There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireless Platform . These issues were disclosed as part of the IBM Java SDK updates in January 2015.
The following advisories are included in the IBM® SDK Java™ Technology Edition and WebSphere Application Server may be vulnerable to them. Interim fixes for HP Platforms will be available by 03/31/2015.
**
CVEID:** CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
**
CVEID:** CVE-2015-0400**
DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
**
CVEID:** CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Please consult the security bulletin Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Jan 2015 CPU for vulnerability details.
Affected Product and Version(s)
| Product and Version shipped as component
—|—
Tivoli Network Performance Manager 1.4| Bundled the Jazz for Service Management version 1.1.0.2, IBM WebSphere version 8.5.0.1 and the JRE from IBM SDK Java 2 Technology Edition Version 7.
Tivoli Network Performance Manager 1.3.2| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Tivoli Network Performance Manager 1.3.1| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6.
Download and apply interim fix based on your WebSphere version in Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Jan 2015 CPU
CPE | Name | Operator | Version |
---|---|---|---|
ibm netcool performance manager | eq | 1.3.1 | |
ibm netcool performance manager | eq | 1.3.2 | |
ibm netcool performance manager | eq | 1.4 |