3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:P/A:C
Multiple security vulnerabilities exist in IBM SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server Community 3.0.0.4.
CVE-ID: CVE-2015-0383
DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.
CVSS Base Score: 5.4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C)
CVE-ID: CVE-2014-3566 **DESCRIPTION:**Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. **CVSS Base Score:**4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-6593 **DESCRIPTION:**An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. **CVSS Base Score:**4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2015-0410 **DESCRIPTION:**An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. **CVSS Base Score:**5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
WebSphere Application Server Community Edition 3.0.0.4
Upgrade your IBM SDK for Java to an interim fix level as determined below:
IBM SDK 6.0:
IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases
IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 and subsequent releases
IBM SDK 7.0:
IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases
IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server community edition | eq | 3.0.0.4 |
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
5.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:P/A:C