IBM0EA790D82DA53573897F32A5B9517954AA6C05BD115A7B638D284E02B09AA2EBSecurity Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Connect:Direct FTP+ (CVE-2016-0475)
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Summary
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 7.0.5.0 and 6.0.16.16, that are used by Sterling Connect:Direct FTP+. These issues were disclosed as part of the IBM Java SDK updates in January 2016.
Vulnerability Details
CVEID: CVE-2016-0475**
DESCRIPTION:** An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109946 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Affected Products and Versions
IBM Sterling Connect:Direct FTP+ 1.3.0
Remediation/Fixes
V.R.M
| APAR|Remediation
—|—|—
1.3.0| IT14195
IT14554| For all platforms except for HP-UX, apply 1.3.0 Fix002, available on Fix Central.
For HP-UX (Itanium and PA_RISC), apply 1.3.0 Fix003, available on Fix Central.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm sterling connect:direct ftp+ | eq | 1.3.0 |
Related
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N