Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1BCB7DE453F2D840BF096659AA5DE0A40E3E277E393F46D7A7B3745972DEAF7C
HistoryJun 18, 2018 - 12:28 a.m.

Security Bulletin: October 2014 Java Runtime Environment (JRE) Vulnerabilities in Multiple N series Products

2018-06-1800:28:10
www.ibm.com
5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

Multiple N series products incorporate the Java Runtime Environment (JRE) software libraries. JRE versions up to 8u25, 7u72 and 6u85 are susceptible to multiple vulnerabilites.

Vulnerability Details

CVEID: CVE-2014-6558

DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97151 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6517

DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97145 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6519

DESCRIPTION: An unspecified vulnerability related to the Hotspot component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97144 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6504

DESCRIPTION: An unspecified vulnerability related to the Hotspot component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97143 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6468

DESCRIPTION: An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97138 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6527

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97149 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6502

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 2.6

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97150 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6513

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97127 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6456

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97130 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6503

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97129 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6532

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 9.3

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97128 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-4288

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97135 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6493

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97134 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6466

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97136 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6492

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 7.6

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97133 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6458

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97137 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2014-6506

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Libraries component has partial confidentiality impact, partial integrity impact, and partial availability impact.

CVSS Base Score: 6.8

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97139 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVEID: CVE-2014-6476

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97141 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6515

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97142 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6511

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97140 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6531

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Libraries component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 4.3

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97146 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6512

DESCRIPTION: Oracle Java SE and JRockit could allow a remote attacker to bypass security restrictions, caused by the failure to perform source address checks for packets received on a connected socket by the DatagramSocket implementation in OpenJDK. An attacker could exploit this vulnerability to process packets as if they were received from the expected source.

CVSS Base Score: 4.3

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97147 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6457

DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/97148 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

N series VASA Provider: 1.0, 1.0.1;
NS OnCommand Core Package: 5.2, 5.2R1, 5.2.1P1, 5.2.1P2;
SnapManager for Oracle: 3.2, 3.3, 3.3.1;
SnapManager for SAP: 3.2, 3.3, 3.3.1;
Virtual Storage Console for VMware vSphere: 4.2.1, 5.0;

Remediation/Fixes

For_ SnapManager for Oracle: the fix exists from microcode version 3.4;
For _SnapManager for SAP: the fix exists from microcode version 3.4;
For Virtual Storage Console for VMware vSphere: the fix exists from microcode version: 5.0P1;

Please contact IBM support or go to this link to download a supported release. For customers who are using N series VASA Provider or NS OnCommand Core Package, please contact IBM support.

Workarounds and Mitigations

None.

Related

nessus 44
redhat 12
suse 8
ibm 31
f5 2
openvas 44
kaspersky 1
ubuntu 3
aix 1
oraclelinux 4
osv 3
debian 3
veracode 5
amazon 3
centos 4
mageia 1
securityvulns 1
ubuntucve 7
cve 7
prion 8
debiancve 6
gentoo 1
nessus
nessus
RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2014:1657)
2014-11-08 00:00:00
Oracle Java SE Multiple Vulnerabilities (October 2014 CPU)
2014-10-15 00:00:00
SuSE 11.3 Security Update : Java OpenJDK (SAT Patch Number 9906)
2014-11-12 00:00:00
redhat
redhat
(RHSA-2014:1657) Critical: java-1.7.0-oracle security update
2014-10-16 22:51:08
(RHSA-2014:1658) Important: java-1.6.0-sun security update
2014-10-16 22:52:46
(RHSA-2014:1880) Critical: java-1.7.1-ibm security update
2014-11-20 00:00:00
suse
suse
Security update for IBM Java (important)
2014-12-02 19:04:43
Security update for IBM Java (important)
2014-11-28 19:05:41
Security update for java-1_7_1-ibm (important)
2014-12-03 17:04:45
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affecting IBM Tivoli Monitoring clients
2018-06-17 14:55:49
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition
2018-06-15 07:01:54
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU
2018-06-15 07:01:55
f5
f5
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
openvas
openvas
SUSE: Security Advisory for java-1_7_1-ibm (SUSE-SU-2014:1549-1)
2015-10-16 00:00:00
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:1526-1)
2015-10-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1549-1)
2021-04-19 00:00:00
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
osv
osv
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-26 00:00:00
openjdk-6 - security update
2014-11-28 00:00:00
debian
debian
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:43:45
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:21
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:25:51
veracode
veracode
Privilege Escalation
2019-05-02 05:12:51
Information Disclosure
2019-05-02 05:12:50
Information Disclosure
2019-05-02 05:12:51
amazon
amazon
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
centos
centos
java security update
2014-10-15 11:48:47
java security update
2014-10-15 11:42:17
java security update
2014-10-15 12:22:05
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09
securityvulns
securityvulns
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
2015-01-25 00:00:00
ubuntucve
ubuntucve
CVE-2014-6503
2014-10-15 00:00:00
CVE-2014-6532
2014-10-15 00:00:00
CVE-2014-6493
2014-10-15 00:00:00
cve
cve
CVE-2014-6493
2014-10-15 22:55:00
CVE-2014-4288
2014-10-15 15:55:00
CVE-2014-6532
2014-10-15 22:55:00
prion
prion
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
Design/Logic Flaw
2014-10-15 22:55:00
debiancve
debiancve
CVE-2014-4288
2014-10-15 15:55:00
CVE-2014-6493
2014-10-15 22:55:00
CVE-2014-6532
2014-10-15 22:55:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 1BCB7DE453F2D840BF096659AA5DE0A40E3E277E393F46D7A7B3745972DEAF7C
nessus44redhat12suse8ibm31f52openvas44kaspersky1ubuntu3aix1oraclelinux4osv3debian3veracode5amazon3centos4mageia1securityvulns1ubuntucve7cve7prion8debiancve6gentoo1