6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere MQIPT, a patch for these are available in IBM SDK, Java™ Technology Edition, Version 7 Service Refresh 7 Fix Pack 1
CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID:CVE-2014-3068
DESCRIPTION: A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores.
CVSS Base Score: 2.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)
IBM SDK, Java™ Technology Edition, Version 7 (maintenance levels older than service refresh 7 fix pack 1) provided by WebSphere MQIPT 2.1 on all platforms.
Update the JRE component following the instructions contained in this link:http://www.ibm.com/support/docview.wss?uid=swg21678663
Updated JREs for MQIPT can be downloaded from the MS81: WebSphere MQ Internet Pass-Thru SupportPac page, via the Download package link, in the Security Update JRE for MS81 section.
None known
CPE | Name | Operator | Version |
---|---|---|---|
websphere mq | eq | 2.1 |