Java SE and JRockit could allow a remote attacker to bypass security restrictions, caused by the failure to perform source address checks for packets received on a connected socket by the DatagramSocket implementation in OpenJDK. An attacker could exploit this vulnerability to process packets as if they were received from the expected source.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97147> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6558](<https://vulners.com/cve/CVE-2014-6558>)\n\n**Description:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n## Affected products and versions\n\n * Flex System Manager 1.1.x.x\n * Flex System Manager 1.2.0.x\n * Flex System Manager 1.2.1.x\n * Flex System Manager 1.3.0.x\n * Flex System Manager 1.3.1.x\n * Flex System Manager 1.3.2.x\n\n## Remediation/Fixes\n\nIBM recommends updating the Flex System Manager (FSM) SMIA using the instructions referenced in the table below.\n\nProduct | VRMF | APAR | SMIA Remediation \n---|---|---|--- \nFlex System Manager | 1.3.3.x | IT10005 | [ fsmfix1.3.3.0_IT10005](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT10005>) \nFlex System Manager | 1.3.2.x | IT10005 | [ fsmfix1.3.2.0_IT10005](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT10005>) \nFlex System Manager | 1.3.1.x | IT10005 | [ fsmfix1.3.1.0_IT10005](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.1.0_IT10005>) \nFlex System Manager | 1.3.0.x | IT10005 | Upgrade to FSM 1.3.2.0 and follow the appropriate remediation for all vulnerabilities, or contact IBM Support and refer to this APAR to obtain a limited availability FSM SMIA fix for version 1.3.0.x. \n \nYou should verify applying this configuration change does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nNone.\n\n## Reference\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [IBM Java SDK Security Bulletin \u2014 Jan 2015](<http://www-01.ibm.com/support/docview.wss?uid=swg21695474>)\n * [IBM Java SDK Security Bulletin \u2014 Oct 2014](<http://www-01.ibm.com/support/docview.wss?uid=swg21688283>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n05 May 2015: Original Copy Published \n29 July 2015: Updated APAR and SMIA Remediation locations\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Oracle Java SE Runtime Environment, Versions 1.6.0 and 1.7.0 affect IBM Flex System Manager (FSM) SMIA Configuration Tool.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468", "CVE-2014-6512", "CVE-2014-6517", "CVE-2014-6558", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2019-01-31T01:55:01", "id": "8EE5FD2B7726D031DAE048A3473AF9B6D6BBCDE630D4CA6375EB64AE8D8A9FAD", "href": "https://www.ibm.com/support/pages/node/866736", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:55:11", "description": "## Summary\n\nWebSphere Business Modeler, WebSphere Integration Developer, WebSphere Business Services Fabric, WebSphere Process Server and WebSphere Business Monitor are shipped as components of WebSphere Dynamic Process Edition. Information about security vulnerabilities affecting these products have been published in security bulletins. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>)[_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>)[_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Dynamic Process Edition 6.1, 6.2, 7.0 \n\nIf you are using an unsupported version, IBM strongly recommends to upgrade.\n\n## Remediation/Fixes\n\nPlease consult the security bulletins \n\n\n * [Security Bulletin: Vulnerability in IBM Java Runtimes affect Websphere Business Modeler Advanced and Websphere Business Modeler Basic (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21701056>)\n * [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21700896>)\n * [Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Business Services Fabric (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21699929>)\n * [Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Business Services Fabric](<http://www-01.ibm.com/support/docview.wss?uid=swg21697228>)\n * [Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Process Server and WebSphere Process Server Hypervisor Editions (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21699922>)\n * [Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Process Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21697229>)\n * [Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700865>)\nfor vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:46", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in bundled products shipped with WebSphere Dynamic Process Edition (CVE-2015-0138, CVE-2014-3566, CVE-2014-6593, CVE-2015-0400, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-15T07:02:46", "id": "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "href": "https://www.ibm.com/support/pages/node/259559", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:48:04", "description": "## Summary\n\nIBM Content Collector for SAP Applications ships IBM SDK Java\u2122 Technology Edition, Version 6 and Version 7, which have security vulnerabilities that might be exposed within the use of Content Collector for SAP Applications. \n\n## Vulnerability Details\n\n \n**CVE ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-0411>)[](<https://vulners.com/cve/CVE-2014-0963>)[](<https://vulners.com/cve/CVE-2014-0963>) \n**Description: ** \nProduct could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy \nEncryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n.** \nCVSS:** \nCVSS Base Score: 4.30 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (**AV:N/AC:M/Au:N/C:P/I:N/A:N****)** \n \n\n\n**CVE ID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n**CVE ID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID:** [](<https://vulners.com/cve/CVE-2014-0963>)[](<https://vulners.com/cve/CVE-2014-0963>)[CVE-2014-6457](<https://vulners.com/cve/CVE-2014-0453>) [](<https://vulners.com/cve/CVE-2014-0963>)** \nDescription:** \nAn unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n**CVSS:** \nCVSS Base Score: 4.00 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>[](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92490>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID:** [](<https://vulners.com/cve/CVE-2014-0963>)[](<https://vulners.com/cve/CVE-2014-0963>)[CVE-2014-6468](<https://vulners.com/cve/CVE-2014-0453>) [](<https://vulners.com/cve/CVE-2014-0963>)** \nDescription:** \nAn unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nThis vulnerability only applies to the Solaris platform. \n**CVSS:** \nCVSS Base Score: 6.90 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C) \n \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. \n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications V4.0\n\nIBM Content Collector for SAP Applications V3.0\n\nIBM Content Collector for SAP Applications V2.2\n\n## Remediation/Fixes\n\nIBM provides patches for the affected version. Follow the installation instructions in the README files that is included in the patch. \n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Content Collector for SAP Applications| 4.0.0.0| HE12214| Apply Interim Fix 1, which is available from Fix Central \nIBM Content Collector for SAP Applications| 3.0.0 \nFix Pack 1| HE12213| Apply Interim Fix 4, which is available from Fix Central \nIBM Content Collector for SAP Applications| 2.2.0 \nFix Pack 2| HE12207| Apply Interim Fix 2, which is available from Fix Central** (This version has reached end of support)** \n \nSee <http://www.ibm.com/support/docview.wss?uid=swg24038935> (for V4.0) and <http://www.ibm.com/support/docview.wss?uid=swg24038934> (for V3.0) respectively, for the download details. \nThe IBM Content Collector for SAP Applications Version 2.2.0 has reached end of support. \n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T12:09:29", "type": "ibm", "title": "Security Bulletin: IBM Content Collector for SAP Applications affected by vulnerabilities in IBM SDK Java\u2122 Technology Edition, Version 6 and Version 7 (CVE-2014-3566, CVE-2014-4244, CVE-2014-4263, CVE-2014-6457, CVE-2014-6468)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0411", "CVE-2014-0453", "CVE-2014-0963", "CVE-2014-3566", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2018-06-17T12:09:29", "id": "21DCD60F05F101131A882E7474AD57C6F427B431166473D46B1F1AFD8AEDC9CB", "href": "https://www.ibm.com/support/pages/node/520229", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:51:21", "description": "## Summary\n\nIBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3574_](<https://vulners.com/cve/CVE-2014-3574>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95768_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3529_](<https://vulners.com/cve/CVE-2014-3529>)** \nDESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95770_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5000_](<https://vulners.com/cve/CVE-2016-5000>)** \nDESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when XLSX2CSV example uses Java's XML components to parse OpenXML files. An attacker could exploit this vulnerability using an XML document containing an external entity reference to read arbitrary files on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115530_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115530>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Forms Experience Builder 8.5 \nIBM Forms Experience Builder 8.5.1 \nIBM Forms Experience Builder 8.6\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Forms Experience Builder| 8.5.0| LO91324| To obtain the fix and installation assistance for these versions, contact IBM Support. \nIBM Forms Experience Builder| 8.5.1| LO91324 \nIBM Forms Experience Builder| 8.6.0| LO91324| [Download and Install 8.6.4](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Collaboration%20Solutions&product=ibm/Lotus/IBM+Forms+Experience+Builder&release=8.6.3.1&platform=All&function=fixId&fixids=8.6.4-FormsExpBldr&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-06-16T20:07:27", "type": "ibm", "title": "Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3574", "CVE-2016-5000"], "modified": "2018-06-16T20:07:27", "id": "9AEF7943FC15601E8764D0053EBD7C1FB2D252A0A9CD314B104D203C2E9C2EB1", "href": "https://www.ibm.com/support/pages/node/289669", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:55:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.6 and 1.7 that is used by IBM Integration Designer (IID) and WebSphere Integration Developer (WID). These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect IBM Integration Designer and WebSphere Integration Developer.\n\n## Remediation/Fixes\n\nTo fully mitigate these vulnerabilities, an additional fix for IBM Integration Designer and WebSphere Integration Developer is required (JR52950): \n\n\n * [_WebSphere Integration Developer V7.0.0.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Integration+Developer&fixids=7.0.0.5-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V7.5.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=7.5.1.2-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.0.1.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.0.1.3-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.5.0.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.0.1-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.5.5_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.5.0-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.5.6_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.6.0-WS-IID-IFJR52950&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-15T07:02:47", "id": "FDB57FF6EA60D91604B03B14B5C488515270CCC82B932E16CB8CF68BB9DEC1A9", "href": "https://www.ibm.com/support/pages/node/259779", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:38:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nRational Developer for System z, versions 9.1.x, 9.0.x, 8.5.x, 8.0.x | \n\n * IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 8 and earlier releases\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 and earlier releases\n * IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 2 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 and earlier releases \n \n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nBy default Rational Developer for System z relies on System SSL defaults for active cipher suites, and by default, System SSL enables the RSA-EXPORT cipher suites for SSLv3 and TLSv1.0 (The cipher is not supported in TLSv1.1 and TLSv1.2). \nThe RSA-EXPORT ciphers are:\n\n * TLS_RSA_EXPORT_WITH_RC4_40_MD5 (\"03\" or \"0003\") \n * TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (\"06\" or \"0006\")\n \n \nYou can explicitly disable the usage of the RSA-EXPORT ciphers by adding the GSK_V3_CIPHER_SPECS environment variable, ensuring that the environment variable character string does not include ciphers \"03\" or \"06\". \n \nRational Developer for System z has two components that utilize System SSL: \n\n * RSE, which is used when a client connects to the host. You must specify the GSK_V3_CIPHER_SPECS environment variable in rsed.envvars, by default located in /etc/rdz. \n * Debug Manager, by means of an AT-TLS policy. You must create a file holding the GSK_V3_CIPHER_SPECS environment variable and reference it via the Envfile keyword in the TTLSGroupAdvancedParms section.\n \n** \nNotes:**\n\n * The RSED started task must be recycled for changes in rsed.envvars to be picked up. \n * The AT-TLS policy must be re-activated for the update to be picked up.\n * \n\n\nYou should verify applying this configuration change does not cause any compatibility issues.\n\n## ", "cvss3": {}, "published": "2020-10-27T15:51:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for System z CVE-2015-0138", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2020-10-27T15:51:50", "id": "3087E890AD1B34329596C16C2C76C102E962CDA62DC06323CFC97E0BC299949A", "href": "https://www.ibm.com/support/pages/node/259571", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:55:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition. These vulnerabilities affect WebSphere DataPower XC10 versions 2.1 and 2.5. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange cipher suite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance 2.1 \nWebSphere DataPower XC10 Appliance 2.5 \nWebSphere DataPower XC10 Virtual Appliance 2.5\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nWebSphere DataPower XC10 Appliance| \n\n2.1\n\n| \n\nIT07840 \n\n| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.1.0.3&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.1.0.3&platform=All&function=all>) \nWebSphere DataPower XC10 Appliance| \n\n2.5\n\n| \n\nIT07840 \n\n| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \nWebSphere DataPower XC10 Virtual Appliance| \n\n2.5\n\n| \n\nIT07840 \n\n| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nThe only mitigation is to apply the recommended fix. If you are using the WebSphere eXtreme Scale Java client to communicate with the appliance, a fix must be applied to the client as well, if that client is used to make SSL connections to servers other than the appliance. Refer to CVE-2015-0138 in the latest WebSphere eXtreme Scale security bulletin for more information. \n\n \n \n--- \n--- \n \n## ", "cvss3": {}, "published": "2018-06-15T07:02:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance: CVE-2015-0138, CVE-2014-6593, CVE-2015-0410", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-15T07:02:45", "id": "6D535A3AEF65DAA651A7961CBD4354AE631F476BC694CF73D20623E7518799AB", "href": "https://www.ibm.com/support/pages/node/260341", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:48:02", "description": "## Summary\n\nThree security vulnerabilities exist in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM. See the individual description for the details. \n\n\n## Vulnerability Details\n\n**CVEID: **[**_CVE-2014-6593_**](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) ** \n \n \n**CVEID: **[**_CVE-2015-0410_**](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) ** \n \n**CVEID: **[**_CVE-2015-0383_**](<https://vulners.com/cve/CVE-2015-0383>)** \nDESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/100148_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100148>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C) ** \n\n\n## Affected Products and Versions\n\nIBM FileNet Content Manager 5.1.0, 5.2.0, 5.2.1 (includes CSS) \nIBM Content Foundation 5.2.0, 5.2.1 (includes CSS) \nIBM FileNet BPM 4.5.1, 5.0.0, 5.2.0\n\n## Remediation/Fixes\n\nUpgrade to Java Runtime Environment (JRE) 1.6.0 SR16 FP3 or higher to avoid the security vulnerabilities listed in this Security Bulletin. By installing the applicable fixes in the table below, the private IBM JRE used by Process Engine (PE), Content Engine (CP/CPE) and Content Search Services (CSS) will be updated to 1.6.0 SR16 FP3. \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix Available** \n---|---|--- \nFileNet Content Manager| 5.1.0, \n5.2.0, \n5.2.1| 5.2.0.3-P8CPE-IF006 - April 8, 2015 \n5.2.1.0-P8CPE-IF002 - April 8, 2015 \n5.1.0.0-P8CSS-IF011 - April 8, 2015 \n5.2.0.2-P8CSS-IF003 - April 8, 2015 \n5.2.1.0-P8CSS-IF001 - April 8, 2015 \nIBM Content Foundation| 5.2.0, \n5.2.1| 5.2.0.3-P8CPE-IF006 - April 8, 2015 \n5.2.1.0-P8CPE-IF002 - April 8, 2015 \n5.2.0.2-P8CSS-IF003 - April 8, 2015 \n5.2.1.0-P8CSS-IF001 - April 8, 2015 \nFileNet BPM| 4.5.1 \n5.0.0, \n5.2.0| 4.5.1.4-P8PE-IF007 - April 8, 2015 \n5.0.0.8-P8PE-IF001 - April 8, 2015 \neProcess-5.2.0-001.005 \u2013 April 10, 2015 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:10:11", "type": "ibm", "title": "Security Bulletin: Three vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM (CVE-2014-6593, CVE-2015-0410, and CVE-20150-0383)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2018-06-17T12:10:11", "id": "224CA938B26C2905673996CDA40E1CBAD59E76C109D191E99E6B02ED34BACAC9", "href": "https://www.ibm.com/support/pages/node/527197", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-02-21T01:47:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireline Platform. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\nCVE-ID: [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/10053> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\nCVE-ID: [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\nCVE-ID: [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \nDESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nAffected eWAS Versions: IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.4, Version 8.0.0.0 through 8.0.0.10, Version 7.0.0.0 through 7.0.0.35, Version 6.1.0.0 through 6.1.0.47 are affected. This does not occur on IBM SDK, Java Technology Editions shipped with WebSphere Application Servers Fix Packs 8.5.5.5, 8.0.0.11 and 7.0.0.37 or later.\n\nPlease consult the security bulletin [_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU_](<http://www.ibm.com/support/docview.wss?uid=swg21695362>) for vulnerability details.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected IBM WebSphere Application Server Version \n---|--- \nTivoli Netcool Performance Manager version 1.3.1, 1.3.2, 1.3.3, 1.4.0| WAS version 6.1, 7.0, 8.0, 8.5 \n \n## ", "cvss3": {}, "published": "2018-06-17T14:56:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK shipped with WebSphere Application Server affects Netcool Performance Manager TNPM Wireline January 2015 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-17T14:56:36", "id": "E40D19CB074EC5FCE3429D6887B91290E1CC9895C7BA0550EB97612103C6D12D", "href": "https://www.ibm.com/support/pages/node/255987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:38:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n\u00b7 Rational Synergy release 7.2.1.3 ifix01 or earlier. \n\u00b7 Rational Synergy release 7.2.0.7 or earlier. \n\u00b7 Rational Synergy release 7.1.0.7.005 or earlier.\n\n## Remediation/Fixes\n\nReplace the JRE used in Rational Synergy. \n \n**Steps to download and replace JRE in Rational Synergy:** \n1\\. Open the list of [_Synergy downloads on Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Synergy&release=All&platform=All&function=all&source=fc>)\n\n2\\. Select the SDK and Readme for Rational Synergy which applied to your release as follows: \n \n**Note:** The fix will use the following naming convention: \n**_<V.R.M.F>_**_-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-_**_<platform>_**** \n \n**Where **<V.R.M.F> = release **& **<platform> = operating system**\n\n \no Rational Synergy 7.2.1 (uses 7.2.1.3 release designation) \n \nExample: **7.2.1.3-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-Linux**\n\no Rational Synergy 7.2.0 (uses 7.2.0.7 release designation) \n \nExample: **7.2.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-Windows **\n\no Rational Synergy 7.1 (uses 7.1.0.7 release designation) \n \nExample: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-AIX \n**Example: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-Solaris**\n\n3\\. Follow the steps in the [_Install instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27042896>) to replace the JRE.\n\n \nFollow the steps in the [_HPUX_Install Instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27045456>) to replace the JRE if your Synergy Platform is on HPUX. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-12-22T16:37:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Synergy (CVE-2015-0138, CVE-2014-6593,CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2020-12-22T16:37:26", "id": "6A04D5E4C99A2F50DCD4C5B4FAF20AD2C3B16AD9EA922F5FEE4DF718AE506672", "href": "https://www.ibm.com/support/pages/node/258745", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:51:10", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n \nThis vulnerability is also known as the FREAK attack. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \n** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1\n\n## Remediation/Fixes\n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view: \n \n**For SiteProtector 3.0:** \n \nSiteProtector Core Component: ServicePack3_0_0_7.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_0_0_6.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_37.xpu \n \n \n**For SiteProtector 3.1.0:** \n \nSiteProtector Core Component: ServicePack3_1_0_4.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_1_0_4.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_19.xpu \n \n \n**For SiteProtector 3.1.1:** \n \nSiteProtector Core Component: ServicePack3_1_1_2.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_1_1_2.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_7.xpu \nUpdate Server Component: UpdateServer_3_1_1_2.pkg \nEvent Archiver Component: EventArchiver_3_1_1\u00ad_2.pkg \nEvent Archiver Importer Component: EventArchiverImporter_3_1_1_2.zip \nManual Upgrader Component: MU_3_1_1_3.xpu\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:23:11", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2014-6593, CVE-2015-0138 , CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-16T21:23:11", "id": "A49F9EFECEFD840DBA180620BA6247AF2908F0E8D2F8C691E6322205046D5645", "href": "https://www.ibm.com/support/pages/node/258085", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server, which is needed for the RequisiteWeb component of Rational RequisitePro. These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n** \nCVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational RequisitePro versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n7.1.4.x (all versions)\n\n| \n\nAffected \n \n7.1.3.x (all versions)\n\n| \n\nAffected \n \n7.1.2.x (all versions)\n\n| \n\nAffected \n \n7.1.1.x (all versions)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nReview [Security Bulletin 1695362](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) from WebSphere Application Server for instructions on upgrading your corresponding WebSphere Application Server installation with the IBM Java SDK fix. \n \nFor 7.1.1.x and 7.1.2.x, review [Document 1390803](<http://www-01.ibm.com/support/docview.wss?uid=swg21390803>) for instructions on how to apply updates for WebSphere Application Server. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:01:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational RequisitePro", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-17T05:01:44", "id": "FCD129E64F8AFD3CC312891053A4285AC4560DE837C45AEC7B72F65706C01690", "href": "https://www.ibm.com/support/pages/node/261081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-08T10:57:46", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 and 7, that is used by IBM InfoSphere Optim Performance Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0383_](<https://vulners.com/cve/CVE-2015-0383>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C) \n\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 4.1. through 4.1.1 \n\nIBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 5.1 through 5.3.1\n\n## Remediation/Fixes\n\nYou must replace the IBM\u00ae Runtime Environment, Java\u2122 Technology Edition that is installed with IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows with the latest IBM\u00ae Runtime Environment, Java\u2122 Technology Edition. Detailed instructions are provided in the tech-note \"[_Updating the IBM Runtime Environment, Java\u2122 Technology Edition for InfoSphere Optim Performance Manager_](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)\". \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-07-08T21:30:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM InfoSphere Optim Performance Manager (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2021-07-08T21:30:52", "id": "1B7D434E2F1C8DB76634F8CA2E3ABB8CF42C847FA670A06F5CA0DCC0AE9301F5", "href": "https://www.ibm.com/support/pages/node/257177", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-02-21T05:46:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireless Platform . These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them. Interim fixes for HP Platforms will be available by 03/31/2015. \n** \nCVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n** \nCVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \nPlease consult the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Jan 2015 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) for vulnerability details. \n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as component \n---|--- \nTivoli Network Performance Manager 1.4| Bundled the Jazz for Service Management version 1.1.0.2, IBM WebSphere version 8.5.0.1 and the JRE from IBM SDK Java 2 Technology Edition Version 7. \nTivoli Network Performance Manager 1.3.2| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Performance Manager 1.3.1| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \n \n## Remediation/Fixes\n\nDownload and apply interim fix based on your WebSphere version in [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Jan 2015 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>)\n\n## ", "cvss3": {}, "published": "2018-06-17T14:56:41", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU shipped with IBM Tivoli Network Performance Manager Wireless Platform", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-17T14:56:41", "id": "2190DAA62F94768329E88E60874ECF86CAB45B388541D0E0F41C0302C925560A", "href": "https://www.ibm.com/support/pages/node/527123", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T05:56:59", "description": "## Abstract\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS\u2122 Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Content\n\n**Vulnerability Details** \n\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n**AFFECTED PRODUCTS and VERSIONS:** \nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nThe SOAP Gateway component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nConnect API for Java component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \n \n**REMEDIATION: ** \nThe recommended solution is to apply the fix as soon as is practical. Please see below for information on the fixes available. \n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n \n**AFFECTED PRODUCTS and VERSIONS:** \nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nThe SOAP Gateway component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nConnect API for Java component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \n \n \n**REMEDIATION: ** \nThe recommended solution is to apply the fix as soon as is practical. Please see below for information on the fixes available. \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n \n**AFFECTED PRODUCTS and VERSIONS:** \nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nThe SOAP Gateway component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nConnect API for Java component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \n \n \n**REMEDIATION: ** \nThe recommended solution is to apply the fix as soon as is practical. Please see below for information on the fixes available. \n \n \n \n \n**Fixes:** \n \n\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| **_Download URL_** \n---|---|---|--- \n \n_IMS Enterprise Suite Connect API for Java V3.1_\n\n| \n\n_3.1.0.7_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n_IMS Enterprise Suite Connect API for Java V2.2_\n\n| \n\n_2.2.0.7_\n\n| \n\n_N/A_\n\n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n_IMS Enterprise Suite Explorer for Development V3.1_\n\n| \n\n_3.1.1.4_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \n \n_IMS Enterprise Suite SOAP Gateway V3.1_\n\n| \n\n_3.1.0.3_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n_IMS Enterprise Suite SOAP Gateway V2.2_\n\n| \n\n_2.2.0.5_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n \n \n**Workarounds and Mitigations** \nNone known \n\n\n**Acknowledgement**\n\nCVE-2015-0138 was reported to IBM by Karthikeyan Bhargavan of the PROSECCO team at INRIA\n\n \n \n \n**Change History** \n_2 April 2015: Original_ \n \n**", "cvss3": {}, "published": "2022-09-25T21:21:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IMS\u2122 Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2022-09-25T21:21:12", "id": "EC972C692BE3023B72017E1A0E500647A4508BA18E2201793D3A30F3A4FFF8F1", "href": "https://www.ibm.com/support/pages/node/258963", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:06:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Global Name Management. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n\n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Global Name Management 5.0\n\n## Remediation/Fixes\n\nFrom the [_WebSphere Security Bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>): \n \nApply Interim Fix [_PI33406_](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 \n\n**\\--OR--**\n\nApply IBM Java SDK shipped with WebSphere Application Server Fix pack 11 (8.0.0.11) or later (targeted to be available 17 August 2015). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-04-20T17:04:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Global Name Management 5.0 (CVE-2014-6593, CVE-2015-0400, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-04-20T17:04:55", "id": "17B08F6F44F4DFD4020907C209D995B8B4BE03B83FAA709EEF0B6474E13631F8", "href": "https://www.ibm.com/support/pages/node/526735", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:46:37", "description": "## Summary\n\nThe \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability affects IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by IBM Tivoli Monitoring (ITM). \n \nGSKit is an IBM component that is used by IBM Tivoli Monitoring. The GSKit that is shipped with IBM Tivoli Monitoring contains a security vulnerability for the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. ITM has addressed the CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n \nThis vulnerability is also known as the FREAK attack. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**\n\n### \n\n** \nThe Java remediation below also includes fixes for the following CVEs: \n \nCVEID: [CVE-2014-6593 ](<https://vulners.com/cve/CVE-2014-6593>) \nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the \ncurrent score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \nCVEID: [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \nDESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the \ncurrent score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this vulnerability \n\n * Portal server when configured to use SSL over IIOP - ITM versions 6.2.0 through 6.3.0 FP4\n * Java (CANDLEHOME) - ITM Java-based agents using JSSE. - ITM versions 6.2.2 through 6.3.0 FP4\n * GSKit - portal server, monitoring servers, and agents - ITM versions 6..20 through 6.2.1 FP4\n\n## Remediation/Fixes\n\n**\n\n### _Java (CANDLEHOME) Remediation:_\n\n** \nThe IBM Tivoli Monitoring servers and base agents (those shipped as part of IBM Tivoli Monitoring Fix Packs) are not affected by this vulnerability. Only Java-based agents utilizing Java Secure Socket Extension (JSSE) which rely on the JRE in the IBM Tivoli Monitoring installation directory (for example, CANDLEHOME) can be affected. Agents affected will publish separate security bulletins and reference this bulletin for the remediation. \n \nFor systems where the affected agents are installed, the patch below (or later patch) should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows). \n \nYou should verify applying this fix does not cause any compatibility issues. \n\n**_Fix_**| **_VMRF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20150409| 6.2.2 through 6.3.0 FP4| None.| [**__http://www.ibm.com/support/docview.wss?uid=swg24039756__**](<http://www.ibm.com/support/docview.wss?uid=swg24039756>) \n6.3.0-TIV-ITM-FP0005| 6.3.0.x| None.| [**__http://www.ibm.com/support/docview.wss?uid=swg24039236__**](<http://www.ibm.com/support/docview.wss?uid=swg24039236>) \n \nThe technote [Upgrading Shared Components for IBM Tivoli Monitoring Agents](<http://www.ibm.com/support/docview.wss?uid=swg21673490>) provides information on how shared libraries are used. \n \n**\n\n### _Portal Server:_\n\n** \n**\n\n### __\n\n**Portal Server Communication with Portal Clients: \nPortal Server Communication with Portal Clients when configured to use SSL over IIOP protocol. SSL over IIOP is being used if both conditions below are true: \n\\- HTTPS is not being used \n\\- applet.html file does not have the tep.connection.protocol=http or https AND \n\\- tep.jnlp file does not have tep.connection.protocol=https \n\\- the KFW_INTERFACE_cnps_SSL is set to \"Y\" in the portal server environment file (Windows: kfwenv, UNIX/Linux: cq.config) \n \n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.3.0-TIV-ITM-FP0005-IV74486| 6.3.0 | [**__http://www.ibm.com/support/docview.wss?uid=swg24040448__**](<http://www.ibm.com/support/docview.wss?uid=swg24040448>) \n6.2.3-TIV-ITM-FP0005-IV74486| 6.2.3| [**__http://www.ibm.com/support/docview.wss?uid=swg24040448__**](<http://www.ibm.com/support/docview.wss?uid=swg24040448>) \n6.2.2-TIV-ITM-FP0009-IV74486| 6.2.2| [**__http://www.ibm.com/support/docview.wss?uid=swg24040448__**](<http://www.ibm.com/support/docview.wss?uid=swg24040448>) \n6.3.0-TIV-ITM-FP0006| 6.3.0.x| **__<http://www.ibm.com/support/docview.wss?uid=swg24040390>__** \nCheck link for status on availability. \n \nFor IBM Tivoli Monitoring 6.2.0 and 6.2.1, IBM recommends upgrading to a fixed, supported version/release of the product as listed above. \n \nYou should verify applying this fix does not cause any compatibility issues. \n \n \n**\n\n### _GSKit Remediation:_\n\n** \nThe GSKit with IBM Tivoli Monitoring 6.2.0 through 6.2.1 FP4 is affected. Customers running IBM Tivoli Monitoring version 6.2.0 through 6.2.1.FP4 should upgrade to 6.2.2 or higher for the IBM Tivoli Monitoring infrastrucutre (e.g. portal server, monitoring servers). Call support if unable to upgrade. Recommend to upgrade to 6.22 FP9, 6.23 FP5, or 6.30 FP4 (or higher). \n \nFor IBM Tiovli Monitoring 6.2.0 and 6.2.1 Agents, once the infrastructure is at 6.2.2 (or higher), then the shared components of the agents need to be upgraded to the same level. The technote [Upgrading Shared Components for IBM Tivoli Monitoring Agents](<http://www.ibm.com/support/docview.wss?uid=swg21673490>) contains the commands that can be used to upgrade the shared components (e.g. GSKit). \n\n## Workarounds and Mitigations\n\n**\n\n### __\n\n**Portal Server Communication with Portal Clients Workaround: \nA configuration change is required when the portal server is configured to use the SSL over IIOP protocol if the patch above is not installed.. SSL over IIOP is being used if both conditions below are true: \n\n * HTTPS is not being used \n * applet.html file does not have the tep.connection.protocol=http or https AND \n * tep.jnlp file does not have tep.connection.protocol=https\n * the KFW_INTERFACE_cnps_SSL is set to \"Y\" in the portal server environment file (Windows: kfwenv, UNIX/Linux: cq.config) \n \nEdit the portal server configuration file: \nWindows: <install_dir>/CNPS/KFWENV \nLinux/AIX: <install_dir>/config/cq.ini \nAdd/modify the following variable: \nITM version 6.30 through 6.30 FP4: \nKFW_ORBPARM=-Dvbroker.security.server.socket.enabledProtocols=TLS_Version_1_0_Only -Dvbroker.security.cipherList=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,TLS_DHE_RSA_ \nWITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA \n \nITM version 620 through 6.23 FP5: \nKFW_ORBPARM=-Dvbroker.security.cipherList=TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_DES_CBC_SHA,TLS_DHE_RSA_ \nWITH_DES_CBC_SHA,TLS_RSA_WITH_DES_CBC_SHA \nStop and restart portal server for the changes to take affect. \n\n * You should verify applying this configuration change does not cause any compatibility issues. \n\n## ", "cvss3": {}, "published": "2018-06-17T15:23:40", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Tivoli Monitoring (CVE-2015-0138)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-17T15:23:40", "id": "FDF9FD00EFCC980759F170CDD7E7B4194C96047EAB6D513B03471DE0D5A423DC", "href": "https://www.ibm.com/support/pages/node/260569", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:47:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 and 7 that are used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0383_](<https://vulners.com/cve/CVE-2015-0383>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C)\n\n \n\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.3.0 \nTivoli Netcool/OMNIbus 7.3.1 \nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nOMNIbus | 7.3.0.15| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24039199> \nOMNIbus| 7.3.1.12| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24036687> \nOMNIbus| 7.4.0.6| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24036690> \nOMNIbus | 8.1.0.2| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24038348> \n \n## ", "cvss3": {}, "published": "2018-06-17T14:57:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2018-06-17T14:57:53", "id": "B8BB28CB59403D76B2A95C8494CFB748BC173FFC4D90F4B4EC299DE20491DE0A", "href": "https://www.ibm.com/support/pages/node/257471", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-02-21T01:38:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6 and 7 that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability..\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nRational Developer for System z, versions 9.1.x, 9.0.x, 8.5.x| \n\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 FP3 and earlier\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 FP10 and earlier \n \n## Remediation/Fixes\n\nIBM has provided patches for all affected versions. \n \nFollow the installation instructions in the README files included with the patch. \n \nThe fix can be obtained at the following locations: \n\n\n * [Rational Developer for System z Interim Fix 3 for 8.5.x](<http://www-01.ibm.com/support/docview.wss?uid=swg24039791>)\n * [Rational Developer for System z Interim Fix 3 for 9.0.x](<http://www-01.ibm.com/support/docview.wss?uid=swg24039792>)\n * [Rational Developer for System z Interim Fix 3 for 9.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg24039793>)\n\n## ", "cvss3": {}, "published": "2020-10-27T15:51:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for System z (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2020-10-27T15:51:50", "id": "86342A16183C947600A2D12FE2134D8199BF66CC53E099BBBD76E9F235DE5D41", "href": "https://www.ibm.com/support/pages/node/261495", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:41:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by ClearQuest Eclipse client, ClearQuest Web and ClearQuest EmailRelay. These were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0383_](<https://vulners.com/cve/CVE-2015-0383>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n * * ClearQuest Eclipse clients on HP for ClearQuest v7.1 and v7.1.1 through v7.1.2.16.\n * ClearQuest Eclipse clients on Solaris for ClearQuest version v7.1, v7.1.1 through v7.1.2.17, v8.0 through 8.0.0.14, and v8.0.1 through v8.0.1.7\n * Rational ClearQuest Web greater than and inclusive of ClearQuest v7.1\n * ClearQuest EmailRelay, versions 8.0.0.3 and newer, and versions 8.0.1 and newer.\n \nNote: ClearQuest EmailRelay was introduced in ClearQuest 8.0.0.3. \n\n## Remediation/Fixes\n\n**Clients:** \n \nIf you use ClearQuest Eclipse clients on HP or Solaris: \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| \n\n[Install Rational ClearQuest Fix Pack 8 (8.0.1.8)](<http://www-01.ibm.com/support/docview.wss?uid=swg24039864>) \n \n8.0.0.x\n\n| \n\n[Install Rational ClearQuest Fix Pack 15 (8.0.0.15)](<http://www-01.ibm.com/support/docview.wss?uid=swg24039862>) \n \n7.1.2.x \n7.1.1.x \n7.1.0.x\n\n| \n\nCustomers with extended support contracts should install[ Rational ClearQuest Fix Pack 18 (7.1.2.18) ](<http://www-01.ibm.com/support/docview.wss?uid=swg24039860>) \n \n \n**Servers:** \n \nClearQuest Web and ClearQuest EmailRelay use the Java runtime that is included with WebSphere Application Server. Follow instructions for updating your version of WebSphere Application Server to a version that includes the fixes. \n \nFor ClearQuest 8.x \nThese releases use an installation of WAS separately installed and maintained from the ClearQuest installation. Determine the version of WAS that your deployment is using and follow the instructions at[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) to update your version of the JRE supplied by WAS. \n\nFor ClearQuest 7.1.x \n\n \nThese releases ship with, install and configure WAS version 6.1.0.25. Download the appropriate fix from from Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU but for installation instructions, follow technote[ 1390803:](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) [How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1](<http://www.ibm.com/support/docview.wss?uid=swg21390803>). \n\n## ", "cvss3": {}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-6593, CVE-2015-0383, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2018-09-29T18:04:03", "id": "9BD22420B0CB8414285EBA72455E71282DC5CBFC0C08675DB0F7D353EF5D11CB", "href": "https://www.ibm.com/support/pages/node/526573", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-02-21T01:40:54", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Versions 6 and 7 that are shipped in TPF Toolkit.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n## Affected Products and Versions\n\nTPF Toolkit 4.0.x and 4.2.x\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nTPF Toolkit| 4.2.x| JR52787| \n\n 1. Install the latest version of IBM Installation Manager.\n 2. Apply Interim Fix 4.2.3 by using IBM Installation Manager.\n 3. Update the Java installation on your z/OS or Linux on z Systems (or both) systems that the TPF Toolkit connects to. Download the latest version of Java from [_http://www.ibm.com/developerworks/java/jdk/_](<http://www.ibm.com/developerworks/java/jdk/>) \nTPF Toolkit| 4.0.x| JR52788| \n\n 1. Install the latest version of IBM Installation Manager.\n 2. Apply Interim Fix 4.0.6 by using IBM Installation Manager.\n 3. Update the Java installation on your z/OS or Linux on z Systems (or both) systems that the TPF Toolkit connects to. Download the latest version of Java from [_http://www.ibm.com/developerworks/java/jdk/_](<http://www.ibm.com/developerworks/java/jdk/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM Runtime Environments Java Technology Edition, Versions 6 and 7 in TPF Toolkit (CVE-2014-6593, CVE-2015-0410, and CVE-2015-0138)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-08-03T04:23:43", "id": "C1C602B37EDF70C48D650440743C29740F6A8F38FA9C0E6F1E9E01FCB3C6658C", "href": "https://www.ibm.com/support/pages/node/258541", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T05:57:45", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, TRIRIGA for Energy Optimization (previously known as Intelligent Building Management), and SmartCloud Control Desk. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThe following IBM Java versions are affected: \n \n\u00b7 IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 6 and earlier \n\u00b7 IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 and earlier \n\u00b7 IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 and earlier \n\u00b7 IBM SDK, Java Technology Edition, Version 7 Service Refresh 7 and earlier** \n\u00b7 IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 1 and earlier** \n\nIBM supplied the Java Runtime Environment (JRE) from the IBM SDK Java Technology Edition Versions with the following:\n\nThe 7.1.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java 2 Technology Edition Version 5.\n\nThe 7.2.x versions of Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java 2 Technology Edition Version 5.\n\nThe 7.5.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, and SmartCloud Control Desk bundled the JRE from IBM SDK Java Technology Edition Version 6.\n\nThe 7.6.x versions of Maximo Asset Management bundled the JRE from IBM SDK Java Technology Edition Version 7.\n\nTRIRIGA for Energy Optimization 1.1.x bundled the JRE from IBM SDK Java Technology Edition Version 6.\n\nIt is likely that earlier unsupported versions are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers running unsupported versions upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities.\n\n## Remediation/Fixes\n\nThere are two areas where the vulnerabilities in the Java SDK/JDK or JRE may require remediation: \n1\\. Application Server \u2013 Update the Websphere Application Server. Refer to [_JDK Fixes for Websphere Application Server_](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) for additional information on updating and maintaining the JDK component within Websphere. Customers with Oracle Weblogic Server, which is not an IBM product and is not shipped by IBM, will also want to update their server. \n2\\. Browser Client - Update the Java plug-in used by the browser on client systems, using the remediated JRE version referenced on [_developerWorks Java__TM__ Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>) or referenced on [_Oracle\u2019s latest Critical Patch Update_](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) (which can be accessed via [_developerWorks Java__TM__ Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>)). Updating the browser Java plug-in may impact some applets such as Maximo Asset Management Scheduler. Download from IBM FixCentral the latest [_Maximo Asset Management Scheduler Interim Fix_](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/Maximo+Asset+Management+Scheduler&release=All&platform=All&function=all&source=fc>) for Version 7.1 or the latest [_Maximo Asset Management Fix Pack_](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=All&platform=All&function=all&source=fc>) for Version 7.5, which includes the resolution for APAR IV11560. \n \nDue to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.\n\n## Workarounds and Mitigations\n\nUntil you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\n\n## ", "cvss3": {}, "published": "2022-09-22T03:02:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-09-22T03:02:31", "id": "BCF51D77CBD205786D05C4D39C68EB7B11A8D4D268F03AEF88EC8A6D66DD05DF", "href": "https://www.ibm.com/support/pages/node/256551", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:51:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR8 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1 \nIBM B2B Advanced Communications 1.0.0.2\n\n## Remediation/Fixes\n\nThe recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available. \n \n\n\n**_Fix_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \nInterim Fix 1.0.0.2_2| 1.0.0.2| IT07760| IBM Fix Central > [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>)[B2B_Advanced_Communications_V1.0.0.2_2_iFix_Media](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.2&platform=All&function=fixId&fixids=IBM_B2B-Advanced_Communications_V1.0.0.2_2_iFix_Media&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T19:43:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-16T19:43:33", "id": "B2AF94E4B4104CFC171D34D738F1AFC4758C45D61D537CBC43031028CB7E0EA4", "href": "https://www.ibm.com/support/pages/node/259077", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 that are used by IBM SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2015 and the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability disclosure.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2015-0138](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n \n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n## Affected Products and Versions\n\nIBM SPSS Collaboration and Deployment Services: 4.2.1, 5.0, 6.0, 7.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \n[**SPSS Collaboration and Deployment Services 4.2.1 Interim Fix installs JRE 6.0.16.3 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039657>) \n \n \n[**SPSS Collaboration and Deployment Services 5.0 Interim Fix installs JRE 6.0.16.3 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039676>) \n \n \n[**SPSS Collaboration and Deployment Services 6.0 Interim Fix installs JRE 6.0.16.3 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039677>) \n \n \n[**SPSS Collaboration and Deployment Services 7.0 Interim Fix installs JRE 7.0.8.10 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039660>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:14:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 affect IBM SPSS Collaboration and Deployment Services: (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-16T13:14:44", "id": "B54B951BA69A45A42C22316F65849B1B272FBE0A1CC0C81E82AED4F7B134F2FE", "href": "https://www.ibm.com/support/pages/node/258207", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:55:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Dynamic Process Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM WebSphere Dynamic Process Edition 6.1, 6.2, 7.0\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Dynamic Process Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:25", "id": "8B40FDB56EA15CA7B7ECA96D1F0C65FAF9869A403B3A24B57330B0554D1A9FE3", "href": "https://www.ibm.com/support/pages/node/248359", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:01:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * IBM WebSphere Business Services Fabric Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n * IBM WebSphere Business Services Fabric for z/OS Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-08-19T18:23:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Business Services Fabric (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-08-19T18:23:31", "id": "0A52855EBC106D332F7FF9458EEA842DA6D00FB27F4E8ECAF4647C6AF1B0DBD3", "href": "https://www.ibm.com/support/pages/node/248369", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7R1 Service Refresh 2 and earlier releases that is used by IBM MQLight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [](<https://vulners.com/cve/CVE-2014-6593>)[_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID: **[](<https://vulners.com/cve/CVE-2015-0138>)[](<https://vulners.com/cve/CVE-2015-0138>)[_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)_ \n_**DESCRIPTION: **A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n\n**CVEID: **[_CVE-2015-0410 \n_](<https://vulners.com/cve/CVE-2015-0410>)**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThe vulnerabilities affect users of IBM MQ Light V1.0 and V1.0.0.1 on all platforms.\n\n## Remediation/Fixes\n\nDownload and install the appropriate MQ Light Server for your platform as shown below: \n \n\n\n**Platform**| **License Type**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nWindows| Developer| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-developer-L150325-IT07780&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-developer-L150325-IT07780&includeSupersedes=0>) \nWindows| Production| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-production-L150325-IT07780&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-production-L150325-IT07780&includeSupersedes=0>) \nLinux| Developer| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-developer-L150325-IT07780&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-developer-L150325-IT07780&includeSupersedes=0>) \nLinux| Production| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-production-L150325-IT07780&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-production-L150325-IT07780&includeSupersedes=0>) \nMac| Developer| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Mac-x64-developer-L150325-IT07780&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Mac-x64-developer-L150325-IT07780&includeSupersedes=0>) \n \nThe following link describes how to re-use the data from your existing installation: \n[_http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _](<http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-15T07:02:40", "id": "7E327BBFF3C6248340BB4D02D0AED4CFA65A1C13329D0793D3B72E11E963D084", "href": "https://www.ibm.com/support/pages/node/257819", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-02T21:37:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID:** [_CVE-2015-0400_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n \n \n \n\n\n**CVEID:** [_CVE-2015-0410_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9\n\n## Remediation/Fixes\n\nFor IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v9 \n\n * Upgrade your installation to version 9.2.0.0.\n \nFor IBM License Metric Tool v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 \n\n * Apply fixes provided in the following technote: <http://www-01.ibm.com/support/docview.wss?uid=swg21695362>\n * Note, that v7.5 use WebSphere 7, and v7.2.2 use WebSphere 6.1\n\n## Workarounds and Mitigations\n\nThere are no workarounds/mitigations available.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg21695474>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.2;7.5;9.0;9.0.1;9.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"\",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {}, "published": "2022-08-19T18:23:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9 - CVE-2014-6593, CVE-2015-0400, C", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-08-19T18:23:31", "id": "0D6B664C1C93334BA26D9D6EC44803B39EFCE24CAC95129F591720474BAD51CA", "href": "https://www.ibm.com/support/pages/node/258821", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T06:08:41", "description": "## Summary\n\nPrevious releases of IBM QRadar Security Information and Event Manager, IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0453_](<https://vulners.com/cve/CVE-2014-0453>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n_CVSS Base Score:_ 4 \n_CVSS Temporal Score:_ See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92490_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92490>) for the current score \n_CVSS Environmental Score:_*: Undefined \n_CVSS Vector:_ (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n_CVSS Base Score:_ 4 \n_CVSS Temporal Score:_ See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \n_CVSS Environmental Score:_*: Undefined \n_CVSS Vector:_ (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n_CVSS Base Score:_ 4 \n_CVSS Temporal Score:_ See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \n_CVSS Environmental Score:_*: Undefined \n_CVSS Vector:_ (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * IBM QRadar SIEM 7.2.3 Patch 4 and below.\n * IBM QRadar SIEM 7.1 MR2 Patch 8 and below.\n * IBM QRadar Vulnerability Manager 7.2.3 Patch 4 and below.\n * IBM QRadar Risk Manager 7.2.3 Patch 4 and below.\n * IBM QRadar Risk Manager 7.1 MR2 Patch 8 and below.\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available. \n\n_Product_| _Remediation/First Fix_ \n---|--- \n \n * IBM QRadar SIEM 7.2.3\n * IBM QRadar Vulnerability Manager 7.2.3\n * IBM QRadar Risk Manager 7.2.3\n| [IBM QRadar SIEM 7.2.4 Patch 1](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.4-QRADAR-QRSIEM-988458&includeSupersedes=0>) \n \n * IBM QRadar SIEM 7.1 MR2\n * IBM QRadar Risk Manager 7.1 MR2\n| [IBM QRadar SIEM 7.1 MR2 Patch 9](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-989724&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone \n\n \n**\n\n## ", "cvss3": {}, "published": "2022-02-23T17:02:11", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0453", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-02-23T17:02:11", "id": "BE9D2D904E7CA83543DFC946C3B3E45C2D3BCF72E299A05839DBB505E1C6FE03", "href": "https://www.ibm.com/support/pages/node/520241", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:51:58", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7 that are used by IBM InfoSphere Information Server and IBM InfoSphere Data Click.These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n\\-- IBM InfoSphere Information Server versions 8.0, 8.1, 8.5, 8.7, 9.1, 11.3 and 11.3.1 running on all platforms \n\\-- IBM InfoSphere Data Click version 10.0 running on Linux\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server| 11.3.1| JR50959| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR50959_services_engine_*>) \nInfoSphere Information Server| 11.3| JR50959| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR50959_services_engine_*>) \nInfoSphere Data Click| 10.0| JR50959| Contact IBM customer support to obtain the fix. \nInfoSphere Information Server| 9.1| JR50959| \\--Apply [_JR50959_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR50959_services_engine*>) \nInfoSphere Information Server| 8.7| JR50959| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply [_JR50959_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_JR50959_services_engine*>) \nInfoSphere Information Server| 8.5| JR50959| \\--Apply IBM InfoSphere Information Server version [_8.5 Fix Pack 3_](<http://www-01.ibm.com/support/docview.wss?uid=swg24033513>) \n\\--Apply [_JR50959_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8503_JR50959_services_engine*>) \nInfoSphere Information Server| 8.1| None| Contact IBM customer support. \nInfoSphere Information Server| 8.0| None| Contact IBM customer support. \n \nNote: \nThe same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T14:07:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server and IBM InfoSphere Data Click (CVE-2014-04263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-04263", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-16T14:07:13", "id": "62ED307AE50D2DD8FD98BC7FC6E5B6568331CD82C5DFB8F2433DF487FDCF11DE", "href": "https://www.ibm.com/support/pages/node/247961", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nWebSphere Lombardi Edition 7.1, 7.2\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Lombardi Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:25", "id": "852EE307BCED8B2EC1AED4AD1C6489591CF734B8BB57A11023D914585AA3C82A", "href": "https://www.ibm.com/support/pages/node/248361", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:58:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 5.0 SR16-FP6 and earlier, 6 SR16 and earlier and 7 SR7 and earlier that are used by IBM WebSphere MQ. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-4263](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [CVE-2014-4244](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>) \n**DESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM JRE 5 (maintenance levels older than SR16 FP6) provided by WebSphere MQ 7.0.1.12 and earlier on all platforms (except IBM i and z/OS) \n\nIBM JRE 6 (maintenance levels older than SR16) provided by WebSphere MQ 7.1.0.5 and earlier and WebSphere MQ 7.5.0.4 and earlier on all platforms (except IBM i and z/OS)\n\nIBM JRE 7 (maintenance levels older than SR7) provided by WebSphere MQ 8.0.0.0 on all platforms (except IBM i and z/OS)\n\nIBM JRE 7 (maintenance levels older than SR7) provided by WebSphere MQ 8.0.0.1 on HP-UX\n\n## Remediation/Fixes\n\nWebSphere MQ 7.0.1: Apply fix pack [7.0.1.13](<http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27014224>) when available. In the interim apply [APAR IT06182](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.0.*&platform=All&function=aparId&apars=IT06182>) \nWebSphere MQ 7.1: Apply [fix pack 7.1.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg27024302>). \nWebSphere MQ 7.5: Apply[ fix pack 7.5.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg27038184>) when available. In the interim apply [APAR IV67334](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.1.*&platform=All&function=aparId&apars=IV67334>) \nWebSphere MQ 8.0: Apply[ fix pack 8.0.0.1](<http://www-01.ibm.com/support/docview.wss?uid=swg27043086>) (except HP-UX). For HP-UX apply [fix pack 8.0.0.2](<http://www-01.ibm.com/support/docview.wss?uid=swg27043086>) when available, in the interim contact IBM Support\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere MQ (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:02:23", "id": "2F5D0AB0CE69E23F1B88B2B2A3C1755C57D9B3E19BDCC9022A78DA62F9078F00", "href": "https://www.ibm.com/support/pages/node/523515", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:41:41", "description": "## Summary\n\nAn attacker can monitor a long-lived encrypted CCRC session and potentially decrypt the entire session.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID: **[**CVE-2014-0411**](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411>) \n \n**Description: **Timing differences based on the validity of messages can be exploited to decrypt an entire SSL session. The exploit is not trivial, requiring a man-in-the-middle position and a long time (around 20 hours). ClearCase Remote Client is vulnerable to this attack if a single operation runs for such a long time. \n \n**CVSS Base Score**: 4** \nCVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector: **(AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nOnly the ClearCase Remote Client/ClearTeam Explorer component of ClearCase is affected. \n \n\n\n**ClearCase Remote Client/ClearTeam Explorer version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.3\n\n| \n\nAffected \n \n8.0 through 8.0.0.10\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.13\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n7.0.x\n\n| \n\nNot affected \n \n## Remediation/Fixes\n\nThe solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 4 (8.0.1.4) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24037660>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 11 (8.0.0.11) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24037659>) \n \n7.1.2.x (except HP-UX)\n\n| Install [Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24037658>) \n \n7.1.1.x (except HP-UX) \n7.1.0.x (except HP-UX)\n\n| Install [Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24037658>)\n\n * **Note:** 7.1.2.14 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs. \n7.1.2.x, 7.1.1.x, 7.1.0.x (HP-UX)| Customers with extended support contracts should install [Rational ClearCase Fix Pack 16 (7.1.2.16)](<http://www.ibm.com/support/docview.wss?uid=swg24038914>) \n \n**Notes: **\n\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), you should update the Java\u2122 Virtual Machine used by Eclipse to include a fix for CVE-2014-0411. Contact the supplier of your Eclipse or Java\u2122 Virtual Machine for instructions on updating Eclipse.\n * ClearCase 7.1.x for HP-UX uses the HP\u00ae JRE for J2SE\u2122 HP-UX\u00ae 11i platform, adapted by IBM for IBM Software, Version 5.0. The fixes for this issue came in a later Java update for this platform, and are now available in a later ClearCase fix pack.\n * Additional vulnerabilities in Java as used by Rational ClearCase have been published. Please review [**Security Bulletin: Java security vulnerabilities in ClearCase Remote Client (CVE-2014-4263, CVE-2014-4244)** ](<http://www.ibm.com/support/docview.wss?uid=swg21688432>)to determine whether these vulnerabilities apply to your deployment.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: SSL timing vulnerabilities in ClearCase Remote Client (CVE-2014-0411)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0411", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-07-10T08:34:12", "id": "E57295B2DF96E63714F13E4379EC8E7A499283CEEA7CE0853AF9B05661E32ED1", "href": "https://www.ibm.com/support/pages/node/243721", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:58:11", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere MQIPT, a patch for these are available in IBM SDK, Java\u2122 Technology Edition, Version 7 Service Refresh 7 Fix Pack 1\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>) \n**DESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM SDK, Java\u2122 Technology Edition, Version 7 (maintenance levels older than service refresh 7 fix pack 1) provided by WebSphere MQIPT 2.1 on all platforms.\n\n## Remediation/Fixes\n\nUpdate the JRE component following the instructions contained in this link:[http://www.ibm.com/support/docview.wss?uid=swg21678663](<http://www-01.ibm.com/support/docview.wss?uid=swg21678663>) \n \nUpdated JREs for MQIPT can be downloaded from the[ MS81: WebSphere MQ Internet Pass-Thru](<http://www.ibm.com/support/docview.wss?uid=swg24006386>) SupportPac page, via the Download package link, in the Security Update JRE for MS81 section.\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:20", "type": "ibm", "title": "Security Bulletin: IBM WebSphere MQ Internet Pass-Thru is affected by multiple vulnerabilities in IBM SDK, Java\u2122 Technology Edition, Version 7 (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:02:20", "id": "197EF92FCE113509445473DC2A0A3868F1E4E3F85729FE180CEE7BE93038759E", "href": "https://www.ibm.com/support/pages/node/522465", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Process Server and IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * WebSphere Process Server 6.1.x, 6.2.x, and 7.0.x\n * IBM Business Process Manager Standard 7.5.x, 8.0.x, and 8.5.x\n * IBM Business Process Manager Express 7.5.x, 8.0.x, and 8.5.x\n * IBM Business Process Manager Advanced 7.5.x, 8.0.x, and 8.5.x\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Process Server and IBM Business Process Manager (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:25", "id": "7AFD831E411484DC59D0DA340F759DCA912A2DA0ED4530B43686C65AAE16898B", "href": "https://www.ibm.com/support/pages/node/248327", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:48:59", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6.0.16.2 that is used by Rational License Key Server Administration and Reporting Tool. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)\n\n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**DESCRIPTION**: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nThis vulnerability impacts the following RLKS components and its releases: \n\n\n * RLKS Administration and Reporting Tool version 8.1.4 \n * RLKS Administration and Reporting Tool version 8.1.4.2 \n * RLKS Administration and Reporting Tool version 8.1.4.3 \n * RLKS Administration and Reporting Tool version 8.1.4.4 \n * RLKS Administration and Reporting Tool version 8.1.4.5\n * RLKS Administration and Reporting Tool version 8.1.4.6\n * RLKS Administration and Reporting Tool version 8.1.4.7\n * RLKS Administration Agent version 8.1.4 \n * RLKS Administration Agent version 8.1.4.2 \n * RLKS Administration Agent version 8.1.4.3 \n * RLKS Administration Agent version 8.1.4.4 \n * RLKS Administration Agent version 8.1.4.5\n * RLKS Administration Agent version 8.1.4.6\n\n## Remediation/Fixes\n\nReplace the JRE used in IBM RLKS Administration and Reporting Tool and IBM RLKS Administration Agent. \n\n**_Steps to replace the JRE in IBM RLKS Administration and Reporting Tool (All Versions)_**\n\n \n \n1\\. Go to [_Fix Central_](<http://www.ibm.com/support/fixcentral>) \n \n2\\. On the **Find product** tab, enter _Rational Common Licensing_ in the **Product Selector** field and hit enter. \n \n3\\. Select the **Installed Version** and hit continue button. \n \n4\\. Select the platform of the machine where RLKS Administration and Reporting Tool is installed and hit continue button. \n \n5\\. On the **Identify fixes** page, select **Browse for fixes** and select **Show fixes that apply to this version** and hit continue button. \n \n6\\. Download the Java runtime iFix for RLKS Administration and Reporting Tool. \n** \nNote:** Although the name of the iFix is **RLKS_Administration_And_Reporting_Tool_8146_Admin_iFix_1_<Platform>_<Architecture>**, the same ifix is applicable to all previous RLKS Administration and Reporting Tool versions. \n \n7\\. Shutdown RLKS Administration and Reporting Tool. \n \n8\\. Go to the installation location of RLKS Administration and Reporting Tool. \n \n9\\. Rename <install location>/server/jre folder to **<install location>/server/jre_back**. \nThis step backs up the existing JRE. \n \n10\\. Extract the downloaded JRE into <install location>/server/ folder \n \nExample: <install location>/server/jre \n \n11\\. Startup RLKS Administration and Reporting Tool. \n \n12\\. Login to the tool using rcladmin user and verify that you see the configured license servers under 'Server' tab. \n\n**_How to fix this vulnerability in IBM RLKS Administration Agent (All Versions)?_**\n\nUpgrade to the IBM RLKS Administration Agent version 8.1.4.7.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T05:01:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational License Key Server Administration and Reporting Tool (CVE-2015-0138, CVE-2014-3566, CVE-2014-6593, )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0138"], "modified": "2018-06-17T05:01:08", "id": "213AF3FD1E9EA001D7FD1F71FBA0E5A5E6FA9D1C1CACB638CC005673F5140EC1", "href": "https://www.ibm.com/support/pages/node/258733", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:54:02", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM Runtime Environment, Java\u2122 Technology Edition versions v7.0.7, v7.0.6.1,v6.0 and v7.1.1 that are used by IBM DB2 Recovery Expert for Linux, UNIX and Windows. \nThis also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n \n\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n \n \n \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n \n \n \n\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \n \n\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n \n \n \n\n\n**CVE-ID: **[_CVE-2014-6468_](<https://vulners.com/cve/CVE-2014-6468>)\n\n \n \n \n\n\n**DESCRIPTION: **An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.\n\n \n \n \n\n\nCVSS Base Score: 6.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97138_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97138>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nIBM DB2 Recovery Expert for Linux, UNIX, and Windows version 3.1.0.0 through 4.1.0.1\n\n## Remediation/Fixes\n\nYou must replace the IBM Runtime Environment, Java\u2122 Technology Edition that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM Runtime Environment, Java\u2122 Technology Edition. Detailed instructions are provided in the tech-note \"[Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows](<http://www-01.ibm.com/support/docview.wss?uid=swg21644942>)\". \n\n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T13:08:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM DB2 Recovery Expert for Linux, UNIX and Windows (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2018-06-16T13:08:06", "id": "37ADCA7312A00E2CDEC85D67EEF8ED4D9A33311E79729095A5E2B15EB7C1C658", "href": "https://www.ibm.com/support/pages/node/519371", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T05:58:08", "description": "## Summary\n\nMultiple security vulnerabilities exist in IBM SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server Community 3.0.0.4.\n\n## Vulnerability Details\n\n**CVE-ID:** [CVE-2014-3065](<https://vulners.com/cve/CVE-2014-3065>)\n\n**DESCRIPTION:** IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.\n\n \n**CVSS Base Score:** 6 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:C/I:C/A:C) \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 3.0.0.4\n\n## Workarounds and Mitigations\n\nUpgrade your IBM SDK for Java to an interim fix level as determined below: \nIBM SDK 6.0: \nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 and subsequent releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 2 and subsequent releases \n \nIBM SDK 7.0: \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 8 and subsequent releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 and subsequent releases \n \nUpgrade your Oracle SDK as determined below: \nOracle SDK 1.6: \nPlease upgrade your SDK to Oracle SDK 1.6.0_85. \nOracle SDK 1.7: \nPlease upgrade your SDK to Oracle SDK 1.7.0_71.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:27", "type": "ibm", "title": "Security Bulletin: Java Technology Edition Quarterly CPU - October 2014 for WebSphere Application Server Community Edition 3.0.0.4(CVE-2014-3065,CVE-2014-3566,CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:02:27", "id": "B6570A934915236B8C7C6F51F6B4C9F33253CCA0D5DE189879D130E0604BA359", "href": "https://www.ibm.com/support/pages/node/524735", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-04T10:19:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6 that is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational Requirements Composer (RRC), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). \n \nThis also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014. \n\n## Vulnerability Details\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6 that is used by IBM Jazz Team Server applications. These issues were disclosed as part of the IBM Java SDK updates in October 2014. \n \nIBM Jazz Team Server may be deployed on either IBM WebSphere Application Server (WAS) or Apache Tomcat. The remediation instructions are dependent on whether your deployment uses WAS or Tomcat. \n \nIBM Jazz Team Server and the CLM applications (RRC, RTC, RQM, RDNG), RELM, Rhapsody DM, and RSA DM applications are affected by the following vulnerabilities disclosed in and corrected by the IBM Java SDK updates in October 2014: \n\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-6468_](<https://vulners.com/cve/CVE-2014-6468>)\n\n**Description:** An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact. \n\n**CVSS Base Score: 6.9 \n****CVSS Temporal ****Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nRational Quality Manager 2.0 - 2.0.1 \nRational Quality Manager 3.0 - 3.0.1.6 iFix3 \nRational Quality Manager 4.0 - 4.0.7 \nRational Quality Manager 5.0 - 5.0.2 \n \nRational Team Concert 2.0 - 2.0.0.2 \nRational Team Concert 3.0 - 3.0.6 iFix3 \nRational Team Concert 4.0 - 4.0.7 \nRational Team Concert 5.0 - 5.0.2 \n \nRational Requirements Composer 2.0 - 2.0.0.4 \nRational Requirements Composer 3.0 - 3.0.1.6 iFix 3 \nRational Requirements Composer 4.0 - 4.0.7 \n \nRational DOORS Next Generation 4.0 - 4.0.7 \nRational DOORS Next Generation 5.0 - 5.0.2 \n \nRational Engineering Lifecycle Manager 1.0- 1.0.0.1 \nRational Engineering Lifecycle Manager 4.0.3 - 4.0.7 \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \n \nRational Rhapsody Design Manager 3.0 - 3.0.1 \nRational Rhapsody Design Manager 4.0 - 4.0.7 \nRational Rhapsody Design Manager 5.0 - 5.0.2 \n \nRational Software Architect Design Manager 3.0 - 3.0.1 \nRational Software Architect Design Manager 4.0 - 4.0.7 \nRational Software Architect Design Manager 5.0 - 5.0.2\n\n## Remediation/Fixes\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n \nIf your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of the your Rational product, and only upgrade the JRE in the WAS server according to these instructions: \n[_IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU._](<https://www.ibm.com/support/docview.wss?uid=swg21687740>) \n \n**Otherwise:** \nUpgrade your products to version **4.0.7** or **5.0.2** or later, and then perform the following upgrades: \n \n[_How to update the IBM SDK for Java of IBM Rational products based on version 4.0.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n**OR:** \n_Note: for any of the below remediations, if you are a WAS deployment, then WAS must also be upgraded, in addition to performing your product upgrades._\n\n * For these 3.x releases upgrade to version 3.0.1.6 iFix 5\n * [_Rational Quality Manager 3.0.1.6 iFix5_](<http://www.ibm.com/support/docview.wss?uid=swg24039361>)\n * [_Rational Team Concert 3.0.1.6 iFix5_](<http://www.ibm.com/support/docview.wss?uid=swg24039360>)\n * [_Rational Requirements Composer 3.0.1.6 iFix5_](<http://www.ibm.com/support/docview.wss?uid=swg24039353>)\n * * * For the 3.x releases of Rational Software Architect Design Manager and Rhapsody Design Manager, if you cannot upgrade to 4.0.7 or 5.0, contact IBM support for guidance.\n * For the 2.x releases, contact IBM support for additional details on the fix. \n\n * For the 1.x releases of Rational Engineering Lifecycle Manager, contact IBM support for additional details on the fix.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2021-04-28T18:35:50", "id": "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "href": "https://www.ibm.com/support/pages/node/522647", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T05:48:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 5 and 7 that is used by Content Manager Enterprise Edition. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVE-ID: **[_CVE-2014-6468_](<https://vulners.com/cve/CVE-2014-6468>)\n\n**DESCRIPTION: **An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.\n\nCVSS Base Score: 6.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97138_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97138>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nContent Manager Enterprise Edition v8.4.3 - 8.5.x\n\n## Remediation/Fixes\n\n_<Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Content Manager Enterprise Edition_| _8.4.3.x_| _none_| __Call Level 2 support to request the following fix numbers: __ \n**006_84304tf****c**__ for Windows Platform__ \n**006_84304tf****b**__ for all other platforms (Non-Windows)__ \n_Content Manager Enterprise Edition_| _8.5..x.x_| _none_| __Call Level 2 support to request fix. the following fix numbers: __ \n**002_850002atf**__ for all platforms__ \n \n## Workarounds and Mitigations\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T12:09:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2018-06-17T12:09:38", "id": "53FF19D3C50F65D65C12C687E475BA589D39093B084C8AC4A00AAB1B499E7E8D", "href": "https://www.ibm.com/support/pages/node/521485", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T21:42:46", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 that is used by ITNCM. \n \nThis also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014. (CVE-2014-6512) (CVE-2014-6457) (CVE-2014-3566)\n\n## Vulnerability Details\n\n**CVEID: **[**_CVE-2014-6512_**](<https://vulners.com/cve/CVE-2014-6512>) \n \n\n\n**DESCRIPTION: **An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97147>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n \n\n\n**CVEID: **[**_CVE-2014-6457_**](<https://vulners.com/cve/CVE-2014-6457>)\n\n \n \n\n\n**DESCRIPTION: **An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \n\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n \n\n\n**CVE-ID: **[**_CVE-2014-3566_**](<https://vulners.com/cve/CVE-2014-3566>)\n\n \n \n\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n \n \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\n\u00b7 Affected releases/versions/platforms: 6.2.x, 6.3.x, 6.4.x \n\u00b7 Releases/systems/configurations NOT affected: None\n\n## Remediation/Fixes\n\nProduct version\n\n| Fix Date | Notes \n---|---|--- \n6.4.1.x | 30 Nov 2014 | [_6.4.1-TIV-ITNCM-LINUX-FP001_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&fixids=6.4.1-TIV-ITNCM-LINUX-FP001&source=dbluesearch>) available from fix central. \n6.4.0.x | 30 Nov 2014 | 6.4.0.3 is remediated by 6.4.1.1. ITNCM is merging the streams so it is advised that customers upgrade to 6.4.1.1 [_6.4.1-TIV-ITNCM-LINUX-FP001_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm/Tivoli/Tivoli+Netcool+Configuration+Manager&fixids=6.4.1-TIV-ITNCM-LINUX-FP001&source=dbluesearch>) available from fix central. \n6.3.x | 29 Jan 2015 | [_6.3.0.6-TIV-ITNCM-IF001_](<http://www-933.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=6.3.0.6-TIV-ITNCM-IF001&continue=1>) Available from fix central. \n6.2.x | None | Please contact support. \n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-12-20T16:10:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Tivoli Netcool Configuration Manager (ITNCM)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6512"], "modified": "2019-12-20T16:10:23", "id": "002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "href": "https://www.ibm.com/support/pages/node/714275", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:38:27", "description": "## Summary\n\nIBM SDK, which is based on an Oracle Java Development Kit (JDK), is shipped with Rational Software Architect, Rational Software Architect for Websphere Software and Rational Software Architect for RealTime Edition. Oracle has released the October 2014 critical patch updates (CPU) that contains security vulnerability fixes for the JDK. The IBM SDK has been updated to incorporate these fixes and security fixes that are specific to the IBM SDK.(CVE-2014-6457,CVE-2014-3065 and CVE-2014-3566).\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n \n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>) \n \n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVE-ID: **[CVE-2014-3065](<https://vulners.com/cve/CVE-2014-3065>) \n \n**Description:**** **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users. \n \n**CVSS Base Score:** 6 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93629>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:C/I:C/A:C) \n \n \n**CVE-ID: **[CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description:**** **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n## Affected Products and Versions\n\nRational Software Architect 9.1.1 and earlier \n\nRational Software Architect for WebSphere Software 9.1.1 and earlier\n\nRational Software Architect RealTime Edition 9.1.1 and earlier\n\n## Remediation/Fixes\n\nUpdate the Java Development Kit of the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **Remediation/Download FixCentral Link** \n---|---|--- \nRational Software Architect \n \nRational Software Architect for Websphere Software \n \nRational Software Architect Standard Edition| 7.5.x to 7.5.5.5 iFix1 \n8.0.x to 8.0.4.2 iFix1| \n\n[IBM Java Platform Standard Edition Version 6 SR16 FP2 Ifix](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect&release=8.0.0&platform=All&function=fixId&fixids=Rational-RSA-Java6SR16FP2-ifix&includeSupersedes=0&source=fc>) \n \nRational Software Architect \n \nRational Software Architect for Websphere Software \n \nRational Software Architect RealTime Edition| 9.0, 9.0.0.1,9.1,9.1.1 \n \n8.5 to 8.5.5.2| \n\n[IBM Java Platform Standard Edition Version 7 SR8 iFixes](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Software+Architect&release=8.5.0&platform=All&function=fixId&fixids=Rational-RSA-Java7SR8-ifix&includeSupersedes=0&source=fc>) \n \n \n \n**Installation Instructions:** \n \nFor instructions on installing this update using Installation Manager, review the topic [Updating Installed Product Packages](<http://www.ibm.com/support/knowledgecenter/SS8PJ7_9.1.0/com.ibm.xtools.installation.rsaws.doc/topics/t_update.html>) in the IBM Knowledge Center. \n \n**Instructions to download and install the update from the compressed files:** \n\n\n 1. Download the update files from Fix Central by following the link listed in the download table above \n \n\n 2. Extract the compressed files in an appropriate directory. \n \nFor example, choose to extract to `C:\\temp\\update \n \n`\n 3. Add the update repository location in IBM Installation Manager: \n \n\n 4. Start IBM Installation Manager. \n \n\n 5. On the Start page of Installation Manager, click **File > Preferences**, and then click **Repositories**. The Repositories page opens. \n \n\n 6. On the Repositories page, click **Add Repository**. \n \n\n 7. In the Add repository window, browse to or enter the file path to the repository.config file, which is located in the directory where you extracted the compressed files and then click OK. \n \nFor example, enter `C:\\temp\\updates\\repository.config`. \n \n\n 8. Click **OK** to close the Preference page. \n \n\n 9. Install the update as described in the the topic **Updating Installed Product Packages** in the [IBM Knowledge Center](<http://www.ibm.com/support/knowledgecenter/>) for your product and version.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-09-10T17:03:14", "type": "ibm", "title": "Security Bulletin: Java Technology Edition Quarterly CPU - October 2014 for Rational Software Architect for WebSphere Software (CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-6457"], "modified": "2020-09-10T17:03:14", "id": "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "href": "https://www.ibm.com/support/pages/node/520893", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:39:36", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, and 7 that are used by Rational Application Developer. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE-ID: **[CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*: **Undefined \n**CVSS Vector**: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n**CVE-ID: **[CVE-2014-3065](<https://vulners.com/cve/CVE-2014-3065>)\n\n**Description: **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.\n\n**CVSS Base Score:** 6 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:C/I:C/A:C)\n\n \n\n\n**CVEID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nRational Application Developer 9.1.0.1 and earlier.\n\n## Remediation/Fixes\n\nUpdate the Java Development Kit of the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRational Application Developer| 7.5 through 9.1.0.1| PI30010| \n\n * For all versions, apply [IBM SDK Java Technology Edition Critical Patch Update - October 2014](<http://www.ibm.com/support/docview.wss?uid=swg24038970>)\n * For the WebSphere Application Server 7.0 Test Environment, apply [WebSphere Application Server 7.0 Test Environment Extension Fix Pack 35 (7.0.0.35)](<http://www.ibm.com/support/docview.wss?uid=swg24038839>)\n * For WebSphere Application Server version 8.0 and 8.5 used by the product, see [Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21687173>) \nRational Agent Controller| 7.0 through to 9.1| PI30010| \n\n * Apply [Rational Agent Controller Fix Pack 1 (9.1.1.1) for 9.1.1](<http://www.ibm.com/support/docview.wss?uid=swg24038895>) \nRational Build Utility| 7.5 through to 9.1.0.1| PI30010| \n\n * For use on Windows or Linux: apply [IBM SDK Java Technology Edition Critical Patch Update - October 2014](<http://www.ibm.com/support/docview.wss?uid=swg24038970>)\n * For use on System z:\n * Version 7.5 and 8.0: Apply the latest [Java Technology Edition, V6.0.0 PTF](<http://www-03.ibm.com/systems/z/os/zos/tools/java/>).\n * Version 8.5, 9.0 and 9.1: Apply the latest [Java Technology Edition, V7.0.0](<http://www-03.ibm.com/systems/z/os/zos/tools/java/>). \n \n| \n| \n| \n \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-02-05T00:09:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Application Developer for WebSphere (CVE-2014-3566, CVE-2014-3065, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-6457"], "modified": "2020-02-05T00:09:48", "id": "1C05640F6B68807584FE5FF3AD71AF9BC0A7EC65DAADF78BD051A35F87A3F6E0", "href": "https://www.ibm.com/support/pages/node/520925", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:52:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 Service Refresh 16 Fix Pack 1 and Version 7R1 Service Refresh 1 Fix Pack 1 that is used by InfoSphere Streams. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n\n \n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n**CVE-ID: **[_CVE-2014-3065_](<https://vulners.com/cve/CVE-2014-3065>)\n\n**DESCRIPTION: **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.\n\nCVSS Base Score: 6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93629_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93629>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\n * * 1.2.1.0 \n * 2.0.0.4 and earlier \n * 3.0.0.4 and earlier \n * 3.1.0.4 and earlier \n * 3.2.1.2 and earlier\n\n## Remediation/Fixes\n\nApply the appropriate upgrade for InfoSphere Streams as indicated below. Fix packs are available on IBM Fix Central. \n\n * **Version 3.2.1:** Apply [_3.2.1 fix pack 3 (3.2.1.3) or higher_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=3.2.1.2&platform=All&function=all&source=fc>). If JAVA_HOME is defined see the note at the end of this section. \n * **Version 3.1**: Apply [_3.1 fix pack 5 (3.1.0.5) or higher_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=3.1.0.4&platform=All&function=all&source=fc>). If JAVA_HOME is defined see the note at the end of this section. \n * **Version 3.0:** Apply [_3.0 fix pack 5 (3.0.0.5) or higher_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=3.0.0.4&platform=All&function=all&source=fc>). If JAVA_HOME is defined see the note at the end of this section. \n * **Versions 1.0 and 2.0:** Upgrade to the latest version of InfoSphere Streams for which these fixes have been released. \n * For assistance performing an upgrade contact IBM Technical Support. \n * Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin. \n\n**IMPORTANT NOTE:** If JAVA_HOME is set ensure it points to the install location of the upgraded IBM Developer Kit, Java. Applications compiled with JAVA_HOME set to a different location will need to be recompiled after JAVA_HOME has been changed. For more information on compiling with JAVA_HOME set see the _Notes_ section on the page at this URL: [_http://www-01.ibm.com/support/knowledgecenter/SSCRJU_3.2.1/com.ibm.swg.im.infosphere.streams.install-admin.doc/doc/ibminfospherestreams-install-prerequisites-java-supported-sdks.html?lang=en_](<http://www-01.ibm.com/support/knowledgecenter/SSCRJU_3.2.1/com.ibm.swg.im.infosphere.streams.install-admin.doc/doc/ibminfospherestreams-install-prerequisites-java-supported-sdks.html?lang=en>)\n\n \n_For version 1.x and 2.x IBM recommends upgrading to a fixed, supported version/release/platform of the product._ \n\n\n## Workarounds and Mitigations\n\nFor customers not applying the fixpacks above, mitigation for the following vulnerabilities on the listed versions can be obtained by following the instructions below: \n\n\n * **CVE-2014-3566: SSL v3 POODLE attack (Streams 3.2.1.x): \n**Mitigation for this vulnerability in the SWS server for Streams version 3.2.1 can be obtained by enabling the exclusive use of TLS1.2 and above by setting SWS.sslProtocol=TLSv1.2 as described in the documentation here: \n<http://www-01.ibm.com/support/knowledgecenter/SSCRJU_3.2.1/com.ibm.swg.im.infosphere.streams.admin.doc/doc/ibminfospherestreams-sws-protocol.html>\n * * **CVE-2014-3065: Java shared cl****asses (Streams v 2.0.x and above) \n**Mitigation for this vulnerability in Streamtool for Streams version 2.0 and above can be obtained by creating a secured directory and specifying it as the Java cache location in the streamtool.java.properties file. Refer to the documentation found at: <http://www-01.ibm.com/support/knowledgecenter/SSCRJU_3.2.1/com.ibm.swg.im.infosphere.streams.install-admin.doc/doc/ibminfospherestreams-planning-performance-java-cache-commands.html?lang=en>\n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-16T13:09:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect InfoSphere Streams (CVE-2014-6457, CVE-2014-3566, CVE-2014-3065)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-16T13:09:56", "id": "0CFEAADD69315D0F0E932E43BF8DC7DE4FBDB4E2972B845306BC37C67DDD52FA", "href": "https://www.ibm.com/support/pages/node/256321", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:58:07", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that is used by IBM MQ Light. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[](<https://vulners.com/cve/CVE-2014-3065>)[_CVE-2014-3065_](<https://vulners.com/cve/CVE-2014-3065>)** \nDESCRIPTION: **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users. \nCVSS Base Score: 6 \nCVSS Temporal Score: See[](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93629>) <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C) \n \n**CVE-ID: **[](<https://vulners.com/cve/CVE-2014-3566>)[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>[](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID: **[_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nThe vulnerabilities affect users of IBM MQ Light V1.0 and V1.0.0.1 on all platforms.\n\n## Remediation/Fixes\n\nDownload and install the appropriate MQ Light Server for your platform as shown below: \n \n\n\n**Platform**| **License Type**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nWindows| Developer| IT06634| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-developer-L150122-IT06634&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-developer-L150122-IT06634&includeSupersedes=0>) \nWindows| Production| IT06634| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-production-L150122-IT06634&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-production-L150122-IT06634&includeSupersedes=0>) \nLinux| Developer| IT06634| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-developer-L150122-IT06634&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-developer-L150122-IT06634&includeSupersedes=0>) \nLinux| Production| IT06634| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-production-L150122-IT06634&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-production-L150122-IT06634&includeSupersedes=0>) \nMac| Developer| IT06634| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Mac-x64-developer-L150122-IT06634&includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Mac-x64-developer-L150122-IT06634&includeSupersedes=0>) \n \nThe following link describes how to re-use the data from your existing installation: \n<http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm> \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-3065, CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:02:26", "id": "64B59574373BE1019CE518AD6558B3CA51DCDBC14298E811391CBD8C2C5DFD1A", "href": "https://www.ibm.com/support/pages/node/524663", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:42:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 and 7 that are used by Tivoli Netcool/OMNIbus. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID: **[_CVE-2014-6468_](<https://vulners.com/cve/CVE-2014-6468>)\n\n**DESCRIPTION: **An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.\n\nCVSS Base Score: 6.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.3.0 \nTivoli Netcool/OMNIbus 7.3.1 \nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nOMNIbus | 7.3.0.15 | IV66765 | <http://www-01.ibm.com/support/docview.wss?uid=swg24039199> \nOMNIbus | 7.3.1.11 | IV66765 | <http://www-01.ibm.com/support/docview.wss?uid=swg24036686> \nOMNIbus | 7.4.0.6 | IV66765 | <http://www-01.ibm.com/support/docview.wss?uid=swg24036690> \nOMNIbus | 8.1.0.2 | IV66765 | <http://www-01.ibm.com/support/docview.wss?uid=swg24038348> \n \n## Workarounds and Mitigations\n\nConfigure the OMNIbus server components to use FIPS mode that \nwill disable SSL by default. FIPS mode configuration is described here: \n<http://www-01.ibm.com/support/knowledgecenter/SSSHTQ_7.4.0/com.ibm.netcool_OMNIbus.doc_7.4.0/omnibus/wip/install/concept/omn_con_fips_configuringsupport.html?lang=en> \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-12-19T16:53:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2019-12-19T16:53:24", "id": "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "href": "https://www.ibm.com/support/pages/node/714229", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T05:41:28", "description": "## Summary\n\nIBM SDK, which is based on an Oracle Java Development Kit (JDK), is shipped with Rational Business Developer. Oracle has released the October 2014 critical patch updates (CPU) that contains security vulnerability fixes for the JDK. The IBM SDK has been updated to incorporate these fixes and security fixes that are specific to the IBM SDK. Rational Business Developer is affected by CVE-2014-6457,CVE-2014-3065 and CVE-2014-3566.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n \n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n \n**CVE-ID: **[_CVE-2014-3065_](<https://vulners.com/cve/CVE-2014-3065>) \n \n**Description:**** **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users. \n \n**CVSS Base Score: **6 \n**CVSS Temporal Score: **See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/93629>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:C/I:C/A:C) \n \n \n \n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description:**** **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nVersion 9.1 and previous Rational Business Developer versions are affected.\n\n## Remediation/Fixes\n\nFor RBD v9.1, please upgrade to RBD v9.1.1. For other versions, upgrade your SDK to the following interim fix level below: \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Business Developer| v7.5.1.x \nv8.0.1.x| Apply [Rational-RBD-Java6SR16FP1-ifix](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Rational/Rational+Business+Developer&release=8.0.1.5&platform=All&function=fixId&fixids=Rational-RBD-Java6SR16FP1-ifix&includeSupersedes=0>) \nRational Business Developer| v8.5.0 \nv8.5.1.x \nv9.0 \nv9.0.1.x| Apply \n[Rational-RBD-Java7SR7FP1-ifix](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Rational/Rational+Business+Developer&release=9.0.1&platform=All&function=fixId&fixids=Rational-RBD-Java7SR7FP1-ifix&includeSupersedes=0>) \nRational Business Developer| v.9.1.0| Apply \n[Rational Business Developer 9.1.1](<http://www.ibm.com/support/docview.wss?uid=swg24038924>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: IBM Java Quarterly CPU - October 2014 affecting Rational Business Developer (CVE-2014-6457,CVE-2014-3065 and CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-08-03T04:23:43", "id": "DA2056CC2572D340E69B5DF83E45BDF54B724DC580631FC5BB2952F5233DDD39", "href": "https://www.ibm.com/support/pages/node/520711", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T21:52:43", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 and earlier releases that is used by affect IBM Systems Director. This also includes a fix for the Padding Oracle On DowngradedLegacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n## Abstract\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 7 Fix Pack 1 and earlier releases that is used by affect IBM Systems Director. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2014-6512](<https://vulners.com/cve/CVE-2014-6512>)\n\n**Description:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97147> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected products and versions\n\nFrom the IBM System Director command line enter smcli lsver to determine the level of IBM System Director installed.\n\nIBM Systems Director:\n\n * 5.2.x.x\n * 6.1.x.x\n * 6.2.0.x\n * 6.2.1.x\n * 6.3.0.0\n * 6.3.1.x\n * 6.3.2.x\n * 6.3.3.x\n * 6.3.5.0\n\n## Remediation/Fixes:\n\nReleases 5.2.x.x, 6.1.x.x are unsupported and will not be fixed.\n\nFollow the instructions mentioned under <http://www-947.ibm.com/support/entry/portal/support/> and search for Tech note **732521668** or [ http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas7b80574214546ff9b86257dd90065690f](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas7b80574214546ff9b86257dd90065690f>) to apply the fix for releases:\n\n * 6.2.0.x\n * 6.2.1.x\n * 6.3.0.0\n * 6.3.1.x\n * 6.3.2.x\n * 6.3.3.x\n * 6.3.5.0\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workaround(s) & Mitigation(s):\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:45:01", "type": "ibm", "title": "Security Bulletin: Vulnerability in SSLv3 and multiple vulnerabilities in IBM Java Runtime affect IBM Systems Director (CVE-2014-6512, CVE-2014-6457 and CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6512"], "modified": "2019-01-31T01:45:01", "id": "57FF4D4A86128E3B06BB805C060E516672F9281BCE3EDD9E4A9FAE77E2BF23C7", "href": "https://www.ibm.com/support/pages/node/866328", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:49:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by Rational Insight. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-6468_](<https://vulners.com/cve/CVE-2014-6468>)\n\n**Description:** An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact. \n\n**CVSS Base Score:** 6.9 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:M/Au:N/C:C/I:C/A:C) \n\n## Affected Products and Versions\n\nRational Insight 1.1, 1.1.1, 1.1.1.1, 1.1.1.2, 1.1.1.3, 1.1.1.4, 1.1.1.5 and 1.1.1.6\n\n## Remediation/Fixes\n\nApply the recommended fixes to all affected versions of Rational Insight. \n \n \n**Rational Insight 1.1 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 10](<http://www-01.ibm.com/support/docview.wss?uid=swg24039564>). \nReview technote [1679272: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Insight 1.1](<http://www-01.ibm.com/support/docview.wss?uid=swg21679272>) for detailed instructions.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1, 1.1.1.1 and 1.1.1.2 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.1.1 Interim Fix 10](<http://www-01.ibm.com/support/docview.wss?uid=swg24039564>). \nRead technote [1679281: Install a Cognos Business Intelligence 10.1.1 fix package in Rational Reporting for Development Intelligence 2.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679281>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.3 ** \n \n\n\n * Download the [IBM Cognos Business Intelligence 10.2.1 Interim Fix 9](<http://www-01.ibm.com/support/docview.wss?uid=swg24039563>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035869>)**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 ** \n \n\n\n 1. If the Data Collection Component or Jazz Reporting Serivce are used, perform this step first. \nReview the topics in [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693298>) for addressing the listed vulnerabilities in their underlying Jazz Team Server. \n\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24039563>). \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www-01.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T05:00:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Insight (CVE-2014-3566, CVE-2014-6457, CVE-2014-6468)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2018-06-17T05:00:33", "id": "4F4F2FCED404DED7D9E28E46E621E3CA2C77E44FDED68F5EC88654C31079B7CC", "href": "https://www.ibm.com/support/pages/node/256985", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T05:39:16", "description": "## Summary\n\nWebsphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletins [](<http://www-01.ibm.com/support/docview.wss?uid=swg21996748>)[_Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004792>)_, _[_Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004785>) and [_Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004786>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\nPredictive Customer Intelligence 1.0, 1.0.1, 1.1, 1.1.1\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by Websphere Application Server which is shipped with Predictive Customer Intelligence. \n\nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nPredictive Customer Intelligence 1.0 and 1.0.1| Websphere Application Server 8.5.5| [_Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004792>)\n\n[_Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004785>)\n\n[_Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004786>) \n \nPredictive Customer Intelligence 1.1 and 1.1.1| Websphere Application Server 8.5.5.6| [_Security Bulletin: Information disclosure in WebSphere Application Server (CVE-2017-1381)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004792>)\n\n[_Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004785>)\n\n[_Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)_](<http://www-01.ibm.com/support/docview.wss?uid=swg22004786>) \n \n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-02-11T21:31:00", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in Websphere Application Server shipped with Predictive Customer Intelligence (CVE-2017-1381, CVE-2017-1382, CVE-2017-1380)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1380", "CVE-2017-1381", "CVE-2017-1382"], "modified": "2020-02-11T21:31:00", "id": "433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21", "href": "https://www.ibm.com/support/pages/node/565451", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:52:39", "description": "## Summary\n\nApache POI, which is bundled with IBM WebSphere Dashboard Framework, is vulnerable to denial of service attacks and could allow a remote attacker to obtain sensitive information. \n\n## Vulnerability Details\n\nIBM WebSphere Dashboard Framework (WDF) bundles a copy of Apache POI, which is used by the spreadsheet integration functionality. \n\n \n**CVEID:** [CVE-2012-0213](<https://vulners.com/cve/CVE-2012-0213>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by the improper handling of memory when processing certain Channel Definition Format (CDF)/ Compound File Binary Format (CFBF) documents. By sending a specially-crafted CDF / CFBF file to an application using Apache POI, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/75558> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2014-3574](<https://vulners.com/cve/CVE-2014-3574>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95768> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2014-3529](<https://vulners.com/cve/CVE-2014-3529>)** \nDESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95770> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2014-9527](<https://vulners.com/cve/CVE-2014-9527>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service. An attacker could exploit this vulnerability using a specially-crafted PPT file to cause the application to enter into an infinite loop and deadlock. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99799> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nWebSphere Dashboard Framework 7.0.1\n\n## Remediation/Fixes\n\n_ \nProduct_\n\n| \n_ VRMF_| \n_ APAR _| \n \n---|---|---|--- \nWebSphere Dashboard Framework| 7.0.1| LO90165| [ Download the fix](<http://download4.boulder.ibm.com/sar/CMA/LOA/06fi6/0/LO90165_WEF7014.zip>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T20:05:09", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Dashboard Framework is affected by multiple security vulnerabilities in Apache POI", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0213", "CVE-2014-3529", "CVE-2014-3574", "CVE-2014-9527"], "modified": "2018-06-16T20:05:09", "id": "F5BA0AA514CF99CA86DFB280C43745FF52D52633170D1E545ACF89151C65EEF0", "href": "https://www.ibm.com/support/pages/node/553771", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:47:34", "description": "## Summary\n\nOpenSource Apache Poi Vulnerabilities \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2012-0213_](<https://vulners.com/cve/CVE-2012-0213>) \n**DESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by the improper handling of memory when processing certain Channel Definition Format (CDF)/ Compound File Binary Format (CFBF) documents. By sending a specially-crafted CDF / CFBF file to an application using Apache POI, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/75558_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/75558>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3574_](<https://vulners.com/cve/CVE-2014-3574>) \n**DESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95768_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3529_](<https://vulners.com/cve/CVE-2014-3529>) \n**DESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95770_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-9527_](<https://vulners.com/cve/CVE-2014-9527>) \n**DESCRIPTION:** Apache POI is vulnerable to a denial of service. An attacker could exploit this vulnerability using a specially-crafted PPT file to cause the application to enter into an infinite loop and deadlock. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99799_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99799>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM eDiscovery Manager Version 2.2.2\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM eDiscovery Manager | 2.2.2| Use IBM eDiscovery Manager 2.2.2.2 [Interim Fix IF0003](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/InfoSphere+eDiscovery+Manager&release=2.2.2.2&platform=All&function=all>) available at [_https://www-945.ibm.com/support/fixcentral/_](<https://www-933.ibm.com/support/fixcentral/>) \n \n## Workarounds and Mitigations\n\nNA\n\n## ", "cvss3": {}, "published": "2018-06-17T12:17:04", "type": "ibm", "title": "Security Bulletin: OpenSource Apache Poi Vulnerabilities in IBM eDiscovery Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0213", "CVE-2014-3529", "CVE-2014-3574", "CVE-2014-9527"], "modified": "2018-06-17T12:17:04", "id": "2BE9140C38522B6603DE40CBE860081AB9B8829B43238734C750961AB19A2022", "href": "https://www.ibm.com/support/pages/node/552697", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:39:25", "description": "## Summary\n\nIBM Cognos is shipped as a component of IBM Control Center. Multiple vulnerabilities have been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2012-0213_](<https://vulners.com/cve/CVE-2012-0213>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by the improper handling of memory when processing certain Channel Definition Format (CDF)/ Compound File Binary Format (CFBF) documents. By sending a specially-crafted CDF / CFBF file to an application using Apache POI, a remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/75558_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/75558>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3574_](<https://vulners.com/cve/CVE-2014-3574>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95768_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-3529_](<https://vulners.com/cve/CVE-2014-3529>)** \nDESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95770_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-9527_](<https://vulners.com/cve/CVE-2014-9527>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service. An attacker could exploit this vulnerability using a specially-crafted PPT file to cause the application to enter into an infinite loop and deadlock. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/99799_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/99799>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Control Center 6.1.0.0 through 6.1.0.1 iFix06 \nIBM Control Center 6.0.0.0 through 6.0.0.1 iFix10 \nIBM Control Center 5.4.2.0 through 5.4.2.1 iFix12 \n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **Fix**| **How to acquire fix** \n---|---|---|--- \nIBM Control Center| 6.1.0.2| Base release or later| [_Fix Central - 6.1.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.1.0.2&platform=All&function=all>) \nIBM Control Center| 6.0.0.2| Base release or later| [_Fix Central - 6.0.0.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=6.0.0.2&platform=All&function=all>) \nSterling Control Center| 5.4.2.2| Base release or later| [_Fix Central - 5.4.2.2_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Control+Center&release=5.4.2.2&platform=All&function=all>) \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2019-12-17T22:47:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Cognos affect IBM Control Center (CVE-2012-0213, CVE-2014-3574, CVE-2014-3529, CVE-2014-9527)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0213", "CVE-2014-3529", "CVE-2014-3574", "CVE-2014-9527"], "modified": "2019-12-17T22:47:42", "id": "731D198A0DD7C3F6DAA0D50CEAB820F3F2E35E7576683ADF9E7313BF10164018", "href": "https://www.ibm.com/support/pages/node/298843", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:58:06", "description": "## Summary\n\nA SSLv3 contains a vulnerability(CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3513) that has been referred to as the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack. SSLv3 is used for Client/Server communication in IBM WebSphere Cast Iron Solution \n \nJava security vulenrabilities (CVE-2014-6558, CVE-2014-4263, CVE-2014-4244) in the Cast Iron runtime \n\n## Vulnerability Details\n\n**CVE ID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION: **IBM HTTP Server could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVE-ID**: [_CVE-2014-3567_](<https://vulners.com/cve/CVE-2014-3567>) \n \n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by a memory leak when handling failed session ticket integrity checks. By sending an overly large number of invalid session tickets, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97036_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97036>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVE-ID**: [_CVE-2014-3568_](<https://vulners.com/cve/CVE-2014-3568>) \n \n**DESCRIPTION**: OpenSSL could allow a remote attacker bypass security restrictions. When configured with \"no-ssl3\" as a build option, servers could accept and complete a SSL 3.0 handshake. An attacker could exploit this vulnerability to perform unauthorized actions. \n \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97037_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97037>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n \n**CVE-ID**: [_CVE-2014-3513_](<https://vulners.com/cve/CVE-2014-3513>) \n \n**DESCRIPTION**: OpenSSL is vulnerable to a denial of service, caused by a memory leak in the DTLS Secure Real-time Transport Protocol (SRTP) extension parsing code. By sending multiple specially-crafted handshake messages, an attacker could exploit this vulnerability to exhaust all available memory of an SSL/TLS or DTLS server. \n \nCVSS Base Score: 5.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97035_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97035>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2014-6558_](<https://vulners.com/cve/CVE-2014-6558>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N) \n\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \nWarning: We strongly encourage you to take action as soon as possible as potential implications to your environment may be more serious than indicated by the CVSS score. \n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of the product \nWebSphere Cast Iron v 6.* \nWebSphere Cast Iron v7.0,0,0, \nWebSphere Cast Iron v7.0.0.1 \nWebSphere Cast Iron v7.0.0.2\n\n## Remediation/Fixes\n\n \nLI78330 UPDATE BEDROCK TO ADDRESS POODLE ISSUE \nLI78297 UPGRADE TO JAVA 7 SR8 AND JAVA 6 SR16 FP2 TO ADDRESS SECURITY VULNERABILITIES \n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.*| LI78330 \nLI78297| [iFix 7.0.0.2-CUMUIFIX-006](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20141212-1322_H10_64-CUMUIFIX-006.scrypt2,7.0.0.2-WS-WCI-20141212-1322_H10_64-CUMUIFIX-006.vcrypt2,7.0.0.2-WS-WCI-20141212-1322_H10_64-CUMUIFIX-006.32bit.sc-linux,7.0.0.2-WS-WCI-20141212-1322_H10_64-CUMUIFIX-006.32bit.sc-win,7.0.0.2-WS-WCI-20141212-1322_H10_64-CUMUIFIX-006.sc-linux,7.0.0.2-WS-WCI-20141212-1322_H10_64-CUMUIFIX-006.sc-win,7.0.0.2-WS-WCI-20141212-1037_H9_64-CUMUIFIX-006.32bit.studio,7.0.0.2-WS-WCI-20141212-1037_H9_64-CUMUIFIX-006.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.4.0.1| LI78330 \nLI78297 | [iFix 6.4.0.1-CUMUIFIX-024](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.4.0.1&platform=All&function=fixId&fixids=6.4.0.1-WS-WCI-20141114-0953_H4-CUMUIFIX-024.scrypt2,6.4.0.1-WS-WCI-20141114-0953_H4-CUMUIFIX-024.vcrypt2,6.4.0.1-WS-WCI-20141114-0401_H5-CUMUIFIX-024.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.2| LI78330 \nLI78297 | [iFix 6.3.0.2-CUMUIFIX-009](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.2&platform=All&function=fixId&fixids=6.3.0.2-WS-WCI-20141113-1313_H6-CUMUIFIX-009.scrypt2,6.3.0.2-WS-WCI-20141113-1313_H6-CUMUIFIX-009.vcrypt2,6.3.0.2-WS-WCI-20141113-1351_H5-CUMUIFIX-009.studio&includeSupersedes=0>) \nCast Iron Appliance| 6.3.0.1| LI78330 \nLI78297 | [iFix 6.3.0.1-CUMUIFIX-024](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.3.0.1&platform=All&function=fixId&fixids=6.3.0.1-WS-WCI-20141113-1753_H6-CUMUIFIX-024.scrypt2,6.3.0.1-WS-WCI-20141113-1753_H6-CUMUIFIX-024.vcrypt2&includeSupersedes=0>) \nCast Iron Appliance| 6.1.0.15| LI78330 \nLI78297 | [iFix 6.1.0.15-CUMUIFIX-016](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=6.1.0.15&platform=All&function=fixId&fixids=6.1.0.15-WS-WCI-20141208-1154_H6-CUMUIFIX-016.scrypt2,6.1.0.15-WS-WCI-20141208-1154_H6-CUMUIFIX-016.vcrypt2,6.1.0.15-WS-WCI-20141208-1152_H5-CUMUIFIX-016.studio&includeSupersedes=0>) \nNote: We have included the IBM Java fix for POODLE issue \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21688283_](<http://www-01.ibm.com/support/docview.wss?uid=swg21688283>) \n \n[_http://www-01.ibm.com/support/docview.wss?uid=swg21688283_](<http://www-01.ibm.com/support/docview.wss?uid=swg21688283>)\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:29", "type": "ibm", "title": "Security Bulletin: IBM WebSphere Cast Iron Solution is affected by vulnerabilities CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-3513, CVE-2014-6558, CVE-2014-4263, CVE-2014-4244", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3513", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3568", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6558"], "modified": "2018-06-15T07:02:29", "id": "7B6D4086F7B8ACBE84B6FFD51D2E34E8EA66A6C4B9B1C354EB4B67554F7EB2F7", "href": "https://www.ibm.com/support/pages/node/525451", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:06:12", "description": "## Summary\n\nIBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 1.6 shipped with IBM MDM SE engine, Workbench, and Brokers contains multiple vulnerabilities. IBM MDM SE engine, Workbench, and Brokers has addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. This vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n**CVEID:** [_CVE-2015-2808_](<https://vulners.com/cve/CVE-2015-2808>) \n**DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve sensitive information. This vulnerability is commonly referred to as \"Bar Mitzvah Attack\". \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-1916_](<https://vulners.com/cve/CVE-2015-1916>) \n**DESCRIPTION:** Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101995_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101995>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker with an active man-in-the-middle session to hijack plaintext application data from active SSL/TLS sessions. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [_CVE-2015-0383_](<https://vulners.com/cve/CVE-2015-0383>) \n**DESCRIPTION:** An unspecified vulnerability related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C)\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2014-6468_](<https://vulners.com/cve/CVE-2014-6468>) \n**DESCRIPTION:** An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nCVSS Base Score: 6.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97138_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97138>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-2613_](<https://vulners.com/cve/CVE-2015-2613>) \n**DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104734_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104734>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2601_](<https://vulners.com/cve/CVE-2015-2601>) \n**DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104733_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104733>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-2625_](<https://vulners.com/cve/CVE-2015-2625>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/104743_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/104743>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-1931_](<https://vulners.com/cve/CVE-2015-1931>) \n**DESCRIPTION:** IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system. \nCVSS Base Score: 2.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/102967_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/102967>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n \nIBM Initiate Master Data Service versions 9.5, 9.7, 10.0, 10.1 (impacts _Master Data Engine_ component, [_Message Brokers_](<http://pic.dhe.ibm.com/infocenter/mdm/v11r0/topic/com.ibm.mdshs.hubover.doc/topics/c_hubover_message_broker_suite.html>) component and _Workbench_ component)\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n \n\n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service| 9.5| None| [9.5.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.5.120315_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| 9.5| None| [9.5.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.5.120315_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| 9.5| None| [9.5.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.5.120315_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| 9.7| None| [9.7.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=9.7.120315_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| 9.7| None| [9.7.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=9.7.120315_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| 9.7| None| [9.7.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=9.7.120315_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| 10.0| None| [10.0.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.0.120315_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Patient Hub| 10.0| None| [10.0.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Patient&release=All&platform=All&function=fixId&fixids=10.0.120315_IM_Initiate_Patient_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service Provider Hub| 10.0| None| [10.0.120315](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Provider&release=All&platform=All&function=fixId&fixids=10.0.120315_IM_Initiate_Provider_ALL_RefreshPack&includeSupersedes=0&source=fc>) \nIBM Initiate Master Data Service| 10.1| None| [_10.1.120315_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.120315_IM_Initiate_MasterDataService_ALL_RefreshPack&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-27T09:58:00", "type": "ibm", "title": "Security Bulletin: The IBM\u00ae Runtime Environments Java\u2122 version shipped with IBM MDM SE engine, Workbench, and Brokers may not address all security vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6468", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0383", "CVE-2015-0410", "CVE-2015-1916", "CVE-2015-1931", "CVE-2015-2601", "CVE-2015-2613", "CVE-2015-2625", "CVE-2015-2808"], "modified": "2022-04-27T09:58:00", "id": "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "href": "https://www.ibm.com/support/pages/node/273531", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-09-21T10:44:05", "description": "## Summary\n\nAtlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar. Hence poi-ooxml-3.9.jar upgraded to poi-ooxml-4.0.jar to fix vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-5644](<https://vulners.com/cve/CVE-2017-5644>) \n** DESCRIPTION: **Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection (XXE) error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could exploit this vulnerability to consume all available CPU resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-12415](<https://vulners.com/cve/CVE-2019-12415>) \n** DESCRIPTION: **Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by tool XSSFExportToXml. By sending a specially-crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170015>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2014-3574](<https://vulners.com/cve/CVE-2014-3574>) \n** DESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-3529](<https://vulners.com/cve/CVE-2014-3529>) \n** DESCRIPTION: **Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAtlas eDiscovery Process Management| 6.0.3 \n \n\n\n## Remediation/Fixes\n\n**_ Product_**\n\n| \n\n**_ VRMF_**\n\n| \n\n**_ Remediation/First Fix_** \n \n---|---|--- \n \nAtlas eDiscovery Process Management\n\n| \n\n6.0.3\n\n| \n\nApply Fix Pack **6.0.3.9 Interim fix 7**, available from [Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Atlas%20eDiscovery&product=ibm/Information+Management/Atlas+eDiscovery+Process+Management&release=6.0.3.9&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-05-08T08:37:05", "type": "ibm", "title": "Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable poi-ooxml-3.9.jar", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3574", "CVE-2017-5644", "CVE-2019-12415"], "modified": "2023-05-08T08:37:05", "id": "0B000A0891A3DD2B6FEEDDE868C5765ECFB2CF839563136900F2FFB29F7ED71C", "href": "https://www.ibm.com/support/pages/node/6988895", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-09-21T10:31:23", "description": "## Summary\n\nMultiple vulnerabilities have been identified in poi-ooxml-3.9.jar which is shipped with IBM\u00ae Intelligent Operations Center. Information about these vulnerabilities affecting IBM\u00ae Intelligent Operations Center have been published and addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2017-5644](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123699>) \n** DESCRIPTION: **Apache POI is vulnerable to a denial of service, cause by an XML External Entity Injection (XXE) error when processing XML data. By using a specially-crafted OOXML file, a remote attacker could exploit this vulnerability to consume all available CPU resources. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/123699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-12415](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170015>) \n** DESCRIPTION: **Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by tool XSSFExportToXml. By sending a specially-crafted document, a remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170015](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170015>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2014-3574](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) \n** DESCRIPTION: **Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) for the current score. \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n \n** CVEID: **[CVE-2014-3529](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) \n** DESCRIPTION: **Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/95770](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIntelligent Operations Center (IOC)| 5.1.0, 5.1.0.2, 5.1.0.3, 5.1.0.4, 5.1.0.6, 5.2, 5.2.1, 5.2.2, 5.2.3 \n \n## Remediation/Fixes\n\nThe recommended solution is to apply an interim fix that contains the fix for this issue as soon as practical.\n\nDownload the IBM Intelligent Operations Center Version 5.2.4 is an upgrade to IBM Intelligent Operations Center Version 5.2.3 through IBM Intelligent Operations Center Version 5.2 from the following link:\n\n[IBM Intelligent Operations Center Version 5.2.4](<https://www.ibm.com/support/pages/node/7022369>)\n\nInstallation instructions for the fix are included in the readme document that is in the fix package.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2023-09-05T12:52:50", "type": "ibm", "title": "Security Bulletin: Vulnerabilities found in poi-ooxml-3.9.jar which is shipped with IBM\u00ae Intelligent Operations Center(CVE-2017-5644, CVE-2019-12415, CVE-2014-3574, CVE-2014-3529)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "