Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime

2019-01-15T18:15:02

Description

## Summary There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. ## Vulnerability Details **CVEID: ** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. CVSS Base Score: 3.7 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) **CVEID: ** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) **CVEID: ** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) **CVEID: ** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 4.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) **CVEID: ** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. CVSS Base Score: 4.5 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) **CVEID: ** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID: ** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. CVSS Base Score: 5.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) **CVEID: ** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. CVSS Base Score: 7.4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) **CVEID: ** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) **DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. CVSS Base Score: 8.3 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) **CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) **DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. CVSS Base Score: 7.4 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) ## Affected Products and Versions IBM B2B Advanced Communications 1.0.0.2 - 1.0.0.6_2 ## Remediation/Fixes _**Release**_ | **_VRMF_** | **_How to acquire fix_** ---|---|--- 1.0.1.0 | 1.0.1.0 | IBM Fix Central > [B2B_Advanced_Communications_V1.0.1.0_Media](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=All&platform=All&function=all>) ## Workarounds and Mitigations None ##

Affected Software

CPE Name	Name	Version
	ibm multi-enterprise integration gateway	any

{"id": "26FDEF4686F824A255770B8961AB492AA5E4A9A534F8EC7775C73A50569E127C", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. \n\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: ** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: ** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: ** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM B2B Advanced Communications 1.0.0.2 - 1.0.0.6_2\n\n## Remediation/Fixes\n\n_**Release**_ | **_VRMF_** | **_How to acquire fix_** \n---|---|--- \n1.0.1.0 | 1.0.1.0 | IBM Fix Central > [B2B_Advanced_Communications_V1.0.1.0_Media](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2019-01-15T18:15:02", "modified": "2019-01-15T18:15:02", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.6, "impactScore": 6.0}, "href": "https://www.ibm.com/support/pages/node/793713", "reporter": "IBM", "references": [], "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "immutableFields": [], "lastseen": "2023-02-22T01:47:21", "viewCount": 3, "enchantments": {"score": {"value": 1.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2018_ADVISORY.ASC", "JAVA_JAN2018_ADVISORY.ASC"]}, {"type": "amazon", "idList": ["ALAS-2018-949", "ALAS-2018-974", "ALAS2-2018-949"]}, {"type": "centos", "idList": ["CESA-2018:0095", "CESA-2018:0349"]}, {"type": "cve", "idList": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1339-1:B1DCE", "DEBIAN:DLA-1339-1:BC39A", "DEBIAN:DSA-4144-1:54880", "DEBIAN:DSA-4166-1:929BB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2018-2579", "DEBIANCVE:CVE-2018-2602", "DEBIANCVE:CVE-2018-2603", "DEBIANCVE:CVE-2018-2633", "DEBIANCVE:CVE-2018-2637", "DEBIANCVE:CVE-2018-2657", "DEBIANCVE:CVE-2018-2663", "DEBIANCVE:CVE-2018-2677", "DEBIANCVE:CVE-2018-2678", "DEBIANCVE:CVE-2018-2783"]}, {"type": "f5", "idList": ["F5:K44923228"]}, {"type": "gentoo", "idList": ["GLSA-201803-06"]}, {"type": "ibm", "idList": ["00EDB390B75880A879E6A53234E21CB5658CD8C65D3D0DCC9D05D30BF3E32D2E", "010DB329A8BFC3E84A2C6FE91E19A9D01A93A5C5F0B7E84CD4694A6DE03249DC", "015DB6740B5492C96DB07643D3F7479C397A23B688C9430BC0080A02A7AD165F", "02B33E907CBC3B0E0EB8668DD12FA56455943967110D9514CE452B7FC178C03F", "0486FF681C1A0961D28244A014A40136703A4267D414B936A2188B5042485FDB", "04C02A7E582660CD6B68F6BEB1B2E60BA695D9E162B960484D27A37445B0B16D", "06547872321FA684E7C87A7CFF9923A2461A57C37C09CEC2AAFB645B2D0ED38A", "06DF9D2534BDAF2A44273AAA278500DE2B214872C9814A010C63F0AC8DB755CB", "0849CEF680F68843BB8ED3027181BFC6E58FA418D5C7E4A78DF8C347CCD2AC36", "089455FB91FDFE7E0E828CF6E910A5D0E5BA1A056A27C13F87FC0F4D9B5A116A", "08F9691BC937E0FF029D7696F76F6F36E69E64093E5231AAA4F8F7612ED181B5", "092CAE22FCBC5AEB35A2E7B881CBD0CAC246C8123BAE6E8B15FA08365612387A", "0956AFB7DB9AFC641FF0AB7205D6B40304DC321488572F7CDCC5BB67BF55C4C2", "0A3185367C4C819CB6D1F686A54CF066C2C0634F508315519FDBA3FECD7B7689", "0ACDC7CDDEE06F34F2256DD048A556D53156ACF793ADBE3C9ED53FEEE712EF49", "0AEB7D4827941D8E704F9E705114348E917D0ACB57155368AEDD133A33BC5D78", "0AEE92C160595E12F2B408379E77249A37C4E9EA4B7846F737A3F51CDD9B5DC3", "0BAE3F39743A07D73D933FC781394D4C201498DFFDE65C7CA1A49531921269DC", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0C55B52A5C32F214BC0363E80618712A46771346F7B2A09C296F9583243EA669", "0DCB9190AD49CA4A44EED134393F472D4D903648111D70599B707F22E81A5F5B", "1183AFE6070A2858FC9AB7F9B6B70C23D07916E7FB1310965184BA33E2071175", "11D42FCCA543C310105E4C09B5FD7242F7016922EADE66CB796861721CAC1D79", "159C34E5AFB6BE1F570922202E0562653C65D24C44D5B08DF0970536EC4F5951", "163ADF654D1EB625A39EB8DD02A8E4E310051F8FC3D34A39927CF015D71EB809", "19750E0233D0EF1800BE4CB1368963E4510B8CE23C793455B5B74D660B8D0FB5", "198D093D9C927822E165F6429C838BC5B7134A1851CF1DA1828FA2580300FFCA", "199F635B1B35FFA7628E6AE481F1D2EE89267D425F70ACF7D67C55CB7C35B701", "19FDDC2F74E05C9B42A0381D32E09D70E2D2150176C46C3EC98FC8C0DDA647DC", "1A22E85B10B30BDA624FADFD7F66EE4EA7BBA669F8E526BE3453234D647DA7F3", "1BB027D3ECE759D4B3772AE6D614EC9C6DE9B952B653965F01D9CBE09BB70CE7", "1BB3E76A9D3BFF47A93C0E8230266D820091FFCEC0B3E126411C6575A9DFD492", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1DBC3BC8A639354F60F11B38F05F43ACD8017F30B07D8D50C64DB5E5A9CA945D", "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "2109FD8CED53F2A1B6C1B6353ED39302F68D864AC17515CFAC20B06E5D8FBDC9", "21C909AA925BE0E93928A0ED421E76EC14F61544DF856B3B672A7C484A22B9C6", "245F288CE1AFE183BF0ABD6D6278EC4AF845994D09DCF6701FC721B8633CC141", "274251E99258A9645E690CE61A163F27CE228E7CDE12E000F53A4CC38F801747", "2748115B8827AEEB9EE4F46184B9E8999C4D22B9C32938C1B0905130332D0FE2", "286787C68D7D1E5DA11E0C4CA3F8AB0318EC73B4F079B533965E2D7FAB4E48D6", "2ACCDB7662F05E9499D68A18532E3ACD04381CC0EA741B99E98951C49C144F08", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2EB239F42D6D7C7FA19DB2D44FE26391F190CD35DED01956174DF034F07EE7DC", "308C17C0C6FCE405B0E11B61D017D5167AF357A61BC5A5CACF4B9D2A53C4762F", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "3351913AA6F914F18448443EC647D11C82F5EA5B9063570096C0FD695ACD7A3A", "34EB1A2ABB852D340BEC67AF21710C6CA41354E6EBA67D52D896FB4AC75A5484", "35606141CD078AA5F2C16D07D6781F5F7CA625C4C3A9CC3298A418072E267FA1", "357D30146D619618E3739E7826300A19128A8D82497931D399A47EDDD25D2785", "35EC921ED8E86A98FEDD3951DBB5567B30D12EC279DD10392816CD8646A204B3", "360DC7CD246693E2B1DE1202036FEC8857313D282295C1CF5B81C9D2168D8BC5", "363661231CDCF5535EBC32F147EBEEC8D838F947C18CFF4C8F592EC472A3B7D6", "36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660", "389EBF171B9DE83E1047C34105889267C782818794E6572286A9BE544FEA9E28", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39E450D4F111F857D19F138C03812ABD7F598DD51D9F08A4C97B699481E1BA33", "3CB47E69C2467E478A054170AAA605E9126ECA9F7C1454094639CF11EA89BF8D", "3CC25C048EFF153229D754CCC6D44E3776394424BB1F44D1F35AEC5747AAB64B", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "40DB5A57B7961E231CE61E540A9D91F19A708AE97A2D1065D9BAABC6DFD9CC8C", "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "4279BA42EAEA3C9275FD7E26992F8BF20E317D8667039AE35C9E813DA767DA97", "42A344877C136B549F05688E94DC5240A92B2335C47C22983BF8078597CFBEA4", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "432CFD8ACF49DF4442F2A221C9C2DBF70E36DF79F63FE59DD604DAF84CCA414F", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "43ECF7C36D1E6DC475530D2CB5DF6E2047C49DC8E177CF79FA363DF0831764BB", "442C87761311C31D585A27325AC5DDA28E7FA2C4BF9A5D6F3BFCA0011CEF2CD3", "453AFD45C0FB61BE3943769FDFFAEE0550DDB1D0D2500D5137B261150F533162", "46966E6228C6EFF168B156D333647B83CD7D598731C72EBDC82AB0F067E0BC8B", "4743BBB7405930549833124CAFCB4F8210D235C06F94F92FCC643937B91D2503", "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "48DEEE69E5792EE07FE1C894C86FF0298C1CB17342A23ED9F86C3B1A4804394A", "498B9FE0AADA5AD01EAAA1DCB4B16943A2CEE45FD85CD673C7D4B6425E7EFA8C", "4AFE6CE8CA759A83EBC77112FFC5A16709458542C68FA4217DCFD11E17FAD242", "4BAA7DBBD4B519F5509C540F33D2C614C19A50E6429F416A1527257CB1B7FED5", "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "4F11DD6523020C1FA257E50F0A4716068E2DCD481F4DADFA60B120A57FED7EDA", "529F4DD704282E8DAF97143B7ACD58E93375FB9E87B86EC9151E844543CF608E", "53B17BB6B4108483D36CC58337C4C06C42C2896966B0B6E5073C7D4D83B647F7", "560B409DDEFB2DD2638B506BBDDE8D0FE455DA5C296A8252E8B5823037364CC4", "58685AAE03A9A9D3682474C02B9A795A70F2D0020AC63FE13D215437D39C3CE4", "586BBC9F245EA531DFB210F2F8A6E202AA5BA9CC152A9D2E8794FAAF4458DE5E", "58D992DC5C5FFBF330112FBD83FD93D0D471E71498684C99FEBE67B55EB5A054", "5921AE7B573463F1C89902D53FDFC518E3B4DDD7D6FAF66D194C0D79D9F77588", "597D87527701B786A682E42DDF2E47761269707632B17C030D7EF1E817438B27", "5A8E4DC7A257749817591727A5A440F5D520F326575886865F2A4F9B43F38777", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5B90DBC6B1931AFFD4193FFD091D072FC75CCFD3F30FCD4F2360610AA351D363", "5C58EF391DDD33B2BBDFB3C54DD542E632EE73136FCCBDCD03C5ADA46A87A75F", "5DF1DD441A05BCC49D128B3A86617DE71345613946448B1338EF4969D9FC29A7", "5EC4D576F9D73CD4F595A3F1D620A4540FC3AA5D503116CE04F8DF6C1AC8CFC4", "6143803B3BA40C7530457C980DC767312A530B4633D43773E75FE39165A523D8", "623D51A6E55F06E457D5584F603A4E61CB4FD4631740B86339BBB50B1A1C3544", "6269AA76009AC220BE691BE4465167C63DA6A492C00534C7E1B1A174B173A102", "638DAAB789BC1508C08C390197D91062796F4F37A18910C35F02B6C23B101700", "63E729D06BD63E73E2903CE29B50801DF5ED9A7443E42F03710B621DCA72FFE9", "64DA82E31E4B51061CFF10EE67EC943A4D954805D80FD3991148F22E00E498F3", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "6741B26AC275DEE67E3CD552E49DB1A6359EC6DA4EB7BEDFA3541E9B504EBE43", "6877A290C4E483A82EA8A166F8741992C1817E945A9A02B43C11E02EC9E3AAFD", "68C77664327070460B17AF10B5AA600E8E7E2FD783142191F4CB257175711874", "6A9F30617183D7A0ABB599A05D4D81DEE142C73FB0C46974B6E6FC07D95844B8", "6C45A29D024C9D6F0CAB22E79C478F9FCA9379B61519F60C5A7C254D98E20DDE", "6E8AA7DB116D9A386BBD74DD92885FB79C7B6627B795BAD705B60A761B85D327", "702CCFDB421DD774CE616956D8E276B5B59CD79B66C5263593EAC3AD911B7900", "745500D27B264258E6040DD036B1BE8037D280012B0438748818154D89D1F135", "7522CD8CB1AFE55A09F63CACF58383B78DC2861D1D1C3725F33F297A8DFB7D84", "76FA12A14D94277858DB1075CD6A9F1E4AAF161AEC3B71FC67679D638C279BD5", "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "79316DFB7D2A1A5938133AC6C009E21454C138AD7AF996976083DF3725FE697A", "7995C63D3451A7C3D84F616783736F8B888530FC2843FD646CEBBD9728452806", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "80B453AE505CC102E347D060DD017A64258D86E11FE0054B8137457109AF54FB", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "84519CF7C0BC0BBF920A3B4993A25CB95A81E31AB442E7DBDE6518F330A967A1", "8585F927BD0C07D6190320B930661656BA9F41A82E8C287DF2F865DB1DD4A1DE", "858D0D998DE9CCC21C74DA9438BC40E1E5DE13790EC10F9280C890FB222AD7EA", "8746750F3AD0F0BC9622A666856A176609E9CA437C50C11E1F497B64848858A6", "88599A3167DAF0B38AEE5154E5F81518BD3B06894F8280285C78D3C880CEDF91", "88E78C162C87E46AC4B2CC4D6F5E6676E68218C6F5EF58D37F1A1CCF22E70C41", "89680C8187B72629A49F5B9DB6180EF763F550009996675B378E43536DA36915", "8D5E2B88D45BBC51C1E874562BD7CA1C628FF6220F99BFFAE4FD6ECD4E193CA0", "900C0C5FA596BF6865133CB9A30158FC9F15E5510D3A1E1A7F4CEB6F509ACF07", "9071A116E86B1C667F14BD5B842330C2BF93ED1CDC0752CD908C4FBFD1667205", "90B72607FC15B1F844110A335A4487D01DE26FAD2616B7249AA74D1FB329DBF6", "9180198017E53C3ABE300BED146F25E3DDEE3F2933FD128F75729D691DFE41B1", "925E97C6619B205163A5504AC8527FF5F645691EF79F2E620EAD13A514BDD5A8", "9260A2B5C171726ABB7599EFA18CD6720BE53E97B9B70F6E8146B7284F097922", "928074C54D11212610E49ED189FC8D5A80197B56A5E700A8D2EF896341C961F2", "96539A35B42B77FDA9229502272A8919C72C93BF7DE16900CECB40C1DF7D5A4B", "97CA1EFED8DD02EF1F210587A1A7E536A5522287B65D578ECE7C8D3AAFBFAAA5", "9E1596BF3E1DC037215E2350FDB81881EDCE2CFB3D25FF3758DFC8E32A9F7CD9", "9E784F7DA3AC45712A757C2895CAB2ED940DFE2C11EA30A202F0A84AEFBDEBC5", "9EE2A2A76244AB36DD57115A1BA2CE358055D10D9DD6C1C5DC6DB4586793C9AB", "9F3A4D3D3968D6B816E9E228C328435F5647C85E34542030CA1FA338A0D0E13C", "9FF3831C7E22B3E484BB7DE6DD7B8208547ED4A9D05819AE0271A6E0BA3A8B5D", "A0B8D53AF066307D9450C78E32E16672B7EB98C4F5EA3955033F6BDEB182BCAB", "A10131AF2A1C92FBCA95D8CD6AD1DED5E4C1B28CA16592953EFF35B79B9C96BF", "A1C2FDDC97DA92C8D640554CB425464BADB8BA0B83C879D3365DD5825F6042AA", "A1CC6562C17E5EC673E948D2A2BDC81B95358B992FF6307244AB513E68831007", "A1DC37FA4715F53E6B67BED0395B239612C4AA4B7B5C07E1A9BB32348609AEE4", "A300040A976BD903CB98034503A98B3DF43F2D294FC41B6768B774085FE1C2DF", "A4AAF966E6409FFF7525805073744B884361ED71A4AB7F3753164F60382CE635", "A5EEA86379F5C7D3A1EE992802D0C7939167C5B685ED9FCA507342C3FDF2C7D8", "A61A7C03600BAEEA25554A618B0BBFBD3F094977AC0AA1CBB6157F65B3293484", "A7FA78453E195912E6E00177F5DEA438F5180FF8434F182B2A52925D99FC4649", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "ABCCAF0B5CA6E3BFA51CA38E50C57E88B8FF461AF2BA9174416F3B345A55C6B8", "AEDBB2CCFDA945F56DC3A62289286FE47002B310BE61E0143FB55B64A454AAF5", "AFFC7C2B1ABE9852D258219A53CFB1F17D149F2B1D35A4D17CD1C5151D6E156C", "B036BB2AE92C6EA938089791262C55ABDDFF792AB74CF2EB1E7FA2FEE8CC7C47", "B0EB6605C4CC12D6E8D36185E6ED609865C93114FCB684DE73EB6BEB035D90DB", "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "B35ABC7FD371B02FE816E9CAB206AD60BB04415672B80E8EBEA30794ED8D0160", "B3D45D2869A46128C141CB5B528583CD30585443FB237BA4D4B33436037C6E7C", "B526CAB1DCDE21FF18C6B51A82FBE7D2151C581A107178E0FC15F29D9F03CA71", "B57DE025F88A48D2EFA62FC54DC03536FA54843302611CD2E63D4779D4A54A67", "B92958E041283CAFD3A9E0E6A842B60E2AAC3D7DCA455FE3FE9A9B77179A9234", "B92EA974E17CD16DC28C5637663B29EE6FF6203496C28A0EF1F4DC7CB9202921", "BB34CDA6062011ADDEBD4318E4615ECEB868423BE5D12A887B5E380444020825", "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "BD16AD945811C7C5788FA310FE6EBE4BC8642CAB1164618F1CA91A84044B9A56", "BD1A3FB61CD3EE1C7BC03779DE4E8B49529819A9A99C701323C60D47481C2C9D", "BD8DD3308D253EE956C5F6A4D941A50CF207AE66C6870CF76C4D8043AF0AE082", "BF8FE1EB681CE789FD9BB533D39559C4D13FC948127F20C1DCCBE5379430A5F8", "BF95B675104E7D07FF9910517B62F5D708C3391BB8683BE1D3FB920E856A6E97", "BFDF12012C4F7AB15EA439C6A6D54D778E7D8C22F9B552F94B30F801A07D8619", "C00F8844211885243E98A13F4DA59C6FB7BE41737A2514C8E7E0B4D813315B79", "C0340F2CD3C15616C3BA231CD2EB6366CEEBABBCB28179D9F1C77DF02E46D643", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C32E6CDF5E2B63D069515E22D16A28819A2DD3401300A5396516F5B1D38A278F", "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "C712FA1CCF5B00DD1E6F1E9A1F6D0273DDB6A82A5F92E6EB5028F4E4D1FDF20A", "C85AE805DAE4BFB886E620D203691B28A85BA2DC3F369FF95D93339B02E74573", "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "C95A8B937A6CBD06A135F063B01796BA2018504C97160BD39408FE446C9A1F02", "C99E5638A3EC9056D8B7F87F4A09793E85C12B072C34891CCC39B09CE3397E7B", "C9DBEC674B465983601DD6E3ACB8651D25D19EC484A0A29BF634859B492C7ECC", "C9FB34DC4DD9D107AA44B9450C99B916BC840CD0F468825041F3DBD249EAC5CD", "CAB98DC8364C4A155470496DCC3DC7BDBAEBCD7BD42B5B8569CD716A73341965", "CB6B7C9BAEEC3A1289CC12A73332335312CE78BAB4B9A3C1E4B32CD7553DF048", "CD97A128A9AE077D44AF9E9B42CD245B0F22FFF6FFA6DCD3C8F11FB01E29E289", "CE226AE24A6E2D3DE67C38C0C6A7A613A0DDDDABCC8ACB8CAFB1CB1EE2157689", "CF522262D87F5B9763F1CC4CBAEE8D69CF8EAC24981BCFAA135D6302BFDDFDD3", "D09AA8FF89760BC7F43ADECCF6E7C45BBA97B978512C4C26BBA10ADABD6F0708", "D182CB632B33579A484CAA078DECBD4223A6DDEECE7EA8E1FDC5025F7DD813F3", "D1AFE8DF5160F7F66429CAC7472DFB3C1CDE36B34873FDBFD8D79F931C352114", "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "D472BB6070D3EAAA575EDD37698BF33CF68D69F2859D529D555F7ED693CF3311", "D6240400034A298813BFD7CEB1643211EFCAF06767C7860BA5B6E4F9B2C55421", "D711A9D04D2F5CD9E84441FDBAA690899A6DBCDAEE1DFEED368B1C62BB0F755F", "D80811561A68677D06BFD70B2628FE8A381824C7F24050B93727226A89B56CB4", "D9641593838413CDF7E5F10EF67A875480A6530BDAACC45767CC7E5625448B6D", "D9E893122D9CDF2BDC1963FA63AEF08CABCD2CBEF3DA16979E9838DE44F25804", "DA7DAD37948FEFED484A1FECA050CF1FA716DB1FE72EEAECF45F7D40D359FAC8", "DE61CF56AD0796A00528B0861C6C0A246E74C685E64843189E387E6635F982A0", "DE748301C4FF4EB59B2C16DC7443F92BC6B64BB243CD302369521927A09A6441", "DEFEFB2B26B8AC90E2498D0927E571DF52F00DC6BF2D8D922349E48989CEC0DF", "DF04888020AAF903C47A93822DC64E162157D9160B25F353A369685381FAC8CD", "E16BCF432F7F9141A9384A484C6328B7193F5BE727AABBDDB91CCCFD7FD7C6B8", "E1E17FC8FB3F66C5AD24B5EE11ED61EEB386830E53608FDA6A735CD954FE2F14", "E66BEA38ED79A970EA18FDFE0CFF622C04A1AB5532B08FA652DAFD9064216199", "E77CCFE6D6CC58175A34B687AC8FB6D98C54A96B27089F826FFB030B0B8A87F9", "E950067BD8E6649CFB412691BB96FCC6AAFBB758789F58BCEBE7A124E713B8D2", "E95D6D6467CF6AB55E48D5436835BBE42A101787A81CB1552431485054CE0D72", "E9BDE265DE0FAEC04CB8BE1CB2B1316155D19087735DBF92D77E629BCD124564", "E9CDC2AE12443FED73E3319BAB451F9CA59C2E1932A9AFC8B6229F07785579C5", "E9DE33B25DA7BFAB57F6CF55393E1F4B2F3963A8329764A6FDBC8D080C3DEAEA", "EA23335228049116A13B1E97DB58AC9A534249D115E1498DA3E57253B1728414", "EB75BB001082ED64F6F295C3004785BCD8F75E218451133709AECC28B2CD6F24", "EC9EBAD01E5D7B1B44261F48DA5AC2A864E6BAB51FFCDC4EDC0C0B1D8F397240", "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "EDFF6875873E3D3513A1B01513D19716118E11B19C57D07C181B8FD3CABCF593", "EE3B451E15B910EDFE019526EB15A47C13F289794DDAE5C56C0061680ED00903", "EE82CC9199B17C42AFAB6A595867BB134A888404DCD55A54E85A8AF6C63E4C6F", "EEB9516998DA2DF997DE0C8D2E430D0384019A1F0FB40AA3444928DDBC351E4B", "EF03F78CFD9649085D9C1597ADF2110383865BDB4CAE933F996DD6110490E00E", "F1042A9B630123E7C1D89397D91327FF1E0E75733E34CC098BDA91ECD2D353AC", "F1ECF74A0087969AEAB2A74D57C4E1ED4D9DC73748D06233229C4CC120CBD882", "F28698F6086818D1DF666F50F367A5081E053275E64E213A13954C45D6245218", "F2C8E4883F10811E81946AE2DFA2908C97E11E392EB4218ED7613EEDABF44BB8", "F3B3B320FC3C8E01B200030208A5935783A0EEB67EF939ADCCF9B03FA410D7C4", "F3DAB8567AF331C8A8360A693B97E286F43D555C7AE51BE5F8AFBCB6E6CB4EDF", "F563F5049032E59EAFDB9D7B8CE85564B12293FD638DE619281632A7B6B9B35B", "F6B3541EEFA36ECD398761520E531FA40B48E3275B7C8D31A42E5A645BBB6976", "F6D55409408E5F2A4A2D18C4374E3627633D2238456C250A4584C4F286A6ECCB", "F79BA4E357CB90CE069217655DB3D6CE7EF68F7A1B216115A6D8278F44302CF1", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FEA65BE2E457CC16801EC24C06D767370A4744239D4A4161B38A6F52330F9BB0", "FEAF899311408CA38E545D22EE9CBAF38F4A7C17D2B7549CDA42D6D309837179", "FF972FF475C6691212D41E145A91B62441337954697CD95DE31DD265512A07AD", "FFE28C886CCFDE5B966268C76FE0497BB831D4C7E71AFADA341A1164C3DF01BA", "FFEF65915DD801D408BA9D75900795F158A407B4735B5BF405076A2C35296696"]}, {"type": "kaspersky", "idList": ["KLA11178", "KLA11234"]}, {"type": "mageia", "idList": ["MGASA-2018-0104"]}, {"type": "nessus", "idList": ["700656.PRM", "700657.PRM", "AL2_ALAS-2018-949.NASL", "ALA_ALAS-2018-949.NASL", "ALA_ALAS-2018-974.NASL", "CENTOS_RHSA-2018-0095.NASL", "CENTOS_RHSA-2018-0349.NASL", "DEBIAN_DLA-1339.NASL", "DEBIAN_DSA-4144.NASL", "DEBIAN_DSA-4166.NASL", "EULEROS_SA-2018-1027.NASL", "EULEROS_SA-2018-1028.NASL", "EULEROS_SA-2018-1058.NASL", "EULEROS_SA-2018-1059.NASL", "F5_BIGIP_SOL44923228.NASL", "GENTOO_GLSA-201803-06.NASL", "IBM_JAVA_2018_01_16.NASL", "IBM_JAVA_2018_04_17.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0016_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0124_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0126_JAVA-1.8.0-OPENJDK.NASL", "OPENSUSE-2018-254.NASL", "OPENSUSE-2018-256.NASL", "ORACLELINUX_ELSA-2018-0095.NASL", "ORACLELINUX_ELSA-2018-0349.NASL", "ORACLE_JAVA_CPU_APR_2018.NASL", "ORACLE_JAVA_CPU_APR_2018_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_JAN_2018_UNIX.NASL", "ORACLE_JROCKIT_CPU_APR_2018.NASL", "ORACLE_JROCKIT_CPU_JAN_2018.NASL", "PHOTONOS_PHSA-2018-1_0-0101.NASL", "PHOTONOS_PHSA-2018-1_0-0101_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "PHOTONOS_PHSA-2018-1_0-0130_OPENJDK.NASL", "PHOTONOS_PHSA-2018-2_0-0013.NASL", "PHOTONOS_PHSA-2018-2_0-0013_OPENJDK8.NASL", "REDHAT-RHSA-2018-0095.NASL", "REDHAT-RHSA-2018-0099.NASL", "REDHAT-RHSA-2018-0100.NASL", "REDHAT-RHSA-2018-0115.NASL", "REDHAT-RHSA-2018-0349.NASL", "REDHAT-RHSA-2018-0351.NASL", "REDHAT-RHSA-2018-0352.NASL", "REDHAT-RHSA-2018-0458.NASL", "REDHAT-RHSA-2018-0521.NASL", "REDHAT-RHSA-2018-1203.NASL", "REDHAT-RHSA-2018-1205.NASL", "REDHAT-RHSA-2018-1463.NASL", "REDHAT-RHSA-2018-1721.NASL", "REDHAT-RHSA-2018-1722.NASL", "REDHAT-RHSA-2018-1723.NASL", "REDHAT-RHSA-2018-1724.NASL", "REDHAT-RHSA-2018-1812.NASL", "REDHAT-RHSA-2018-1974.NASL", "REDHAT-RHSA-2018-1975.NASL", "SL_20180117_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180226_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SUSE_SU-2018-0630-1.NASL", "SUSE_SU-2018-0645-1.NASL", "SUSE_SU-2018-0661-1.NASL", "SUSE_SU-2018-0663-1.NASL", "SUSE_SU-2018-0665-1.NASL", "SUSE_SU-2018-0694-1.NASL", "SUSE_SU-2018-0743-1.NASL", "SUSE_SU-2018-1447-1.NASL", "SUSE_SU-2018-1458-1.NASL", "SUSE_SU-2018-1738-1.NASL", "SUSE_SU-2018-1738-2.NASL", "SUSE_SU-2018-1764-1.NASL", "SUSE_SU-2018-1764-2.NASL", "SUSE_SU-2018-2068-1.NASL", "UBUNTU_USN-3613-1.NASL", "UBUNTU_USN-3614-1.NASL", "UBUNTU_USN-3644-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108368", "OPENVAS:1361412562310108370", "OPENVAS:1361412562310704144", "OPENVAS:1361412562310704166", "OPENVAS:1361412562310812637", "OPENVAS:1361412562310812639", "OPENVAS:1361412562310813098", "OPENVAS:1361412562310813307", "OPENVAS:1361412562310843490", "OPENVAS:1361412562310843491", "OPENVAS:1361412562310843522", "OPENVAS:1361412562310851714", "OPENVAS:1361412562310851717", "OPENVAS:1361412562310882830", "OPENVAS:1361412562310882831", "OPENVAS:1361412562310882845", "OPENVAS:1361412562310882846", "OPENVAS:1361412562310891339", "OPENVAS:1361412562310910002", "OPENVAS:1361412562311220181027", "OPENVAS:1361412562311220181028", "OPENVAS:1361412562311220181058", "OPENVAS:1361412562311220181059"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUJAN2018"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0095", "ELSA-2018-0349"]}, {"type": "osv", "idList": ["OSV:DLA-1339-1", "OSV:DSA-4144-1", "OSV:DSA-4166-1"]}, {"type": "photon", "idList": ["PHSA-2018-0013", "PHSA-2018-0130", "PHSA-2018-1.0-0101", "PHSA-2018-1.0-0130", "PHSA-2018-2.0-0013"]}, {"type": "redhat", "idList": ["RHSA-2018:0095", "RHSA-2018:0099", "RHSA-2018:0100", "RHSA-2018:0115", "RHSA-2018:0349", "RHSA-2018:0351", "RHSA-2018:0352", "RHSA-2018:0458", "RHSA-2018:0521", "RHSA-2018:1203", "RHSA-2018:1205", "RHSA-2018:1463", "RHSA-2018:1721", "RHSA-2018:1722", "RHSA-2018:1723", "RHSA-2018:1724", "RHSA-2018:1812", "RHSA-2018:1974", "RHSA-2018:1975"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-2579", "RH:CVE-2018-2602", "RH:CVE-2018-2603", "RH:CVE-2018-2633", "RH:CVE-2018-2637", "RH:CVE-2018-2657", "RH:CVE-2018-2663", "RH:CVE-2018-2677", "RH:CVE-2018-2678", "RH:CVE-2018-2783"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0679-1", "OPENSUSE-SU-2018:0684-1", "SUSE-SU-2018:0630-1", "SUSE-SU-2018:0645-1", "SUSE-SU-2018:0661-1", "SUSE-SU-2018:0663-1", "SUSE-SU-2018:0665-1", "SUSE-SU-2018:0694-1", "SUSE-SU-2018:0743-1"]}, {"type": "ubuntu", "idList": ["USN-3613-1", "USN-3614-1", "USN-3644-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2018-2579", "UB:CVE-2018-2602", "UB:CVE-2018-2603", "UB:CVE-2018-2633", "UB:CVE-2018-2637", "UB:CVE-2018-2657", "UB:CVE-2018-2663", "UB:CVE-2018-2677", "UB:CVE-2018-2678", "UB:CVE-2018-2783"]}]}, "epss": [{"cve": "CVE-2018-2579", "epss": "0.002290000", "percentile": "0.592960000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2602", "epss": "0.001190000", "percentile": "0.443930000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2603", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2633", "epss": "0.003780000", "percentile": "0.686640000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2637", "epss": "0.002460000", "percentile": "0.608030000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2657", "epss": "0.010280000", "percentile": "0.815520000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2663", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2677", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2678", "epss": "0.003330000", "percentile": "0.666010000", "modified": "2023-03-20"}, {"cve": "CVE-2018-2783", "epss": "0.001960000", "percentile": "0.557630000", "modified": "2023-03-20"}], "vulnersScore": 1.3}, "_state": {"score": 1684017862, "dependencies": 1677030493, "affected_software_major_version": 1677394894, "epss": 1679361349}, "_internal": {"score_hash": "0ca1ec224353e4756301024119bf2513"}, "affectedSoftware": [{"version": "any", "operator": "eq", "name": "ibm multi-enterprise integration gateway"}]}

{"ibm": [{"lastseen": "2023-02-21T05:55:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 versions 6, 7 and 8 used by IBM MQ. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n**_IBM MQ 9.0.0.x Long Term Support (LTS)_** \nMaintenance level 9.0.0.2 and earlier \n \n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nContinuous delivery update 9.0.4 and earlier \n \n**_IBM MQ 8.0 and IBM MQ Appliance 8.0_** \nMaintenance levels 8.0.0.8 and earlier \n \n**_WebSphere MQ 7.5_** \nMaintenance levels 7.5.0.8 and earlier \n \n**_WebSphere MQ 7.1_** \nMaintenance levels 7.1.0.8 and earlier\n\n## Remediation/Fixes\n\n**_IBM MQ 9.0.0.0_** \nApply fix pack [9.0.0.3](<http://www-01.ibm.com/support/docview.wss?uid=swg24044508>) \n \n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nUpgrade to [IBM MQ 9.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg24043463>) \n \n**_IBM MQ V8.0 and IBM MQ Appliance 8.0_** \nApply fix pack [8.0.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22015103>) \n \n**_Please note_**_: Users of MQ v8.0 on the HP-UX platform are advised that patches for these issues have not been released by the manufacturer for this JRE level (7.0) at this time. These updates will be published by IBM once available. _ \n \n**_WebSphere MQ 7.5_** \nApply iFix [IT23405](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.5&platform=All&function=aparId&apars=IT23405>) \n \n**_WebSphere MQ 7.1_** \nApply fix pack [7.1.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22010694>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:09:20", "id": "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "href": "https://www.ibm.com/support/pages/node/570791", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-27T17:41:42", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 used by IBM Tivoli System Automation Application Manager. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nIBM Tivoli System Automation Application Manager 4.1.0.0 \u2013 4.1.0.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the corresponding fix to IBM Tivoli System Automation Application Manager. To select the fix you need to apply in your environment, click on 'Download link' in the table below. \n \n* If you are running IBM Tivoli System Automation Application Manager 4.1, please apply interim fix \u201c4.1.0.1-TIV-SAAMR-<OS>-IF0007\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1. \n \n\n\n_Product_| _VRMF_| _APAR_ \n---|---|--- \nIBM Tivoli System Automation Application Manager| 4.1| [_Download Link_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+Application+Manager&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2023-01-17T17:34:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation Application Manager (CVE-2018-2633, CVE-2018-2603, CVE-2018-2657, CVE-2018-2637, CVE-2018-2602)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657"], "modified": "2023-01-17T17:34:08", "id": "FEA65BE2E457CC16801EC24C06D767370A4744239D4A4161B38A6F52330F9BB0", "href": "https://www.ibm.com/support/pages/node/711901", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-28T21:58:24", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2018-2663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\nConsult [Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22016291>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30 May 2018: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSTU9C\",\"label\":\"Jazz Reporting Service\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.0;5.0.1;5.0.2;6.0;6.0.1;6.0.2;6.0.3;6.0.4;6.0.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:28:28", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:28:28", "id": "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "href": "https://www.ibm.com/support/pages/node/571515", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:47:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and IBM\u00ae Runtime Environment Java\u2122 Version 7 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications v3.0 \n\nIBM Content Collector for SAP Applications v4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for SAP Applications| 3.0| Use IBM Content Collector for SAP Applications [Interim Fix 7](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=3.0.0.2&platform=All&function=all>) \nIBM Content Collector for SAP Applications| 4.0| Use IBM Content Collector for SAP Applications[ Interim Fix 1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=4.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T12:19:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T12:19:27", "id": "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "href": "https://www.ibm.com/support/pages/node/567875", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-28T22:14:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 and 7 that affect the WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [**CVE-2018-2579**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [**CVE-2018-2602**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [**CVE-2018-2603**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [**CVE-2018-2637**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [**CVE-2018-2633**](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance Version 2.5\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation / First Fix \n---|---|---|--- \nWebSphere DataPower XC10 Appliance V2.5 on appliance 7199-92X| Version 2.5 with SSD drivers ** \nImportant**: See [_More Information_](<http://www-01.ibm.com/support/docview.wss?uid=swg21682625>) link and follow instructions to determine if you have an old or newer SSD driver on your appliance using the `show ssd-version` command.| IT24699| Refer to the **Version 2.5** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \nWebSphere DataPower XC10 Appliance V2.5 virtual image| 2.5| IT24699| Refer to the **Version 2.5** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin](<http://www-01.ibm.com/support/docview.wss?uid=swg22012965>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n31 May 2018: original document published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSS8GR\",\"label\":\"WebSphere DataPower XC10 Appliance\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"General\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"2.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637"], "modified": "2018-06-15T07:09:23", "id": "B35ABC7FD371B02FE816E9CAB206AD60BB04415672B80E8EBEA30794ED8D0160", "href": "https://www.ibm.com/support/pages/node/571391", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:49:54", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. IBM WebSphere Application Server is shipped with IBM Security Key Lifecycle Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018. These may affect some configurations of IBM WebSphere Application Server Traditional. \n\n## Vulnerability Details\n\nPlease consult the security bulletin [_Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU_](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) for vulnerability details and information about fixes. \n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nIBM Security Key Lifecycle Manager (SKLM) v2.5 on distributed platforms | WebSphere Application Server v8.5.5 \nIBM Security Key Lifecycle Manager (SKLM) v2.6 on distributed platforms | WebSphere Application Server v8.5.5.7 \nIBM Security Key Lifecycle Manager (SKLM) v2.7 on distributed platforms | WebSphere Application Server v9.0.0.1 \nIBM Security Key Lifecycle Manager (SKLM) v3.0 on distributed platforms | WebSphere Application Server v9.0.0.5 \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T22:06:28", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects IBM Security Key Lifecycle Manager January 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637"], "modified": "2018-06-16T22:06:28", "id": "EDFF6875873E3D3513A1B01513D19716118E11B19C57D07C181B8FD3CABCF593", "href": "https://www.ibm.com/support/pages/node/569947", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:55:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6, 7 and 8 used by WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \u201cIBM Java SDK Security Bulletin\" page, located in the \u201cReferences\u201d section for more information. \n\n**CVEID:** [**CVE-2018-2579**](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [**CVE-2018-2602**](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [**CVE-2018-2603**](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [**CVE-2018-2637**](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [**CVE-2018-2633**](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nWebSphere Extreme Scale: 7.1.0 \nWebSphere Extreme Scale: 7.1.1 \nWebSphere Extreme Scale: 8.5.0 \nWebSphere Extreme Scale: 8.6.0 \nWebSphere Extreme Scale: 8.6.1\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| _Remediation/First Fix_ \n---|---|---|--- \nWebSphere Extreme Scale| 7.1.0.3| PI96734| Refer to the **Version 7.1** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \nWebSphere Extreme Scale| 7.1.1.1| PI96369| Refer to the **Version 7.1.1** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \nWebSphere Extreme Scale| 8.5.0.3| PI96369| Refer to the **Version ****8.5** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \nWebSphere Extreme Scale| 8.6.0.8| PI96369| Refer to the **Version 8.6** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \nWebSphere Extreme Scale| 8.6.1.2| PI96369| Refer to the **Version 8.6.1** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Extreme Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637"], "modified": "2018-06-15T07:09:23", "id": "9260A2B5C171726ABB7599EFA18CD6720BE53E97B9B70F6E8146B7284F097922", "href": "https://www.ibm.com/support/pages/node/571393", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:51:08", "description": "## Summary\n\nThere are vulnerabilities in IBM SDK Java\u2122 Technology Edition that is used by IBM Integration Designer in IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects IBM Integration Designer used in IBM Business Process Manager. \n\n * IBM Integration Designer 8.5.7.0\n * IBM Integration Designer 8.5.6.0\n * IBM Integration Designer 8.5.5.0\n * IBM Integration Designer 8.5.0.1\n \nFor prior versions of IBM Integration Designer, see this [technote](<http://www.ibm.com/support/docview.wss?uid=swg21999583>).\n\n## Remediation/Fixes\n\nTo fully mitigate these vulnerabilities, an additional fix (JR59259) is required for the following product versions: \n\n\n * [IBM Integration Designer V8.5.7.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.7.0-WS-IID-IFJR59259>)\n * [IBM Integration Designer V8.5.6.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.6.0-WS-IID-IFJR59259>)\n * [IBM Integration Designer V8.5.5.0](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.5.0-WS-IID-IFJR59259>)\n * [IBM Integration Designer V8.5.0.1](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.0.1-WS-IID-IFJR59259>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-23T04:04:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer used in IBM Business Process Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637"], "modified": "2018-06-23T04:04:33", "id": "389EBF171B9DE83E1047C34105889267C782818794E6572286A9BE544FEA9E28", "href": "https://www.ibm.com/support/pages/node/711785", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-27T17:53:44", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae Runtime Environment Java\u2122 used by IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n## Affected Products and Versions\n\nThe following levels of IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware are affected: \n\n\n * 4.1.0.0 through 4.1.6.4 \n\n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware Release _**\n\n| **_First Fixing VRMF Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n4.1| 4.1.6.5| Linux| [_http://www.ibm.com/support/docview.wss?uid=swg24044799_](<http://www.ibm.com/support/docview.wss?uid=swg24044799>) \n \nCustomers using older versions of the product (3.2 and below) should upgrade to a supported fixed version. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-02-01T11:19:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilites in IBM Java Runtime affect IBM Spectrum Protect Snapshot (formerly Tivoli Storage FlashCopy Manager) for VMware (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-2783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783"], "modified": "2022-02-01T11:19:59", "id": "BD1A3FB61CD3EE1C7BC03779DE4E8B49529819A9A99C701323C60D47481C2C9D", "href": "https://www.ibm.com/support/pages/node/570411", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 \nused by QRadar SIEM. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score:**3.70 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N \n \n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score:**4.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N \n \n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score:**4.80 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L \n \n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score:**4.50 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L \n \n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score:**5.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \n**CVSS Base Score:**8.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H \n \n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \n**CVSS Base Score:**7.40 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N \n \n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score:**5.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Not Applicable \n**CVSS Base Score:**4.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\n\n## Affected Products and Versions\n\nQRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4\n\nQRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \n_QRadar / QRM / QVM / QRIF / QNI_\n\n| \n\n_7.3.1 Patch 4_\n\n| \n\n_None_\n\n| [QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180720020816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n_QRadar / QRM / QVM / QRIF / QNI_\n\n| \n\n_7.2.8 Patch 11_\n\n| \n\n_None_\n\n| [QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20180416164940&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-15T16:28:10", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2678"], "modified": "2018-08-15T16:28:10", "id": "DEFEFB2B26B8AC90E2498D0927E571DF52F00DC6BF2D8D922349E48989CEC0DF", "href": "https://www.ibm.com/support/pages/node/719115", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:15", "description": "## Summary\n\nThere are multiple vulnerabilities related to IBM\u00ae Runtime Environment Java\u2122 Technology Edition which is used and shipped by different versions of IBM Rational License Key Server Administration and Reporting Tool Admin (ART) and Agent. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nThese vulnerabilities impact the following components and their releases: \n\n\n * RLKS Administration and Reporting Tool version 8.1.4.9\n * RLKS Administration and Reporting Tool version 8.1.5\n * RLKS Administration and Reporting Tool version 8.1.5.1\n * RLKS Administration and Reporting Tool version 8.1.5.2\n * RLKS Administration and Reporting Tool version 8.1.5.3\n \n\n\n * RLKS Administration Agent version 8.1.4.9\n * RLKS Administration Agent version 8.1.5\n * RLKS Administration Agent version 8.1.5.1\n * RLKS Administration Agent version 8.1.5.2\n * RLKS Administration Agent version 8.1.5.3\n\n## Remediation/Fixes\n\n \nUpgrade the RLKS Administration Agent to version 8.1.5.4. It can be downloaded through the following link. \n[IBM RLKS Administration And Reporting Agent 8154 on Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/Rational+Common+Licensing&release=All&platform=All&function=fixId&fixids=IBM_RLKS_Administration_And_Reporting_Agent_8154&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true>) \n \nUpgrade the RLKS Administration and Reporting Tool to version 8.1.5.4. It can be downloaded through the following link. \n[IBM RLKS Administration And Reporting Tool 8154 on Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?product=ibm/Rational/Rational+Common+Licensing&release=All&platform=All&function=fixId&fixids=IBM_RLKS_Administration_And_Reporting_Tool_8154&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:27:59", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM RLKS Administration and Reporting Tool Admin and Agent", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2633", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:27:59", "id": "84519CF7C0BC0BBF920A3B4993A25CB95A81E31AB442E7DBDE6518F330A967A1", "href": "https://www.ibm.com/support/pages/node/569113", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-06-28T22:12:26", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2657_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2678_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2677_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2663_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2588_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2579_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1417_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected: \nIBM InfoSphere Information Server: versions 9.1, 11.3, 11.5 and 11.7 \nIBM InfoSphere Information Server on Cloud: version 11.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server| 11.7| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR59198_ISF_services_engine_*>) \nInfoSphere Information Server, Information Server on Cloud| 11.5| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR59198_ISF_services_engine_*>) \nInfoSphere Information Server| 11.3| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR59198_ISF_services_engine_*>) \nInfoSphere Information Server| 9.1| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Upgrade to a new release \n \n## Workarounds and Mitigations\n\n**None**\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin_](<http://www.ibm.com/support/docview.wss?uid=swg22006695>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n08 May 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1;11.5;11.3;11.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1;11.5;11.3;11.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T14:19:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-16T14:19:47", "id": "274251E99258A9645E690CE61A163F27CE228E7CDE12E000F53A4CC38F801747", "href": "https://www.ibm.com/support/pages/node/569159", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 and Version 8 used by Rational Directory Server (Tivoli) and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Upgrade the JRE in order to resolve these issues. \n\n## Vulnerability Details\n\nRational Directory Server & Rational Directory Administrator are affected by the following vulnerabilities: \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nRational Directory Server (Tivoli) v5.2.1 iFix 13 and earlier. \n\nRational Directory Administrator v6.0.0.2 iFix 06 and earlier.\n\n## Remediation/Fixes\n\n1\\. Download one of the following IBM JREs supported versions that contain the fixes for these vulnerabilities: \n\n * [IBM Java Runtime Environment, Version 7 R1 Service Refresh 4 Fix Pack 20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-71SR4FP20&source=SAR>)\n * [IBM Java Runtime Environment, Version 8 Service Refresh 5 Fix Pack 10](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-8SR5FP10&source=SAR>)\n \n2\\. After downloading a fixed IBM JRE version, refer the following technote for JRE upgrade instructions: \n\n * [JRE Upgrade Instructions for Rational Directory Server (Tivoli) 5.2.1](<http://www-01.ibm.com/support/docview.wss?uid=swg22015993>)\n * [JRE Upgrade Instructions for Rational Directory Administrator 6.0.0.x](<http://www-01.ibm.com/support/docview.wss?uid=swg22016277>)\n_For versions of Rational Directory Server that are earlier than version 5.2.1, and Rational Directory Administrator versions earlier than 6.0.0.2, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:28:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:28:24", "id": "AFFC7C2B1ABE9852D258219A53CFB1F17D149F2B1D35A4D17CD1C5151D6E156C", "href": "https://www.ibm.com/support/pages/node/570643", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:51:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 and IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in January 2018\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Decision Optimization Center v3.9.0.1 and earlier\n\n## Remediation/Fixes\n\n**IBM ILOG ODM Enterprise** \nFrom v3.6 to v3.7.0.2: [IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+Optimization+Decision+Manager&release=All&platform=All&function=fixId&fixids=SDK6sr16fp60-DO-ODME-*&includeSupersedes=0>) and subsequent releases \n \n**IBM Decision Optimization Center** \nFrom v3.8 to v3.8.0.1: [IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+Optimization+Decision+Manager&release=All&platform=All&function=fixId&fixids=SDK6sr16fp60-DO-DOC-*&includeSupersedes=0>) and subsequent releases \n \nFrom v3.8.0.2: [IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+Optimization+Decision+Manager&release=All&platform=All&function=fixId&fixids=SDK7sr10fp20-DO-DOC-*&includeSupersedes=0>) and subsequent releases \n \n \nThe recommended solution is to download and install the IBM Java SDK as soon as practicable. \n \nBefore installing a newer version of IBM Java SDK, please ensure that you: \n\n * Close any open programs that you have running;\n * Rename the initial directory of the IBM Java SDK (for example: with a .old at the end),\n * Download and install IBM Java SDK.\n \n[Here are the detailed instructions](<http://www.ibm.com/support/docview.wss?uid=swg21691505>) for updating IBM Java SDK. \n \nYou must verify that applying this fix does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-16T14:19:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-16T14:19:22", "id": "F6B3541EEFA36ECD398761520E531FA40B48E3275B7C8D31A42E5A645BBB6976", "href": "https://www.ibm.com/support/pages/node/305211", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-11T15:34:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.5 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.5 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.5 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.5 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.5 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.5 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n**IMPORTANT CONSIDERATIONS:**\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [ Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www.ibm.com/support/docview.wss?uid=swg22013818>) to get the WAS remediation.\n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process: \n * * **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_\n * **Navigate to the server directory** in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions,_ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n**Windows:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"rem \" at the beginning of the line: \n \n**_Before modification:_** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_**_ ... \nAfter modification:_** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._ \n \n**Linux:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"# \" at the beginning of the line: \n \n**_Before modification:_** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_**_ ... \nAfter modification:_** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n \n \n \n\n * * **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup. _\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 5.0.2 or 6.0.2. Or optionally, upgrade to the latest 6.0.x version. \n \n2\\. Optionally, apply the latest ifix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * * * For the 6.0.5 release: **JRE 7.1.4.20****_(<product>-JavaSE-JRE-7.1SR4FP20_**) or **JRE 8.0.5.11****_(<product>-JavaSE-JRE-8.0SR5FP11_**) \n * [_Rational Collaborative Lifecycle Management 6.0.5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.5&platform=All&function=all>)\n * For the 6.0.2 release: **JRE 7.1.4.20****_(<product>-JavaSE-JRE-7.1SR4FP20_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases:\n * * IBM SDK Java\u2122 Technology Edition, Version 6 is no longer supported on distributed platforms. IBM Collaborative Lifecycle Management (CLM) products version 5.x use Java 6 and are affected. IBM highly recommends customers to upgrade to Extended Maintenance Release 6.0.2 for those wishing the stability and support of an EMR release, or to the latest 6.0.x version for those desiring the latest features. For additional details review: [Impact to CLM 5.x suite of products due to Java 6 EOS](<http://www.ibm.com/support/docview.wss?uid=swg22015069>)\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n5\\. Navigate to the server directory in your Rational product installation path, and go to jre/lib/security path. \n \n6\\. Open **_java.security_**_ _ file using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and remove MD5 option from the jdk.jar.disabledAlgorithms parameter set:\n\n * **_Before modification:_**\n\njdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024\n\n * **_After modification:_**\n\njdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology January 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-04-28T18:35:50", "id": "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "href": "https://www.ibm.com/support/pages/node/570815", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-06-28T21:58:35", "description": "## Summary\n\nIBM Tivoli Security Policy Manager (TSPM) is affected through IBM WebSphere Application Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a bulletin.\n\n## Vulnerability Details\n\n \nPlease consult the security bulletin [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) for vulnerability details and information about fixes. \n\n## Affected Products and Versions\n\n**Product Version**\n\n| **WebSphere version** \n---|--- \nTSPM 7.1| WAS V7.0 \nRTSS 7.1| WAS V7.0, V8.0 \n**Note:** TSPM is comprised of TSPM and Runtime Security Services (RTSS). \n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSNGTE\",\"label\":\"Tivoli Security Policy Manager\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {}, "published": "2018-06-16T22:06:14", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM Java\u00a0shipped with IBM Tivoli Security Policy Manager (CVE-2018-2633, CVE-2018-2603, CVE-2018-2602, CVE-2018-2637)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637"], "modified": "2018-06-16T22:06:14", "id": "638DAAB789BC1508C08C390197D91062796F4F37A18910C35F02B6C23B101700", "href": "https://www.ibm.com/support/pages/node/569067", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:49:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by IBM Security Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Security Guardium Data Redaction 2.5.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium Data Redaction | 2.5.1| [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=Guardium_DataRedaction_2.5.1_SecurityUpdate_2018-03-27&includeSupersedes=0&source=fc](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=Guardium_DataRedaction_2.5.1_SecurityUpdate_2018-03-27&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T22:05:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-16T22:05:27", "id": "6269AA76009AC220BE691BE4465167C63DA6A492C00534C7E1B1A174B173A102", "href": "https://www.ibm.com/support/pages/node/304083", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Process Designer in IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects IBM Business Automation Workflow V18.0.0.0, IBM Business Process Manager V7.5.0.0 through V8.6.0 2017.12, and WebSphere Lombardi Edition V7.2.0.0 through V7.2.0.5.\n\n## Remediation/Fixes\n\nThe Eclipse-based IBM Process Designer tool includes an instance of the IBM SDK Java\u2122 Technology Edition. In order to provide the fix for this development tool, install APAR JR59231 depending on your edition: \n\n\n * [_IBM Business Automation Workflow_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Business+Automation+Workflow&fixids=8.6.0.201803-WS-BPMPCPD-IFJR59231&source=dbluesearch&function=fixId&parent=ibm/WebSphere>)[](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Business+Process+Manager+Express&fixids=8.6.0.201712-WS-BPMPCPD-IFJR59231&source=SAR&function=fixId&parent=ibm/WebSphere>)\n * [_IBM Business Process Manager_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Business+Process+Manager+Express&fixids=8.6.0.201712-WS-BPMPCPD-IFJR59231&source=SAR&function=fixId&parent=ibm/WebSphere>)\n * [_IBM Business Process Manager Advanced_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Advanced&release=All&platform=All&function=aparId&apars=JR59231>)\n * [_IBM Business Process Manager Standard_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Standard&release=All&platform=All&function=aparId&apars=JR59231>)\n * [_IBM Business Process Manager Express_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+Business+Process+Manager+Express&release=All&platform=All&function=aparId&apars=JR59231>)\n * As WebSphere Lombardi Edition and IBM Business Process Manager V7.5 and V8.0 are out of general support, customers with a support extension contract can contact IBM support to request the JR59231 fix for download. \n \nIf you are on earlier unsupported releases, IBM strongly recommends to upgrade. \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Lombardi Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-15T07:09:12", "id": "97CA1EFED8DD02EF1F210587A1A7E536A5522287B65D578ECE7C8D3AAFBFAAA5", "href": "https://www.ibm.com/support/pages/node/569581", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7.0.10.10 used by IBM MQ Internet Pass Thru. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n** ** \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 10 and earlier releases provided by WebSphere MQIPT 2.1 on all platforms. \n\n## Remediation/Fixes\n\nA JRE update for MQIPT 2.1.0.4 contains fixes for these vulnerabilities and can be downloaded from the[ MS81: WebSphere MQ Internet Pass-Thru](<http://www.ibm.com/support/docview.wss?uid=swg24006386>) SupportPac page, via the Download package link. \n \nUsers can follow the instructions contained in[ Instructions for manually updating the JRE within an MQIPT V2.1 Installation](<http://www.ibm.com/support/docview.wss?uid=swg21678663>). \n \n**_Please note_**_: Users of MQIPT v2.1 on the HP-UX platform are advised that patches for these issues have not been released by the manufacturer for this JRE level (7.0) at this time. These updates will be published by IBM when they are available. _\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Internet Pass Thru", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-15T07:09:20", "id": "CB6B7C9BAEEC3A1289CC12A73332335312CE78BAB4B9A3C1E4B32CD7553DF048", "href": "https://www.ibm.com/support/pages/node/570795", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:53:03", "description": "## Summary\n\nMultiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n \nThese issues are also addressed by WebSphere Application Server Network Deployment shipped with WebSphere Service Registry and Repository.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository V8.5 and V8.0 and WebSphere Service Registry and Repository Studio V8.5 are affected.\n\n## Remediation/Fixes\n\nFor all releases of WebSphere Service Registry and Repository Studio, upgrade to WebSphere Service Registry and Repository Studio [V8.5.6.1_IJ04332](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Service+Registry+and+Repository&fixids=8.5.6.1-WS-WSRR-Studio-MultiOS-IFIJ04332>) \n \nFor WebSphere Service Registry and Repository the issues are addressed by WebSphere Application Server. \n \n\n\nPrincipal Product and Version(s) \n\n| \n\nAffected Supporting Product and Version \n \n---|--- \n \nWebSphere Service Registry and Repository V8.5\n\n| \n\nWebSphere Application Server V8.5.5 \n \nWebSphere Service Registry and Repository V8.0\n\n| \n\nWebSphere Application Server V8.0 \n \n \nRefer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository: \n \n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www.ibm.com/support/docview.wss?uid=swg22013818>)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:08:56", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities identified in IBM\u00ae Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-15T07:08:56", "id": "7522CD8CB1AFE55A09F63CACF58383B78DC2861D1D1C3725F33F297A8DFB7D84", "href": "https://www.ibm.com/support/pages/node/305131", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:50:06", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8.0.5.7 and earlier that is used by IMS\u2122 Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.3.1 and earlier.\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| **_Download URL_** \n---|---|---|--- \n \n_IMS Enterprise Suite Explorer for Development V3.3_\n\n| \n\n_3.3.1.5_\n\n| \n\n_N/A_\n\n| [_https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/_](<https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/>) \n \n_IMS Enterprise Suite Explorer for Development V3.2_\n\n| _ 3.2.1.14_| \n\n_N/A_\n\n| [_https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/_](<https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/>) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-06-01T13:05:44", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java SDK affects IMS\u2122 Enterprise Suite: Explorer for Development (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633 ).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2022-06-01T13:05:44", "id": "11D42FCCA543C310105E4C09B5FD7242F7016922EADE66CB796861721CAC1D79", "href": "https://www.ibm.com/support/pages/node/569533", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Java Runtime Environment, Versions 7 and 8 that are used by Rational Publishing Engine.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n## Affected Products and Versions\n\nRational Publishing Engine 2.1.0 \nRational Publishing Engine 2.1.1 \nRational Publishing Engine 2.1.2 \nRational Publishing Engine 6.0.5\n\n## Remediation/Fixes\n\nFor Rational Publishing Engine 6.0.5, upgrade the IBM Java Runtime environment used with Rational Publishing Engine to version 8.0.5.10, which can be downloaded from: \n \n[_Rational-RPE-JavaSE-JRE-8.0SR5FP10 _](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Publishing+Engine&fixids=Rational-RPE-JavaSE-JRE-8.0SR5FP10&source=SAR>) \n \nFor Rational Publishing Engine 2.1.0, 2.1.1 and 2.1.2 versions, upgrade the IBM Java Runtime environment used with Rational Publishing Engine to version 7.1.4.20, which can be downloaded from: \n \n[_Rational-RPE-JavaSE-JRE-7.1SR4FP20 _](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Publishing+Engine&fixids=Rational-RPE-JavaSE-JRE-7.1SR4FP20&source=SAR>) \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-17T05:28:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime affect Rational Publishing Engine", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2663"], "modified": "2018-06-17T05:28:02", "id": "E77CCFE6D6CC58175A34B687AC8FB6D98C54A96B27089F826FFB030B0B8A87F9", "href": "https://www.ibm.com/support/pages/node/569507", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:43:55", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6, 7 used by IBM Tivoli Netcool Impact. IBM Tivoli Netcool Impact has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Tivoli Netcool Impact 6.1.0.0 - 6.1.0.4 Interim Fix 1 \nIBM Tivoli Netcool Impact 6.1.1.0 - 6.1.1.5 Interim Fix 2 \nIBM Tivoli Netcool Impact 7.1.0.0 - 7.1.0.12\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Netcool Impact | _7.1.0.13_| _None_| [IBM Tivoli Netcool Impact 7.1.0 FP13](<http://www-01.ibm.com/support/docview.wss?uid=swg24044546>) \n \nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact. \n \nPrincipal Product and Version(s)| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Netcool Impact 6.1.0 \nIBM Tivoli Netcool Impact 6.1.1| IBM WebSphere Application Server 7.0| [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) \n \n**Please also note the**** **[**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>)** ****from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the**** **[**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>)**. ****If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:51:46", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Netcool Impact", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637"], "modified": "2018-06-17T15:51:46", "id": "B92EA974E17CD16DC28C5637663B29EE6FF6203496C28A0EF1F4DC7CB9202921", "href": "https://www.ibm.com/support/pages/node/571201", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:55:06", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \n\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of Liberty for Java in IBM Cloud up to and including v3.18.\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.19-20180313-1017[](<https://cf-jenkins.rtp.raleigh.ibm.com/files/OERuntimeMileStone/LibertyBuildpack/v3.9/20170419-1403/bluemix_files/>) or higher, you must re-stage or re-push your application. \n \nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands: \n \n**cf ssh <appname> -c cat \"staging_info.yml\"** \n \nLook for the following lines: \n \n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-18.0.0_1, buildpack-v3.19-20180313-1017, ibmjdk-1.8.0_20180214, env)\",\"start_command\":\".liberty/initial_startup.rb\"} \n \nTo re-stage your application using the command-line Cloud Foundry client, use the following command: \n \n**cf restage <appname>** \n \nTo re-push your application using the command-line Cloud Foundry client, use the following command: \n \n**cf push <appname>**\n\n## Workarounds and Mitigations\n\nnone.\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg22012965>) _ \n_[_IBM Java SDK Version 8 bundled with WebSphere Application Server _](<https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/covr_javase6_eos.html>)_ \n_[_IBM Java SDKs for WebSphere Liberty_](<http://www-01.ibm.com/support/docview.wss?uid=swg27049903>) _ \n_[_IBM SDK Java Technology Edition Version 8.0 for WebSphere Liberty using archives_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043502>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n06 April 2018: original document published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS4JBE\",\"label\":\"Liberty for Java for IBM Cloud\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:11", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects Liberty for Java for IBM Cloud January 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637"], "modified": "2018-06-15T07:09:11", "id": "E9CDC2AE12443FED73E3319BAB451F9CA59C2E1932A9AFC8B6229F07785579C5", "href": "https://www.ibm.com/support/pages/node/569209", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-28T22:13:28", "description": "## Summary\n\nThe IBM Emptoris Strategic Supply Management suite of products are affected by multiple security vulnerabilities that exist in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. The security bulletin includes issues that were disclosed as part of the IBM Java SDK updates in January 2018. \nThe IBM Emptoris Strategic Supply Management Suite of products include IBM Emptoris Contract Management, IBM Emptoris Spend Analysis, IBM Emptoris Program Management, IBM Emptoris Strategic Supply Management, IBM Emptoris Supplier Lifecycle Management and IBM Emptoris Sourcing.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2603_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2579_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2637_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Emptoris Strategic Supply Management 10.0.0 through 10.1.3.12 \nIBM Emptoris Sourcing 10.0.0 through 10.1.3.12 \nIBM Emptoris Contract Management 10.0.0 through 10.1.3.12 \nIBM Emptoris Spend Analysis 10.0.0 through 10.1.3.12 \nIBM Emptoris Program Management 10.0.0 through 10.1.3.12 \nIBM Emptoris Services Procurement 10.0.0 through 10.1.1.0\n\n## Remediation/Fixes\n\nAn interim fix has been issued for the IBM WebSphere Application Server (WAS) which will upgrade the IBM Java Development Kit to a version which addresses this vulnerability. Customers running any of the IBM Emptoris products listed below should apply the interim fix to all IBM WebSphere Application Server installations that are used to run IBM Emptoris applications. Please refer to [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) for details. \n \nSelect the appropriate WebSphere Application Server fix based on the version being used for IBM Emptoris product version. The following table lists the IBM Emptoris application versions along with the corresponding required version of IBM WebSphere Application Server and a link to the corresponding fix version where further installation instructions are provided. \n \n\n\n**Emptoris Product Version**\n\n| \n\n**WAS Version**\n\n| \n\n**Java Version**\n\n| \n\n**Remediation** \n \n---|---|---|--- \n10.0.0.x, 10.0.1.x| \n\n8.5.0.x\n\n| \n\nJava 6\n\n| Apply Interim Fix [PI93099](<http://www-01.ibm.com/support/docview.wss?uid=swg24044594>) \n10.0.2.x , 10.0.4| \n\n8.5.5.x\n\n| \n\nJava 6 \n \n10.1.x| \n\n8.5.5.x\n\n| \n\nJava 7\n\n| Apply Interim Fix [PI93096](<http://www-01.ibm.com/support/docview.wss?uid=swg24044592>) \n \n**Note** : Please refer to [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) for details. \n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n3 May 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRC7\",\"label\":\"Emptoris Supplier Lifecycle Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T20:13:47", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect IBM Emptoris Strategic Supply Management Suite of Products and IBM Emptoris Services Procurement", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637"], "modified": "2018-06-16T20:13:47", "id": "0AEB7D4827941D8E704F9E705114348E917D0ACB57155368AEDD133A33BC5D78", "href": "https://www.ibm.com/support/pages/node/570499", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:52:53", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\nFor information on the IBM Java SDK that is now bundled with WebSphere Application Server Version 8.5.5 refer to the Knowledge Center link in the References section. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.2.5.0\n\n## Remediation/Fixes\n\nPlease see the [IBM Java SDK Security Bulletin for WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) to determine which WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-1801 can be used to apply the January SDK iFixes in a PureApplication Environment. \n\nDownload the interim fix [1.0.0.0-WS-WASPATTERNS-JDK-1801. ](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-1801&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:08:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU that is bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637"], "modified": "2018-06-15T07:08:56", "id": "02B33E907CBC3B0E0EB8668DD12FA56455943967110D9514CE452B7FC178C03F", "href": "https://www.ibm.com/support/pages/node/305123", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:39:52", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\n \nFor information on the IBM Java SDK that is now bundled with WebSphere Application Server Version 8.5.5 refer to the Knowledge Center link in the References section. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \nHP fixes are on a delayed schedule. \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Editions shipped with WebSphere Application Server Liberty up to 18.0.0.1. IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Traditional Version 9.0.0.0 through 9.0.0.7, 8.5.0.0 through 8.5.5.13, Version 8.0.0.0 through 8.0.0.14, Version 7.0.0.0 through 7.0.0.43.\n\n * This _does not occur_ on IBM SDK, Java Technology Editions that are shipped with WebSphere Application Servers Fix Packs 18.0.0.2, 9.0.0.8, 8.5.5.14, 8.0.0.15, and 7.0.0.45 or later.\n\n## Remediation/Fixes\n\nDownload and apply the interim fix APARs below, for your appropriate release \n \n**For the IBM Java SDK updates: \n \nFor WebSphere Application Server Liberty:** \nFor the IBM SDK, Java Technology Version that you use, upgrade to WebSphere Application Server Liberty Fix Packs as noted below or later fix pack level and apply one of the interim fixes below:\n\n * Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.1 or later then apply Interim Fix [PI93100](<http://www-01.ibm.com/support/docview.wss?uid=swg24044603>) : Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60\n * Upgrade to WebSphere Application Server Liberty Fix Pack 8.5.5.1 or later then apply Interim Fix [PI93098](<http://www-01.ibm.com/support/docview.wss?uid=swg24044593>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24041667>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041197>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040406>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039958>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039665>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039312>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038810>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038089>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037534>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037709>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 FP20\n * For IBM SDK, Java Technology Edition Version 7R1 and IBM SDK, Java Technology Edition Version 8, please refer to [_IBM Java SDKs for Liberty_](<http://www-01.ibm.com/support/docview.wss?uid=swg27049903>) \n**\\--OR--**\n * Apply IBM Java SDK shipped with WebSphere Application Server Liberty (18.0.0.2) or later. \n\n\n**For Version 9 WebSphere Application Server Traditional:**\n\nUpdate the IBM SDK, Java Technology Edition using the instructions in the IBM Knowledge Center [_Installing and updating IBM SDK, Java Technology Edition on distributed environments_](<http://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.0/com.ibm.websphere.installation.base.doc/ae/tins_installation_jdk.html>) then use the IBM Installation manager to access the [_online product repositories _](<http://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.0/com.ibm.websphere.installation.base.doc/ae/cins_repositories.html>) to install the SDK or use IBM Installation manager and access the [_packages from Fixcentral_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042430>) .\n\n \n**For V8.5.0.0 through 8.5.5.13 WebSphere Application Server Traditional and WebSphere Application Server Hypervisor Edition:**\n\nFor information on the IBM Java SDK that is now bundled with WebSphere Application Server Version 8.5.5 refer to the Knowledge Center link in the References section.\n\nUpgrade to WebSphere Application Server Traditional Fix Packs as noted below or later fix pack level and then apply one or more of the interim fixes below:\n\n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.1 or later then apply Interim Fix [PI93099](<http://www-01.ibm.com/support/docview.wss?uid=swg24044594>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044234>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043902>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043636>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043321>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60\n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.1 or later then apply Interim Fix [PI93098](<http://www-01.ibm.com/support/docview.wss?uid=swg24044593>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044230>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043898>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043628>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042554>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042119>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039958>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039665>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039312>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038810>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038089>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037534>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037709>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 FP20\n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.2 or later then apply Interim Fix [PI93096](<http://www-01.ibm.com/support/docview.wss?uid=swg24044592>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044231>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043899>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043627>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041671>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041194>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040407>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040157>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039961>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039687>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039311>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038809>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038165>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>)Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 FP20\n * Upgrade to WebSphere Application Server Traditional Fix Pack 8.5.5.9 or later then apply Interim Fix [PI93093](<http://www-01.ibm.com/support/docview.wss?uid=swg24044574>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044232>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043900>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043624>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042939>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042552>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042111>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040158>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 FP10\n * For environnments that have been upgraded to use the new default IBM SDK Version 8 bundled with WebSphere Application Server Fix Pack 8.5.5.11 or later: Apply Interim Fix [PI93094](<http://www-01.ibm.com/support/docview.wss?uid=swg24044576>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044233>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043901>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043625>)Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 FP10\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 14 (8.5.5.14) or later.\n \n \n**For V8.0.0.0 through 8.0.0.14 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Fix Pack 8.0.0.7 or later then apply the interim fix below:\n\n * Apply Interim Fix [PI93101](<http://www-01.ibm.com/support/docview.wss?uid=swg24044600>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044236>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043904>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043640>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 [](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>)Fix Pack 60\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 14 (8.0.0.15) or later.\n \n**For V7.0.0.0 through 7.0.0.43 WebSphere Application Server and WebSphere Application Server Hypervisor Edition:**\n\nUpgrade to WebSphere Application Server Fix Pack 7.0.0.31 or later then apply the interim fix below:\n\n * Apply Interim Fix [PI93102](<http://www-01.ibm.com/support/docview.wss?uid=swg24044601>) : [](<http://www-01.ibm.com/support/docview.wss?uid=swg24044237>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043905>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24043641>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6 Service Refresh 16[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) Fix Pack 60\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 45 (7.0.0.45) or later.\n \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of the product.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-02-19T17:40:02", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637"], "modified": "2019-02-19T17:40:02", "id": "88599A3167DAF0B38AEE5154E5F81518BD3B06894F8280285C78D3C880CEDF91", "href": "https://www.ibm.com/support/pages/node/304909", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:44:01", "description": "## Summary\n\nEmbedded Websphere Application Server (eWAS) v7.0.x is shipped as a component of Tivoli Integrated Portal (TIP v2.1 and v2.2). The version of eWAS has been affected by multiple security vulnerabilities, as described below. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nTivoli Integrated Portal version 2.1.0 - 2.1.0.5 \nTivoli Integrated Portal version 2.2.0.0 - 2.2.0.19\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Integrated Portal version \n\n2.1.0 - 2.1.0.5 \n\n2.2.0 - 2.2.0.19\n\n| embedded Websphere Application Server version 7.0.x| [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) \n \nThe Websphere security bulletin above provides a link to the required iFix to remediate the vulnerability. However, the iFix requires either eWAS 7.0.0.31 or higher installed. \n \nTIP does not support upgrading Websphere fixpack independently. TIP 2.2.0.15 or TIP 2.2.0.17 or TIP 2.2.0.19 must be applied which will upgrade eWAS to 7.0.0.31 and above. Once TIP FP has been applied, the Websphere iFix can be applied as described in the Websphere bulletin. \n\n## Workarounds and Mitigations\n\nPlease refer to WAS iFix as described above\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:51:19", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in IBM\u00ae Java SDK which affects Websphere Application Server shipped with Tivoli Integrated Portal", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637"], "modified": "2018-06-17T15:51:19", "id": "2ACCDB7662F05E9499D68A18532E3ACD04381CC0EA741B99E98951C49C144F08", "href": "https://www.ibm.com/support/pages/node/570143", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:41:32", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6.0, 6.1, 7.0, 7.1, and 8.0 that is bundled along with IBM Rational Build Forge. \n\n## Vulnerability Details\n\n**CVEID: **[_CVE-201__8-2633_](<https://vulners.com/cve/CVE-2018-2633>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \n**CVSS Base Score**: 8.3 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \n**CVSS Environmental Score***: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score**: 5.3 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID**: [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score**: 3.7 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score. \n**CVSS Environmental Score***: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID**: [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score**: 4.5 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L). \n \n**CVEID**: [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \n**CVSS Base Score**: 7.7 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). \n \n**CVEID**: [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION**: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \n**CVSS Base Score**: 7.4 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score. \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).\n\n## Affected Products and Versions\n\nIBM Rational Build Forge 8.0 to 8.0.0.7.\n\n## Remediation/Fixes\n\nApply the correct fix pack or iFix for your version of Build Forge:\n\n**Affected Version** | **Fix** \n---|--- \nBuild Forge 8.0 - 8.0.0.7 | Rational Build Forge 8.0.0.8 [Download](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=RationalBuildForge-8.0.0.8&source=SAR>). \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-04-20T14:40:53", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Runtime Environment Java affect Rational Build Forge (CVE-2018-2633, CVE-2018-2603, CVE-2018-2579, CVE-2018-2602, CVE-2018-2794, and CVE-2018-2783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783", "CVE-2018-2794"], "modified": "2020-04-20T14:40:53", "id": "9E784F7DA3AC45712A757C2895CAB2ED940DFE2C11EA30A202F0A84AEFBDEBC5", "href": "https://www.ibm.com/support/pages/node/711777", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:32", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6, 7, and 8, which are used by IBM Rational ClearCase. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137833](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n## Affected Products and Versions\n\nIBM Rational ClearCase versions 8 and 9 in the following components:\n\n * CCRC WAN server/CM Server component, when configured to use SSL\n * ClearCase remote client: CCRC/CTE GUI, rcleartool, and CMAPI clients\n\n**ClearCase version**\n\n| \n\n**Status** \n \n---|--- \n \n9.0.1 through 9.0.1.3\n\n| \n\nAffected \n \n9.0 through 9.0.0.6\n\n| \n\nAffected \n \n8.0 through 8.0.0.21 | Affected \n8.0.1 through 8.0.1.17 | Affected \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS). \n \n**CCRC Client fixes**\n\n * Apply the relevant fixes as listed in the table below. \n\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.1 through 9.0.1.3 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearCase Fix Pack 4 (9.0.1.4) for 9.0.1](<http://www.ibm.com/support/docview.wss?&uid=swg24045018>) \n \n8.0.1 through 8.0.1.17 \n8.0 through 8.0.0.21\n\n| Install [Rational ClearCase Fix Pack 18 (8.0.1.18) for 8.0.1](<http://www.ibm.com/support/docview.wss?&uid=swg24045016>) \n_For 7.0, 7.1, 8.0, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._ \n**Notes:**\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), or you use rcleartool or CMAPI using a Java\u2122 Virtual Machine not supplied by IBM as part of Rational ClearCase, you should update the Java\u2122 Virtual Machine that you use to include a fix for the above issues. Contact the supplier of your Java\u2122 Virtual Machine and/or the supplier of your Eclipse shell.\n\n**CCRC WAN server fixes**\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n9.0.0.x \n9.0.1.x \n8.0.1.x \n8.0.0.x | Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n * 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletins: \n \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server April 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22016282>) \n \nand apply the latest available fix for the version of WAS used for CCRC WAN server.\n * **Note: **there may be newer security fixes for WebSphere Application Server. Follow the link below (in the section \"", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-09T16:38:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2018-2633, CVE-2018-2603, CVE-2018-2579, CVE-2018-2602, CVE-2018-2794, & CVE-2018-2783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783", "CVE-2018-2794"], "modified": "2018-08-09T16:38:50", "id": "5B90DBC6B1931AFFD4193FFD091D072FC75CCFD3F30FCD4F2360610AA351D363", "href": "https://www.ibm.com/support/pages/node/717207", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:51:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 that is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018. UPDATED: 6/14/2018 to add IBM Java SDK updates for April 2018 - CVE-2018-2783.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-10356_](<https://vulners.com/cve/CVE-2017-10356>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133785_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133785>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n## Affected Products and Versions\n\nThe following versions of the IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V are affected: \n\n * 8.1.0.0 through 8.1.4.0\n * 7.1.0.0 through 7.1.8.0\n \n\n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect (Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V Release_**\n\n| **_First \nFixing \nVRM Level_**| **_Platform_**| **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n8.1| 8.1.4.2| Windows| Install the IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V 8.1.4.2 fix using the following link: \n<http://www.ibm.com/support/docview.wss?uid=swg24044927> \n7.1| \n| Windows| Install the IBM Spectrum Protect Client 7.1.8.3 fix or higher using the following link: \n[](<http://www.ibm.com/support/docview.wss?uid=swg24044550>)<http://www.ibm.com/support/docview.wss?uid=swg24044550> \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-23T05:57:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10356", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783"], "modified": "2018-06-23T05:57:15", "id": "B57DE025F88A48D2EFA62FC54DC03536FA54843302611CD2E63D4779D4A54A67", "href": "https://www.ibm.com/support/pages/node/711835", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:31", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 6, 7, and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See[ _https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION: **An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest version 8 and 9 in the following components:\n\n * ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.\n * ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.\n\n**ClearQuest version**\n\n| \n\n**Status** \n \n---|--- \n \n9.0.1 through 9.0.1.3\n\n| \n\nAffected \n \n9.0 through 9.0.0.6\n\n| \n\nAffected \n \n8.0 through 8.0.0.21 | Affected \n8.0.1 through 8.0.1.17 | Affected \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS).\n\n**ClearQuest Eclipse Clients** \nApply the relevant fixes as listed in the table below.\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.1 through 9.0.1.3 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearQuest Fix Pack 4 (9.0.1.4) for 9.0.1](<http://www.ibm.com/support/docview.wss?&uid=swg24045017>) \n \n8.0.1 through 8.0.1.17 \n8.0 through 8.0.0.21\n\n| Install [Rational ClearQuest Fix Pack 18 (8.0.1.18) for 8.0.1](<http://www.ibm.com/support/docview.wss?&uid=swg24045015>) \n \n_For 7.0, 7.1, 8.0, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**ClearQuest Web/CQ OSLC Server/CM Server Component**\n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server April 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22016282>) \nand apply the latest available fix for the version of WAS used for CM server.\n\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link below (in the section \"", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-09T16:40:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783", "CVE-2018-2794"], "modified": "2018-08-09T16:40:25", "id": "EB75BB001082ED64F6F295C3004785BCD8F75E218451133709AECC28B2CD6F24", "href": "https://www.ibm.com/support/pages/node/718367", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:43:57", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.6, and Version 7 that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin: \n \n-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.2.3 Fix Pack 5 and 6.3.0 through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-2602 only) \n-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.2.3 Fix Pack 5 (JRE 1.6) and 6.3.0 throught 6.3.0 Fix Pack 7 (JRE 7) (All CVE's listed) \n \n\n\n## Remediation/Fixes\n\n**_Java (TEP) Remediation:_** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix below provides updated JRE packages for the portal server which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients. \n \n\n\n**_Fix_**| **_VRMF_**| **_How to acquire fix_** \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20180512| 6.2.3 FP1 through 6.3.0 FP7| <http://www.ibm.com/support/docview.wss?uid=swg24044851> \n \n \n \n**_Java (CANDLEHOME) Remediation:_** \nThe patch below should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows). \n \n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20180512| 6.2.3 through 6.3.0 FP7| <http://www.ibm.com/support/docview.wss?uid=swg24044852> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:51:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T15:51:34", "id": "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "href": "https://www.ibm.com/support/pages/node/570667", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-05-27T17:41:38", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.0 to 4.1.0.3. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018. \n \nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM Tivoli System Automation for Multiplatforms 4.1.0.4. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM Tivoli System Automation for Multiplatforms 4.1.0.0 \u2013 4.1.0.4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on 'Download link' in the table below. \n \n* If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.0 - 4.1.0.3, please apply interim fix \u201c4.1.0.3-TIV-ITSAMP-<OS>-IF004\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version between 4.1.0.0 to 4.1.0.3. \n \n* If you are running IBM Tivoli System Automation for Multiplatforms 4.1.0.4, please apply interim fix \u201c4.1.0.4-TIV-ITSAMP-<OS>-IF001\u201d where <OS> represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of 4.1.0.4. \n \n\n\n_Product_| _VRMF_| _APAR_ \n---|---|--- \nIBM Tivoli System Automation for Multiplatforms| 4.1| [_Download Link_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+for+Multiplatforms&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2023-01-17T17:34:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2633, CVE-2018-2603, CVE-2018-2657)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2657"], "modified": "2023-01-17T17:34:08", "id": "D09AA8FF89760BC7F43ADECCF6E7C45BBA97B978512C4C26BBA10ADABD6F0708", "href": "https://www.ibm.com/support/pages/node/711905", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:43:54", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition and IBM\u00ae Runtime Environment Java\u2122 that are used by IBM Workload Scheduler. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID**: [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION**: An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID**: [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION**: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID**: [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION**: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Workload Scheduler is potentially impacted by the listed vulnerabilities since they potentially affect secure communications between eWAS and subcomponents. \n \nThe affected version is: \nTivoli Workload Scheduler Distributed 8.6.0 \nTivoli Dynamic Workload Console 8.6.0\n\n## Remediation/Fixes\n\nIBM has provided patches for all embedded WebSphere versions. \n \nFollow the instructions in the link below to install the fixes for eWAS 7.0.0.39 that is embedded in TWS 8.6 fixpack 04 : \n \n<http://www-01.ibm.com/support/docview.wss?uid=swg22013818> \n \nThe fixes can be applied on top of TWS version 8.6 only after TWS 8.6 fixpack 04 has been installed. \n \n_For__ unsupported versions, releases or platforms__ IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:51:46", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Workload Manager (CVE-2018-2633 CVE-2018-2603 CVE-2018-2579 CVE-2018-2637 and CVE-2018-2588)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637"], "modified": "2018-06-17T15:51:46", "id": "A4AAF966E6409FFF7525805073744B884361ED71A4AB7F3753164F60382CE635", "href": "https://www.ibm.com/support/pages/node/571171", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-28T22:09:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6 used by Tivoli Composite Application Manager for SOA. Tivoli Composite Application Manager for SOA has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nCVEID: [_CVE-2018-2579_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2603_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2633_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager for SOA 7.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Composite Application Manager for SOA| 7.2.0.1| IJ05327| [7.2.0.1-TIV-ITCAMSOA-IF00012](<https://www.ibm.com/support/docview.wss?rs=0&uid=isg400003852>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n_Complete CVSS v3 Guide_\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n12 April 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SS3PHK\",\"label\":\"Tivoli Composite Application Manager for SOA\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Component\":\"ITCAM for SOA (Dist)\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"7.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:50:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-17T15:50:47", "id": "EC9EBAD01E5D7B1B44261F48DA5AC2A864E6BAB51FFCDC4EDC0C0B1D8F397240", "href": "https://www.ibm.com/support/pages/node/569165", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:49:30", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8.0.5.7 used by Rational Asset Analyzer (RAA). These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Asset Analyzer (RAA) | Affected Versions \n---|--- \nRational Asset analyzer | 6.1.0.0 - 6.1.0.15 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **APAR** | **Remediation / First Fix** \n---|---|---|--- \nRational Asset analyzer | 6.1.0.17 | None | [Upgrade to Fix pack 17](<http://www-01.ibm.com/support/docview.wss?uid=swg27021389#61017>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-30T21:51:04", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Asset Analyzer (RAA).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-07-30T21:51:04", "id": "C712FA1CCF5B00DD1E6F1E9A1F6D0273DDB6A82A5F92E6EB5028F4E4D1FDF20A", "href": "https://www.ibm.com/support/pages/node/716213", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:58:46", "description": "## Summary\n\nAn unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors, and obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.\n\n## Vulnerability Details\n\n \n**CVEID:** CVE-2018-2633** \nDESCRIPTION:** `An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system.` \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [`https://exchange.xforce.ibmcloud.com/vulnerabilities/137885`](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (`CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H`) \n\n**CVEID:** `CVE-2018-2603`** \nDESCRIPTION:** `An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.` \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See` `[`https://exchange.xforce.ibmcloud.com/vulnerabilities/137855`](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (`CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L`)\n\n**CVEID:** `CVE-2018-2579`** \nDESCRIPTION:** `An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.` \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See` `[`https://exchange.xforce.ibmcloud.com/vulnerabilities/137833`](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (`CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N`)\n\n## Affected Products and Versions\n\nIBM InfoSphere Optim Performance Manager for DB2 on Linux, Unix, and Windows version 4.1 through 5.3.1\n\n## Remediation/Fixes\n\nYou must replace the IBM\u00ae Runtime Environment, Java\u2122 Technology Edition that is installed with IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows with the latest IBM\u00ae Runtime Environment, Java\u2122 Technology Edition. Detailed instructions are provided in the tech-note: [__\u201cUpdating the __](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)[__IBM Runtime Environment, Java\u2122 Technology Edition__](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)[__ for InfoSphere Optim Performance Manager__](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)_\u201d_\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-07-08T21:30:52", "type": "ibm", "title": "Security Bulletin: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could affect IBM InfoSphere Optim Performance Manager.\nCVE-2018-2633\nCVE-2018-2603\nCVE-2018-2579", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2021-07-08T21:30:52", "id": "1A22E85B10B30BDA624FADFD7F66EE4EA7BBA669F8E526BE3453234D647DA7F3", "href": "https://www.ibm.com/support/pages/node/567373", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:54:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates for January and April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Command Center 10.2.4 All Editions\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the IBM JRE 8.0.5.15 to the affected version of IBM Cognos Command Center. \n \nThe fix can be found here: \n \n[10.24-BA-CCC-Win32-JRE-8SR5FP15](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Command+Center&release=10.2.4&platform=Windows+32-bit,+x86&function=fixId&fixids=10.2.4-BA-CCC-Win32-JRE-8SR5FP15&login=true>) \n \n**Installation instructions for applying this fix**. \n \nFor Microsoft Windows servers where the Agent or the Server component is installed please follow this procedure: \n \nStep 1: \nDownload the 32 bit IBM Java JRE (file name: ibm-java-jre-80-win-i386.zip, Size: 174.7 MB, Build: pwi3280sr5fp15-20180502_01(SR5 FP15)). \n \nStep 2: \nStop the CccServer, CccQueue and CccAgent Microsoft Windows services. \n \nStep 3: \n \nRename the <INSTALLDIR>\\Common\\java.8.0.0 directory to <INSTALLDIR>\\Common\\java.8.0.0.orig \n \nStep 4: \nUnpack the content of the ibm-java-jre-80-win-i386.zip file to <INSTALLDIR>\\Common\\java.8.0.0 \n \nStep 5: \nStart the CccAgent, CccQueue and CccServer Microsoft Windows services. \n \nStep 6: \nValidate the installation by testing the connectivity to the agent using the CCC Client. \n \n \nUpgrade instructions after applying this fix. \n \nFor all IBM Cognos Command Center installations with the above fix applied: \n \nBefore upgrading your installation to a newer version please revert to the original \\java\\ directory by following this procedure. \n \n \nStep A: \nStop the CccServer, CccQueue and CccAgent Windows services. \n \nStep B: \nRename the <INSTALLDIR>\\Common\\java directory to <INSTALLDIR>\\Common\\java.cve \n \nStep c: \nRename the <INSTALLDIR>\\Common\\java.orig directory to <INSTALLDIR>\\Common\\java \n \nStep D: \nProceed to upgrade your Cognos Command Center installation to a newer version. \n \nStep E: \nAfter the upgrade to the newer version is done, please reapply this fix starting from Step 1. \n \nYou should verify applying this fix does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T23:54:41", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center (CVE-2018-2579, CVE-2018-2602, CVE-2018-2603, CVE-2018-2633, CVE-2018-1417, CVE-2018-2783, CVE-2018-2794)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783", "CVE-2018-2794"], "modified": "2018-06-15T23:54:41", "id": "D1AFE8DF5160F7F66429CAC7472DFB3C1CDE36B34873FDBFD8D79F931C352114", "href": "https://www.ibm.com/support/pages/node/571089", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7 and 8, which are used by IBM Rational DOORS Web Access. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRational DOORS Web Access: 9.5.0 - 9.5.0.8 \nRational DOORS Web Access: 9.5.1 - 9.5.1.9 \nRational DOORS Web Access: 9.5.2 - 9.5.2.8 \nRational DOORS Web Access: 9.6.0 - 9.6.0.7 \nRational DOORS Web Access: 9.6.1 - 9.6.1.10\n\n## Remediation/Fixes\n\nFor Rational DOORS Web Access installations, upgrade the JRE as noted in the table below. You can upgrade the JRE after Rational DOORS Web Access is installed. Publicly available versions of the Oracle JRE are not supported with Rational DOORS Web Access. \n \nThe following table presents Rational DOORS Web Access versions and the compatible versions of IBM JRE. \n \n\n\n**Rational DOORS Web Access**| **IBM Runtime Environment Java Version** \n---|--- \n9.5.0 - 9.5.0.8| [9.5-RATIONAL-DOORS-JRE-7SR10FP20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-7SR10FP20&release=9.5&platform=All&source=SAR>) \n9.5.1 - 9.5.1.9| [9.5-RATIONAL-DOORS-JRE-7SR10FP20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-7SR10FP20&release=9.5&platform=All&source=SAR>) \n9.5.2 - 9.5.2.8| [](<http://w3.hursley.ibm.com/java/jim/ibmsdks/java60/601615/index.html>)[9.5-RATIONAL-DOORS-JRE-7SR10FP20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.5-RATIONAL-DOORS-JRE-7SR10FP20&release=9.5&platform=All&source=SAR>) \n9.6.0 - 9.6.0.7| [9.6.0-RATIONAL-DOORS-JRE-7SR10FP20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.0-RATIONAL-DOORS-JRE-7SR10FP20&release=9.6.0.0&platform=All&source=SAR>) \n9.6.1 - 9.6.1.4| [9.6.1-RATIONAL-DOORS-JRE-7SR10FP20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.1-RATIONAL-DOORS-JRE-7SR10FP20&release=9.6.1.1&platform=All&source=SAR>) \n9.6.1.7 - 9.6.1.10| [9.6.1.10-RATIONAL-DOORS-JRE-8SR5FP10](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+DOORS&fixids=9.6.1.10-RATIONAL-DOORS-JRE-8SR5FP10&release=9.6.1.7&platform=All&&source=SAR>) \n_For versions of Rational DOORS Web Access that are earlier than version 9.5.0.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:28:09", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633"], "modified": "2018-06-17T05:28:09", "id": "19750E0233D0EF1800BE4CB1368963E4510B8CE23C793455B5B74D660B8D0FB5", "href": "https://www.ibm.com/support/pages/node/570051", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:40:39", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Sterling Connect:Direct Browser User Interface. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nConnect:Direct Browser User Interface 1.5.0.2 through 1.5.0.2 iFix19\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**iFix**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nIBM Control Center | 1.5.0.2 | iFix20 | [_Fix Central - 1.5.0.2_](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~Other%20software~Sterling%20Connect:Direct%20Browser%20User%20Interface&query.release=1.5.0.2&query.platform=All>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Connect:Direct Browser.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633"], "modified": "2020-07-24T22:49:37", "id": "015DB6740B5492C96DB07643D3F7479C397A23B688C9430BC0080A02A7AD165F", "href": "https://www.ibm.com/support/pages/node/715389", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and IBM\u00ae Runtime Environment Java\u2122 Version 7 used by TPF Toolkit. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-10356_](<https://vulners.com/cve/CVE-2017-10356>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133785_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133785>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined\n\n## Affected Products and Versions\n\nTPF Toolkit 4.2.x\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nTPF Toolkit| 4.2.x| JR59407| \n\n 1. Install the latest version of IBM Installation Manager.\n 2. Apply Interim Fix 4.2.12 by using IBM Installation Manager.\n 3. Update the Java installation on your z/OS or Linux on IBM Z (or both) systems that the TPF Toolkit connects to. Download the latest version of Java from [_http://www.ibm.com/developerworks/java/jdk/_](<http://www.ibm.com/developerworks/java/jdk/>) \n \n\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10356", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-15T07:09:13", "id": "B92958E041283CAFD3A9E0E6A842B60E2AAC3D7DCA455FE3FE9A9B77179A9234", "href": "https://www.ibm.com/support/pages/node/569937", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7 & 8 and IBM\u00ae Runtime Environment Java\u2122 Versions 6,7 & 8 used by IBM Security Access Manager software and appliances. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Tivoli Access Manager for e-business version 6.1\n\nIBM Tivoli Access Manager for e-business version 6.1.1\n\nIBM Security Access Manager for Web version 7.0 software release\n\nIBM Security Access Manager for Web version 8 appliance\n\nIBM Security Access Manager for Mobile version 8 appliance\n\nIBM Security Access Manager version 9 appliance\n\n## Remediation/Fixes\n\nIf you run your own Java code using the IBM Java Runtime delivered with an IBM Security Access Manager software product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n\n\n**Product** | **VRMF** | **APAR** | **Remediation** \n---|---|---|--- \nIBM Tivoli Access Manager for e-business | 6.1 - 6.1.0.35 | IJ06528 | Apply Interim Fix 36: \n[6.1.0-ISS-TAM-IF0036](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.1.0&platform=All&function=all>) \nIBM Tivoli Access Manager for e-business | 6.1.1 - 6.1.1.34 | IJ06528 | Apply Interim Fix 35: \n[6.1.1-ISS-TAM-IF0035](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.1.1&platform=All&function=all>) \nIBM Security Access Manager for Web (software) | 7.0 - 7.0.0.34 (software) | IJ06528 | Apply Interim Fix 35: \n[7.0.0-ISS-SAM-IF0035](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web (appliance) | 8.0 - 8.0.1.7 | IJ06496 | Upgrade to 8.0.1.8: \n[_8.0.1-ISS-WGA-FP0008_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.7&platform=All&function=all>) \nIBM Security Access Manager for Mobile (appliance) | 8.0 - 8.0.1.7 | IJ06510 | Upgrade to 8.0.1.8: \n[8.0.1-ISS-ISAM-FP0008](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0.1.7&platform=Linux&function=all>) \nIBM Security Access Manager (appliance) | 9.0 - 9.0.5.0 | IJ06496 | Upgrade to 9.0.5.0: \n[9.0.5-ISS-ISAM-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n \nFor IBM Tivoli Access Manager for e-business 6.0 and earlier, IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-21T19:48:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634"], "modified": "2018-08-21T19:48:44", "id": "5C58EF391DDD33B2BBDFB3C54DD542E632EE73136FCCBDCD03C5ADA46A87A75F", "href": "https://www.ibm.com/support/pages/node/715259", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:45:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 and 7 that are used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2017-10356_](<https://vulners.com/cve/CVE-2017-10356>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133785_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133785>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nOMNIbus| 7.4.0| \n| Upgrade to release containing a fix (OMNIbus 8.1.0.16) \nOMNIbus | 8.1.0.16| IJ00723| <http://www.ibm.com/support/docview.wss?uid=swg24044414> \n \n**Please also note the** [**_end of support announcement_**](<http://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&lang=en&request_locale=en>) **from 12 September 2017 for selected Netcool product versions. You can find detailed information on whether the product version you have installed in your environment is affected by this end of service announcement by following the** [**_Netcool End of Support Knowledge Collection_**](<https://www-01.ibm.com/support/entdocview.wss?uid=swg22009231>) **. If your product version is affected, IBM recommend to upgrade your product version to the latest supported version of your product. Please contact your IBM account manager for any question you might have or for any assistance you may require for upgrading an end of service announced offering.**\n\n## Workarounds and Mitigations\n\nUpgrading the JRE is the only solution.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:48:14", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10356", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-17T15:48:14", "id": "C00F8844211885243E98A13F4DA59C6FB7BE41737A2514C8E7E0B4D813315B79", "href": "https://www.ibm.com/support/pages/node/302665", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and 8 that is used by Rational Functional Tester. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the **References** section for more information.\n\n \n**CVEID**: [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n \n**CVEID**: [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n \n**CVEID**: [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n \n**CVEID**: [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n \n**CVEID**: [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION**: An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\n * Rational Functional Tester 8.3.0 - 8.3.0.2\n * Rational Functional Tester 8.5.0 - 8.5.1.3\n * Rational Functional Tester 8.6.0 - 8.6.0.10\n * Rational Functional Tester 9.1.0 - 9.1.1.1\n * Rational Functional Tester 9.2\n\n## Remediation/Fixes\n\nFor Rational Functional Tester versions 8.0.x 8.1.x, and 8.2.x , IBM recommends upgrading to a fixed, supported version or release of the product. \n \n\n\n**Product**| **Version**| **APAR**| **Remediation/First fix** \n---|---|---|--- \nRFT| 8.3.0 - 8.3.0.2| None| Download IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 [iFix](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Functional+Tester&release=8.6.0.6&platform=All&function=fixId&fixids=Rational-RFT-Java7SR10FP20-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) from the Fix Central and apply it. \nRFT| 8.5.0 - 8.5.0.1| None \nRFT| 8.5.1 - 8.5.1.3| None \nRFT| 8.6.0 - 8.6.0.6| None \nRFT| 8.6.0.7 - 8.6.0.10| None| Download IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 11 [iFix](<https://apac01.safelinks.protection.outlook.com/?url=https:%2F%2Fwww-945.ibm.com%2Fsupport%2Ffixcentral%2Fswg%2FdownloadFixes%3Fparent%3Dibm~Rational%26product%3Dibm%2FRational%2FRational%2BFunctional%2BTester%26release%3D9.2.0%26platform%3DAll%26function%3DfixId%26fixids%3DRational-RFT-Java8SR5FP11-ifix%26includeRequisites%3D1%26includeSupersedes%3D0%26downloadMethod%3Dhttp&data=02%7C01%7Csivasankari.s%40hcl.com%7Cf9ab2087541e4bdc787f08d5a90b0f88%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636600787324456935&sdata=znjosbeHRaH4cNpV%2Bg4GOopCE8cx0bv%2FRtOPW135pqM%3D&reserved=0>) from the Fix Central and apply it. \nRFT| 9.1.0 - 9.1.1.1| None \nRFT| 9.2| None \n \n**Note**: \n\n * You must verify that applying this fix does not cause any compatibility issues. \n * For information about how to install iFixes, see [Installing packages](<http://www-01.ibm.com/support/knowledgecenter/SSDV2W_1.4.0/com.ibm.cic.agent.ui.doc/topics/t_installing_packages.html?lang=en>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-09-17T13:44:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2018-2633, CVE-2018-2634, CVE-2018-2603, CVE-2018-2602, CVE-2018-2579)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634"], "modified": "2018-09-17T13:44:34", "id": "3CB47E69C2467E478A054170AAA605E9126ECA9F7C1454094639CF11EA89BF8D", "href": "https://www.ibm.com/support/pages/node/569267", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by Financial Transaction Manager (FTM) for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services (CPS) for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n\\- FTM for ACH Services v3.0.2.0 - v3.0.2.1, v3.0.5.0, v3.1.0.0-3.1.0.1 \n\n\\- FTM for Check Services v3.0.0.n, v3.0.2.0 - v3.0.2.1, v3.0.5.0\n\n\\- FTM for CPS v3.0.2.0 - v3.0.2.1\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.2.0 - 3.0.2.1, 3.0.5.0, 3.1.0.0-3.1.0.1| PI95439| 3.0.2 apply [3.0.2.1-FTM-ACH-MP-iFix0010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-ACH-MP-iFix0010&includeSupersedes=0&source=fc>) or later. \n3.0.5 apply [3.0.5.0-FTM-ACH-MP-iFix0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.5.0-FTM-ACH-MP-iFix0001&includeSupersedes=0&source=fc>) or later. \n3.1.0 apply [3.0.1.1-FTM-ACH-MP-iFix0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.1.0.1-FTM-ACH-MP-iFix0001&includeSupersedes=0&source=fc>) or later. \n \n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for Check Services| 3.0.0.n \n3.0.2.0 - 3.0.2.1, 3.0.5.0| PI95439| 3.0.0 apply [3.0.0.15-FTM-Check-MP-iFix0014](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0.15-FTM-Check-MP-iFix0014&includeSupersedes=0&source=fc>) or later. \n3.0.2 apply [3.0.2.1-FTM-Check-MP-iFix0010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-Check-MP-iFix0010&includeSupersedes=0&source=fc>) or later. \n3.0.5 apply [3.0.5.0-FTM-Check-MP-iFix0001](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.5.0-FTM-Check-MP-iFix0001&includeSupersedes=0&source=fc>) or later. \n \n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for CPS| 3.0.2.0 - 3.0.2.1| PI95439| 3.0.2 apply [3.0.2.1-FTM-CPS-MP-iFix0010](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-CPS-MP-iFix0010&includeSupersedes=0&source=fc>) or later. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T20:13:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for ACH Services, Financial Transaction Manager for Check Services, and Financial Transaction Manager for Corporate Payment Services for Multiplatforms", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-16T20:13:29", "id": "9FF3831C7E22B3E484BB7DE6DD7B8208547ED4A9D05819AE0271A6E0BA3A8B5D", "href": "https://www.ibm.com/support/pages/node/568451", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Installation Manager and IBM Packaging Utility. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Installation Manager and IBM Packaging Utility versions 1.8.8.0 and earlier.\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM Installation Manager and IBM Packaging Utility_| _1.8.x_| [_IJ04036_](<http://www.ibm.com/support/docview.wss?uid=swg1IJ04036>)_,_ \n[_IJ04043_](<http://www.ibm.com/support/docview.wss?uid=swg1IJ04043>)_,_ \n[_IJ04053_](<http://www.ibm.com/support/docview.wss?uid=swg1IJ04053>)_,_ \n[_IJ04041_](<http://www.ibm.com/support/docview.wss?uid=swg1IJ04041>)_,_ \n[_IJ04045_](<http://www.ibm.com/support/docview.wss?uid=swg1IJ04045>)| [__1.8.9 IBM Installation Manager Remediation__](<http://www.ibm.com/support/docview.wss?uid=swg24044637>)_ \n_[__1.8.9 IBM Packaging Utility Remediation__](<http://www.ibm.com/support/docview.wss?uid=swg24044638>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:27:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Installation Manager and IBM Packaging Utility", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633"], "modified": "2018-06-17T05:27:23", "id": "5EC4D576F9D73CD4F595A3F1D620A4540FC3AA5D503116CE04F8DF6C1AC8CFC4", "href": "https://www.ibm.com/support/pages/node/568295", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:46:49", "description": "## Summary\n\nSecurity vulnerabilities have been identified in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by Watson Explorer and IBM Watson Content Analytics.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities apply to the following products and versions: \n\n**Affected Product**\n\n| **Affected Versions**| **Applicable Vulnerabilities** \n---|---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| 12.0.0.0| CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0| CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603 \nIBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0| CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \n**Affected Product**| **Affected Versions**| **Applicable Vulnerabilities** \nIBM Watson Explorer Foundational Components| 11.0.0.0 - 11.0.0.3, 11.0.1, \n11.0.2, 11.0.2.2| CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Foundational Components| 10.0.0.0 - 10.0.0.4| CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Foundational Components| 9.0.0.0 - 9.0.0.8| CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Foundational Components| 8.2 - 8.2-6| CVE-2018-2579 CVE-2018-2588 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \n**Affected Product**| **Affected Versions**| **Applicable Vulnerabilities** \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2, 11.0.2.2| CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.4| CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603 \nWatson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2, 11.0.2.2| CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603 \nWatson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603 \nIBM Watson Content Analytics| 3.5.0.0 - 3.5.0.4| CVE-2018-2579 CVE-2018-2588 CVE-2018-2633 CVE-2018-2602 CVE-2018-2603 \n**Affected Product**| **Affected Versions**| **Applicable Vulnerabilities** \nIBM Watson Explorer Deep Analytics Edition Content Analytics Studio| 12.0.0.0| CVE-2018-2579 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Content Analytics Studio| 11.0 - 11.0.0.3, \n11.0.1| CVE-2018-2579 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Content Analytics Studio| 11.0.2, 11.0.2.1, \n11.0.2.2| CVE-2018-2579 CVE-2018-2602 CVE-2018-2603 CVE-2018-2633 \nIBM Watson Explorer Content Analytics Studio| 10.0.0.0 - 10.0.0.2| CVE-2018-2602 \nIBM Watson Content Analytics| 3.5.0.0 - 3.5.0.4| CVE-2018-2602 \n \n## Remediation/Fixes\n\nFollow these steps to upgrade to the required version of IBM Java Runtime. \n\nThe table reflects product names at the time the specified versions were released. To use the links to Fix Central in this table, you must first log in to the IBM Support Fix Central site at <http://www.ibm.com/support/fixcentral/>.\n\n**Affected Product**| **Affected Versions**| **Required IBM Java Runtim**| **How to acquire and apply the fix** \n---|---|---|--- \nIBM Watson Explorer DAE \nFoundational Components| 12.0.0.0| JVM 8 SR5 FP10 or later| Contact [IBM Support](<https://www.ibm.com/support/entry/portal/product/watson_group/watson_explorer>) for more information. \nIBM Watson Explorer DAE \nAnalytical Components| 12.0.0.0| JVM 8 SR5 FP10 or later| Contact [IBM Support](<https://www.ibm.com/support/entry/portal/product/watson_group/watson_explorer>) for more information. \nIBM Watson Explorer DAE \noneWEX| 12.0.0.0| JVM 8 SR5 FP10 or later| **IBM Watson Explorer Deep Analytics Edition (DAE) oneWEX for ICP:** \nUpgrade to Watson Explorer Deep Analytics Edition oneWEX Version 12.0.0.1. For information about the version and links to the software and [release notes](<http://www.ibm.com/support/docview.wss?uid=swg27050305>), see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044684>). For more information about upgrading, see [Fix Pack 1 Readme](<http://www.ibm.com/support/docview.wss?uid=swg22014918>). \n \n**IBM Watson Explorer DAE oneWEX for single container deployment:** \neGA image of oneWEX for single container deployment already uses JVM 8 SR5 FP10. Download the eGA image from Passport Advantage online. See the [download document](<https://www.ibm.com/support/docview.wss?uid=swg24044031>). \n**Affected Produc****t**| **Affected Versions**| **Required IBM Java Runtim**| **How to acquire and apply the fix** \nIBM Watson Explorer \nFoundational Components| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2, 11.0.2.1, \n11.0.2.2| JVM 8 SR5 FP10 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044332>)). If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package for your edition (Standard, Enterprise, or Advanced) and operating system from Fix Central: interim fix **11.0.2.2-WS-WatsonExplorer-<Edition>Foundational-<OS>-8SR5FP10** or later (for example, 11.0.2.2-WS-WatsonExplorer-EEFoundational-Linux-8SR5FP11).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nIBM Watson Explorer Foundational Components| 10.0 - 10.0.0.4| JVM 8 SR5 FP10 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 4 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039429>)). If you upgrade to Version 10.0.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package for your edition (Standard, Enterprise, or Advanced) and operating system from Fix Central: interim fix **10.0.0.4-WS-WatsonExplorer-<Edition>Foundational-<OS>-8SR5FP10** or later (for example, 10.0.0.4-WS-WatsonExplorer-EEFoundational-Linux-8SR5FP11).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700618>). \nIBM Watson Explorer| 9.0 - 9.0.0.8| JVM 7.1 SR4 FP20 or later| Upgrade to Version 9.0.0.9. \n \nSee [Watson Explorer Version 9.0.0.9 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24044663>) for download information and instructions. \nIBM InfoSphere Data Explorer| 8.2 - 8.2-6| JVM 7.1 SR4 FP20 or later| Upgrade to Version 8.2-7. \n \nSee [Watson Explorer Version 8.2-7 Foundational Components](<http://www.ibm.com/support/docview.wss?uid=swg24044665>) for download information and instructions. \n**Affected Product**| **Affected Versions**| **Required IBM Java Runtim**| **How to acquire and apply the fix** \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2, 11.0.2.1, \n11.0.2.2| JVM 8 SR5 FP10 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044332>)). If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package for your edition (Standard, Enterprise, or Advanced) and operating system from Fix Central: interim fix **11.0.2.2-WS-WatsonExplorer-<Edition>FoundationalAAC-<OS>[32]-8SR5FP10** or later (for example, 11.0.2.2-WS-WatsonExplorer-AEFoundationalAAC-Linux32-8SR5FP11 and 11.0.2.2-WS-WatsonExplorer-AEFoundationalAAC-Linux-8SR5FP11).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700620>). \n**Note** : The document indicates the steps for \"Analytical Components\", but the same step is applicable to Foundational Component Annotation Administration Console 11.0.2.2.) \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0 - 10.0.0.4| JVM 7.1 SR4 FP20 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 4 (see the Fix Pack download document). If you upgrade to Version 10.0.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the 32-bit and 64-bit packages of IBM Java Runtime, Version 7 for IBM Watson Explorer Advanced Edition and your operating system from [Fix Central: ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.4&platform=All&function=all>)interim fix \n**10.0.0.4-WS-WatsonExplorer-<Edition>FoundationallAAC-<OS>[32]-7SR4FP20 **or later (for example, 10.0.0.4-WS-WatsonExplorer-AEFoundationalAAC-Linux32-7SR4FP20 and 10.0.0.4-WS-WatsonExplorer-AEFoundationalAAC-Linux-7SR4FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700619>). \nIBM Watson Explorer Analytical Components| 11.0 - 11.0.0.3, \n11.0.1, \n11.0.2, 11.0.2.1, \n11.0.2.2| JVM 8 SR5 FP10 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044332>)). If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package for your edition (Standard, Enterprise, or Advanced) and operating system from Fix Central: interim fix **11.0.2.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-8SR4FP10** or later (for example, 11.0.2.2-WS-WatsonExplorer-AEAnalytical-Linux-8SR5FP11 and 11.0.2.2-WS-WatsonExplorer-AEAnalytical-Linux32-8SR5FP11).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700620>). \nIBM Watson Explorer Analytical Components| 10.0 - 10.0.0.2| JVM 7 SR10FP20 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)). If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-<Edition>Analytical-<OS>[32|31]-7SR10FP20 ** or later. For example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-7SR10FP20 and 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux32-7SR10FP20.\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg21700620>).\n 4. Rename `$ES_INSTALL_ROOT/lib/activation.jar` \nto `activation.jar.orig` if the file exists. \nIBM Watson Content Analytics| 3.5 - 3.5.0.4| JVM 7 SR10 FP20 or later| \n\n 1. If you have not already installed, install V3.5 Fix Pack 4 (see the Fix Pack [download document](<http://www-01.ibm.com/support/docview.wss?uid=swg24042836>)). If you upgrade to Version 3.5.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 7 for IBM Watson Explorer Advanced Edition and your operating system from [Fix Central: ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/IBM+Cognos+Content+Analytics&release=3.5.0.4&platform=All&function=all>)interim fix **3.5.0.4-WT-WCA-<OS>[32|31]-7SR10FP20** or later (for example, 3.5.0.4-WT-WCA-Linux32-7SR10FP20 and 3.5.0.4-WT-WCA-Linux-7SR10FP2St0).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www-01.ibm.com/support/docview.wss?uid=swg21700621>). \n 4. Rename `$ES_INSTALL_ROOT/lib/activation.jar` \nto `activation.jar.orig` if the file exists. \n**Affected Product**| **Affected Versions**| **Required IBM Java Runtim**| **How to acquire and apply the fix** \nIBM Watson Explorer Deep Analytics Edition Content Analytics Studio| 12.0.0.0| JVM 8 SR5 FP10 or later| Contact [IBM Support](<https://www.ibm.com/support/entry/portal/product/watson_group/watson_explorer>) for more information. \nIBM Watson Explorer Content Analytics Studio| 11.0 - 11.0.0.3, \n11.0.1| JVM 8 SR5 FP10 or later| Upgrade to Version 11.0.2 and applyl Fix Pack 2. For information about this version, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24042893>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>). \n \nIf you have not already installed, upgrade to Version 11.0.2.2 and follow the instruction for IBM Watson Explorer Content Analytics Studio 11.0.2.2. \n\n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24042893>). For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).\n * For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>). \nIBM Watson Explorer Content Analytics Studio| 11.0.2, 11.0.2.1, \n11.0.2.2| JVM 8 SR5 FP10 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044332>)). If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 9 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.0&platform=All&function=all>): interim fix \n**11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR5FP11** or later. \nFor example, 11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR5FP11, which includes 64-bit version of IBM Java Runtime.\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg22003954>). \nIBM Watson Explorer Content Analytics Studio| 10.0.0.0 - 10.0.0.2| JVM 7 SR10FP20 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)). If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 7 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.0&platform=All&function=all>): interim fix \n**10.0.0.2-WS-WatsonExplorer-AEAnalytical-CAStudio-7SR10FP20** or later. \nFor example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-CAStudio-7SR10FP20, which includes 32-bit version of IBM Java Runtime.\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg22003954>). \nIBM Watson Content Analytics| 3.5.0.0 - 3.5.0.4| JVM 7 SR10FP20 or later| \n\n 1. If you have not already installed, install V3.5 Fix Pack 4 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24042836>)). If you upgrade to Version 3.5.0.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the 32-bit package of IBM Java Runtime, Version 7 for IBM Watson Explorer Advanced Edition and your operating system from [Fix Central: ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/IBM+Cognos+Content+Analytics&release=3.5.0.4&platform=All&function=all>)interim fix **3.5.0.4-WT-WCA-CAStudio-7SR10FP20** or later (for example, 3.5.0.4-WT-WCA-CAStudio-7SR10FP20).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<http://www.ibm.com/support/docview.wss?uid=swg22003954>). \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T13:10:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect Watson Explorer and IBM Watson Content Analytics", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-17T13:10:00", "id": "BFDF12012C4F7AB15EA439C6A6D54D778E7D8C22F9B552F94B30F801A07D8619", "href": "https://www.ibm.com/support/pages/node/568237", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:52:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by Financial Transaction Manager for Corporate Payment Services (CPS) for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n\\- FTM for CPS v2.1.1.0 - v2.1.1.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for CPS Services| 2.1.1.0 - 2.1.1.4,| PI95444| Apply [2.1.1-FTM-CPS-MP-fp0005](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=2.1.1-FTM-CPS-MP-fp0005&includeSupersedes=0&source=fc>) or later. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T20:13:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multiplatforms", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2018-06-16T20:13:29", "id": "48DEEE69E5792EE07FE1C894C86FF0298C1CB17342A23ED9F86C3B1A4804394A", "href": "https://www.ibm.com/support/pages/node/568449", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:38:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7.0.10.10 used by IBM Sterling Connect:Direct FTP+. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an \nunauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**Note:** If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n## Affected Products and Versions\n\nIBM Sterling Connect:Direct FTP+ 1.3.0\n\n## Remediation/Fixes\n\n**V.R.M.F**\n\n| **APAR**| **Remediation/First Fix** \n---|---|--- \n1.3.0| None| Apply 1.3.0 Fix009, available on [_Fix Central_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%2Bsoftware&product=ibm/Other+software/Sterling+Connect%3ADirect+FTP+Plus&release=1.3.0.0&platform=All&function=fixId&fixids=1.3.0*iFix009*&includeSupersedes=0>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-07-24T22:49:37", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct FTP+", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633"], "modified": "2020-07-24T22:49:37", "id": "AEDBB2CCFDA945F56DC3A62289286FE47002B310BE61E0143FB55B64A454AAF5", "href": "https://www.ibm.com/support/pages/node/571857", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by the IBM Spectrum Protect Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. \nUPDATED 1/16/2019: Changed \"First Fixing VRM Level\" in Remediation/Fixes table for 8.1 from 8.1.6 to 8.1.6.100.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects the IBM Spectrum Protect Server levels 8.1.3.0 through 8.1.5.x.\n\nNote that releases 8.1.3.0 and below of the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server are not affected.\n\n## Remediation/Fixes\n\n**_BM Spectrum Protect Server Release_** | **_First Fixing \nVRM Level_** | **_Platform_** | **_Link to Fix _** \n---|---|---|--- \n8.1 | 8.1.6.100 | \n\nAIX \nLinux \nWindows\n\n| \n\n<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/server> \n \n.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-01-16T22:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-2579, CVE-2018-2603, CVE-2018-2783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2603", "CVE-2018-2783"], "modified": "2019-01-16T22:10:01", "id": "36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660", "href": "https://www.ibm.com/support/pages/node/729853", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:53:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8, Service Refresh 5 used by IBM Streams. IBM Streams has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * IBM Streams Version 4.2.1.3 and earlier \n * IBM InfoSphere Streams Version 4.1.1.5 and earlier \n * IBM InfoSphere Streams Version 4.0.1.5 and earlier \n * IBM InfoSphere Streams Version 3.2.1.6 and earlier \n * IBM InfoSphere Streams Version 3.1.0.8 and earlier \n * IBM InfoSphere Streams Version 3.0.0.6 and earlier\n\n## Remediation/Fixes\n\n**NOTE:** Fix Packs are available on IBM Fix Central. \n \nTo remediate/fix this issue, follow the instructions below: \n\n * Version 4.2.x: Apply [_4.2.1 Fix Pack 4 (4.2.1.4) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>).\n * Version 4.1.x: Apply [_4.1.1 Fix Pack 6 (4.1.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>).\n * Version 4.0.x: Apply [_4.0.1 Fix Pack 6 (4.0.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>).\n * Versions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T14:20:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Streams", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-16T14:20:00", "id": "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "href": "https://www.ibm.com/support/pages/node/570185", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nCICS Transaction Gateway v8.0.0.0 \u2013 8.0.0.6 \nCICS Transaction Gateway v8.1.0.0 \u2013 8.1.0.5 \nCICS Transaction Gateway v9.0.0.0 \u2013 9.0.0.4 \nCICS Transaction Gateway v9.1.0.0 \u2013 9.1.0.3 \nCICS Transaction Gateway v9.2.0.0 \u2013 9.2.0.2\n\n## Remediation/Fixes\n\nUpgrade the JRE used by CICS TG Java client applications and/or the CICS TG Gateway daemon. Updated JREs which can used with CICS TG Java client applications and the Gateway daemon are made available on Fix Central. \n \n\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nCICS Transaction Gateway for Multiplatforms| 9.2.0.0 \n9.2.0.1 \n9.2.0.2| Updated JRE's have been made available on Fix Central as Fix packs. \nAIX: [8.0.5-CICSTG-AIXpSeries32-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-AIXpSeries32-JRE-SR10&continue=1>) \nHP-UX: [8.0.5-CICSTG-HPUXIA32-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-HPUXIA32-JRE-SR10&continue=1>) \nxLinux: [8.0.5-CICSTG-Linuxx8632-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-Linuxx8632-JRE-SR10&continue=1>) \npLinux: [8.0.5-CICSTG-LinuxpSeries32-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-LinuxpSeries32-JRE-SR10&continue=1>) \nzLinux: [8.0.5-CICSTG-LinuxzSeries31-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-LinuxzSeries31-JRE-SR10&continue=1>) \nWindows:[8.0.5-CICSTG-Windowsx8632-JRE-SR10 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-Windowsx8632-JRE-SR10&continue=1>)| \n[https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.2.0&query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \n \nCICS Transaction Gateway for Multiplatforms| 9.1.0.0 \n9.1.0.1 \n9.1.0.2 \n9.1.0.3| Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.10-CICSTG-SolarisSPARC32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-SolarisSPARC32-JRE-SR20&continue=1>) \nAIX: [7.1.4-CICSTG-AIXpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-AIXpSeries32-JRE-SR20&continue=1>) \nxLinux: [7.1.4-CICSTG-Linuxx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-Linuxx8632-JRE-SR20&continue=1>) \npLinux: [7.1.4-CICSTG-LinuxpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-LinuxpSeries32-JRE-SR20&continue=1>) \nzLinux: [7.1.4-CICSTG-LinuxzSeries31-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-LinuxzSeries31-JRE-SR20&continue=1>) \nWindows: [7.1.4-CICSTG-Windowsx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-Windowsx8632-JRE-SR20&continue=1>)| \n[https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.1.0&query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \nCICS Transaction Gateway for Multiplatforms| 9.0.0.0 \n9.0.0.1 \n9.0.0.2 \n9.0.0.3 \n9.0.0.4 \n8.1.0.0 \n8.1.0.1 \n8.1.0.2 \n8.1.0.3 \n8.1.0.4 \n8.1.0.5 \n8.0.0.0 \n8.0.0.1 \n8.0.0.2 \n8.0.0.3 \n8.0.0.4 \n8.0.0.5 \n8.0.0.6| Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.10-CICSTG-SolarisSPARC32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-SolarisSPARC32-JRE-SR20&continue=1>) \nAIX: [7.0.10-CICSTG-AIXpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-AIXpSeries32-JRE-SR20&continue=1>) \nxLinux: [7.0.10-CICSTG-Linuxx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-Linuxx8632-JRE-SR20&continue=1>) \npLinux: [7.0.10-CICSTG-LinuxpSeries32-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-LinuxpSeries32-JRE-SR20&continue=1>) \nzLinux: [7.0.10-CICSTG-LinuxzSeries31-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-LinuxzSeries31-JRE-SR20&continue=1>) \nWindows: [7.0.10-CICSTG-Windowsx8632-JRE-SR20 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-Windowsx8632-JRE-SR20&continue=1>)| [https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2678"], "modified": "2018-06-15T07:09:24", "id": "D472BB6070D3EAAA575EDD37698BF33CF68D69F2859D529D555F7ED693CF3311", "href": "https://www.ibm.com/support/pages/node/571689", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:41:24", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 & 8 and IBM\u00ae Runtime Environment Java\u2122 Version 7 & 8 and IBM\u00ae Runtime Environment Java\u2122 Version 7 & 8 used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-10357_](<https://vulners.com/cve/CVE-2017-10357>)** \n****DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133786_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133786>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-10348_](<https://vulners.com/cve/CVE-2017-10348>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133777_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133777>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-10349_](<https://vulners.com/cve/CVE-2017-10349>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-10347_](<https://vulners.com/cve/CVE-2017-10347>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133776_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133776>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-10350_](<https://vulners.com/cve/CVE-2017-10350>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JAX-WS component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133779_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133779>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-10281_](<https://vulners.com/cve/CVE-2017-10281>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133720_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133720>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2017-10295_](<https://vulners.com/cve/CVE-2017-10295>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133729_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133729>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2663&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046118002&sdata=qG7yMGyIludAkJogCaEBcVfK7kjmUmLFKm7jUNJg5F8%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137917&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046118002&sdata=hgX3uNhgg1xD7XKDnWNBBhFkoI9sHpEivO%2Bl6rrLZLc%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID:** [_CVE-2018-2657_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2657&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=IEvkNjJwfYf9M%2Fi0EAG7UV9XprK8DsB2ViGXwjmFInM%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137910&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=Xcx4haL7FsR7fGoUK2KGUQ8r66I1qx9CDtU1SplocQA%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2603&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=DGpb5zTVR%2Fcsq8HtJNIboYwarx4DqkfU%2Bdopqe7K1Eg%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137855&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=jpNfEog7lUu5JtpNkgd%2BFjx3RN7xlrlKPIi42bY0IDM%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2602&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=eWOXPQKy9kTOa%2Bl6UYcCPuLH%2FjWZ0%2Bk79L0j%2F4BGxFM%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137854&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=uMP0RYSLa1HFbiDagiYu58u1UOgQIFBXFmhsYiv9Nr0%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n\n \n**CVEID:** [_CVE-2018-2678_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2678&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=k58OIi0XJ6H2qmuudGHBpq3%2FzvOXyAcR5yn43JAWKu8%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137933&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046126266&sdata=siR81wYyiVUSDu03bwbYO0NsmP1%2FCVc29Ujc7qJsp9M%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2677_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2677&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046118002&sdata=YKGXT2UrrhumvlGmVSCaNV5TpPWcAnqXzrG0Do7mSw4%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137932&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046118002&sdata=z3e2XSiESPJY%2BBTQ3xv2vABg%2Fyao8tOiWxuf9Cl5Jek%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2633&data=02%7C01%7Challm%40hcl.com%7C5ae2a3d3982e4ec69f7008d5b74c2917%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636616460090517555&sdata=wG%2BTFH8tsDhEAg5Zak4nEDFBbMR0YRkRzkdHjPlDy%2Bo%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137885&data=02%7C01%7Challm%40hcl.com%7C5ae2a3d3982e4ec69f7008d5b74c2917%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636616460090517555&sdata=dHLBmon3kMKZk9dtStTnUk%2BHrsG2hd4QsUN1B3PAwKE%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2579_](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2018-2579&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046118002&sdata=GtftLqcq5%2FKGnoKvQ7BXRgkElrWTMUn8R3aDhUp9v5Y%3D&reserved=0>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://apac01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F137833&data=02%7C01%7CVenkata.SK%40hcl.com%7Cf58ed9325cef48081e2708d5a46d9347%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636595713046118002&sdata=tkaC3H9lofRMxATLahWgWlP9ARMn%2FS3D79on0n0ixaU%3D&reserved=0>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nRational Business Developer 9.0 - 9.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Rational Business Developer_| _9.0.x, 9.1.x, 9.5.x_| _None_| [`_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Business+Developer&fixids=Rational-RBD-Java8SR5FP10-ifix&source=SAR_`](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ibm.com%2Fsupport%2Ffixcentral%2Fquickorder%3Fproduct%3Dibm%252FRational%252FRational%2BBusiness%2BDeveloper%26fixids%3DRational-RBD-Java8SR5FP10-ifix%26source%3DSAR&data=02%7C01%7CVenkata.SK%40hcl.com%7C549817ab7b8846d8d7aa08d5b7097d6b%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636616173743122316&sdata=9xciDnHcyiK9y0WQ%2B3KzKZ116zjsbqE5F1j9Q%2F7i8%2BY%3D&reserved=0>) \n \n[`_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Business+Developer&fixids=Rational-RBD-Java7SR10FP20-ifix&source=SAR_`](<https://apac01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ibm.com%2Fsupport%2Ffixcentral%2Fquickorder%3Fproduct%3Dibm%252FRational%252FRational%2BBusiness%2BDeveloper%26fixids%3DRational-RBD-Java7SR10FP20-ifix%26source%3DSAR&data=02%7C01%7CVenkata.SK%40hcl.com%7C549817ab7b8846d8d7aa08d5b7097d6b%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636616173743132324&sdata=4Q0LM0qpYK3E1v6pUQoNon4VtqZloq7MdnJY83RBYe0%3D&reserved=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10281", "CVE-2017-10295", "CVE-2017-10347", "CVE-2017-10348", "CVE-2017-10349", "CVE-2017-10350", "CVE-2017-10357", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-08-03T04:23:43", "id": "159C34E5AFB6BE1F570922202E0562653C65D24C44D5B08DF0970536EC4F5951", "href": "https://www.ibm.com/support/pages/node/570393", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:47:41", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 that is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware and Data Protection for Hyper-V. These issues were disclosed as part of the IBM Java SDK updates in July 2017, October 2017, January 2018, and April 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-10115_](<https://vulners.com/cve/CVE-2017-10115>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/128876_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128876>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2017-10116_](<https://vulners.com/cve/CVE-2017-10116>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/128877_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/128877>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2017-10356_](<https://vulners.com/cve/CVE-2017-10356>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133785_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133785>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware are affected:\n\n * 8.1.0.0 through 8.1.4.1\n * 7.1.0.0 through 7.1.8.1 \n\nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for Hyper-V are affected:\n\n * 8.1.4.0 through 8.1.4.2\n\n## Remediation/Fixes\n\n**_IBM Spectrum Protect for Virtual Environments: Data Protection for VMware Release_**\n\n| **_Fixing VRM Level_** | **_Platform_** | **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n8.1 | 8.1.6 | Linux \nWindows | \n\n<https://www.ibm.com/support/docview.wss?uid=swg24044948> \n \n7.1 | 7.1.8.2 | Linux \nWindows | <https://www.ibm.com/support/docview.wss?uid=swg24044553> \n \n \nCustomers using older versions of the product (6.4 and below) should upgrade to a supported fixed version. \n\n\n**_IBM Spectrum Protect for Virtual Environments: Data Protection for Hyper-V Release_**\n\n| **_Fixing VRM Level_** | **_Platform_** | **_Link to Fix / Fix Availability Target_** \n---|---|---|--- \n8.1 | 8.1.6 | Windows | \n\n<https://www.ibm.com/support/docview.wss?uid=swg24044948> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-09-24T09:05:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10115", "CVE-2017-10116", "CVE-2017-10356", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2783"], "modified": "2018-09-24T09:05:01", "id": "0849CEF680F68843BB8ED3027181BFC6E58FA418D5C7E4A78DF8C347CCD2AC36", "href": "https://www.ibm.com/support/pages/node/715109", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-13T01:33:59", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM SONAS. This issue was disclosed as part of the IBM Java SDK updates in January 2018\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.8.\n\n## Remediation/Fixes\n\nA fix for these issues is in version 1.5.2.9 of IBM SONAS. Customers running an affected version of IBM SONAS should upgrade to 1.5.2.9 or a later version, so that the fix gets applied. \n \nSystems running older/unsupported versions should be upgraded to the latest V1.5.x release to obtain available security fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T00:51:34", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java SDK affects IBM SONAS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2599", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T00:51:34", "id": "43ECF7C36D1E6DC475530D2CB5DF6E2047C49DC8E177CF79FA363DF0831764BB", "href": "https://www.ibm.com/support/pages/node/650965", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-13T13:34:59", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running code releases 1.5.x and 1.6.0.0 to 1.6.2.3 \n\n## Remediation/Fixes\n\nA fix for this issue is in version 1.6.2.4 of IBM Storwize V7000 Unified. \nVersion 1.5 and earlier releases are end of service. Customers on these releases of IBM Storwize V7000 Unified can upgrade to v1.6.2.4 for obtaining fixes._ \n__ \n_[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>) \n \nPlease contact IBM support for assistance in upgrading your system. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T00:51:28", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2599", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T00:51:28", "id": "9EE2A2A76244AB36DD57115A1BA2CE358055D10D9DD6C1C5DC6DB4586793C9AB", "href": "https://www.ibm.com/support/pages/node/650897", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:46", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 \nused by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-201__7-10356_](<https://vulners.com/cve/CVE-2017-10356>)** ** \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133785_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133785>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** **\n\n \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** **\n\n \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** **\n\n \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** ** \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** ** \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)) \n\n## Affected Products and Versions\n\n** **IBM Sterling Secure Proxy 3.4.3.0 through 3.4.3.0 Fix Pack 2 (3.4.3.2) \n** **IBM Sterling Secure Proxy 3.4.2.0 through 3.4.2.0 iFix 13\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Sterling Secure Proxy| \n\n3.4.3.2\n\n| \n\n_iFix 1_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \nIBM Sterling Secure Proxy| \n\n3.4.2.0\n\n| \n\n_iFix 14_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-12-17T22:56:50", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10356", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2019-12-17T22:56:50", "id": "1BB027D3ECE759D4B3772AE6D614EC9C6DE9B952B653965F01D9CBE09BB70CE7", "href": "https://www.ibm.com/support/pages/node/571913", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:43:53", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM License Metric Tool and IBM BigFix Inventory. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM License Metric Tool 9.0 - 9.2.11\n\nIBM BigFix Inventory 9.0 - 9.2.11\n\n## Remediation/Fixes\n\nUpgrade to version 9.2.12 or later using the following procedure:\n\n * In IBM Endpoint Manager console, expand **IBM BigFix Inventory **or** IBM License Reporting (ILMT)** node under **Sites** node in the tree panel.\n * Click **Fixlets and Tasks** node. **Fixlets and Tasks** panel will be displayed on the right.\n * In the **Fixlets and Tasks** panel locate _Upgrade to the latest version of __IBM BigFix Inventory 9.x _or _Upgrade to the latest version of IBM License Metric Tool __9.x_ fixlet and run it against the computer that hosts your server.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-10-10T19:56:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633"], "modified": "2019-10-10T19:56:25", "id": "6741B26AC275DEE67E3CD552E49DB1A6359EC6DA4EB7BEDFA3541E9B504EBE43", "href": "https://www.ibm.com/support/pages/node/713683", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:39:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in October 2017 and January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-10356_](<https://vulners.com/cve/CVE-2017-10356>)** **\n\n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/133785_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/133785>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** **\n\n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** **\n\n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** **\n\n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** **\n\n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling External Authentication Server 2.4.3.0 through 2.4.3.0 Fix Pack 2 (2.4.3.2) \nIBM Sterling External Authentication Server 2.4.2.0 through 2.4.2.0 iFix 9\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Sterling External Authentication Server | \n\n2.4.3.2\n\n| \n\n_iFix 1_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.0&platform=All&function=all>) \nIBM Sterling External Authentication Server | \n\n2.4.2.0\n\n| \n\n_iFix 10_\n\n| [_Fix Central_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-12-17T22:56:50", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling External Authentication Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-10356", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633"], "modified": "2019-12-17T22:56:50", "id": "586BBC9F245EA531DFB210F2F8A6E202AA5BA9CC152A9D2E8794FAAF4458DE5E", "href": "https://www.ibm.com/support/pages/node/571917", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-13T09:35:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 7 and Version 8 used by Rational Performance Tester. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nRational Performance Tester versions 8.3, 8.5, 8.6, 8.7, 9.0 and 9.1.\n\n## Remediation/Fixes\n\n**_Product_** | **_VRMF_** | **_APAR_** | **_Remediation/First Fix_** \n---|---|---|--- \nRPT | 9.1 | None | Download \n`[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP15&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>)` \nRPT | 9.0 | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRPT | 8.7 - 8.7.x | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRPT | 8.6 - 8.6.x | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRPT | 8.5 - 8.5.x | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRPT | 8.3 -8.3.x | None | Download[ ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-12T18:20:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2783", "CVE-2018-2790"], "modified": "2018-07-12T18:20:38", "id": "B3D45D2869A46128C141CB5B528583CD30585443FB237BA4D4B33436037C6E7C", "href": "https://www.ibm.com/support/pages/node/717141", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-12T21:33:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 7 and Version 8 used by Rational Service Tester. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nRational Service Tester version 8.3, 8.5, 8.6, 8.7, 9.0 and 9.1.\n\n## Remediation/Fixes\n\n**_Product_** | **_VRMF_** | **_APAR_** | **_Remediation/First Fix_** \n---|---|---|--- \nRST | 9.1 | None | Download \n`[http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR5FP15&source=SAR](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>)` \nRST | 9.0 | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRST | 8.7 - 8.7.x | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRST | 8.6 - 8.6.x | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRST | 8.5 - 8.5.x | None | Download \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \nRST | 8.3 -8.3.x | None | Download[ ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \n[`http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&fixids=Rational-RST-JavaPatch-Java8SR5FP15&source=SAR`](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Performance+Tester&fixids=Rational-RPT-JavaPatch-Java8SR5FP5&source=SAR>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-12T18:16:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2783", "CVE-2018-2790"], "modified": "2018-07-12T18:16:34", "id": "C95A8B937A6CBD06A135F063B01796BA2018504C97160BD39408FE446C9A1F02", "href": "https://www.ibm.com/support/pages/node/717165", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:51:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases used by IBM Platform Symphony 6.1.1, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases used by IBM Platform Symphony 7.1 Fix Pack 1, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases used by IBM Platform Symphony 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Platform Symphony 6.1.1 \n\nIBM Platform Symphony 7.1 Fix Pack 1\n\nIBM Platform Symphony 7.1.1\n\nIBM Spectrum Symphony 7.1.2\n\nIBM Spectrum Symphony 7.2.0.2\n\n## Remediation/Fixes\n\n**Applicability** \nOperating systems: Linux x64 \n \nCluster type: Single grid cluster \n \n**Prerequisite** \nTo install or uninstall the .rpm packages for IBM Spectrum Symphony 7.1.2 and 7.2.0.2, you must have root permission and RPM version 4.2.1 or later must be installed on the host. \n \n**Before installation** \na. Log on to the master host as the cluster administrator. \nb. Disable your applications, stop services, and shut down the cluster: \n> source profile.platform \n> soamcontrol app disable all \n> egosh service stop all \n> egosh ego shutdown all \nc. For Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, back up the JRE folder (under $EGO_TOP/jre/<_EGO_version_>/linux-x86_64/) on all hosts. \nFor example, in a Platform Symphony 7.1.1 cluster, back up the JRE folder at $EGO_TOP/jre/3.3/linux-x86_64/. \nd. For IBM Spectrum Symphony 7.1.2 and 7.2.0.2, uninstall the existing JRE. \na) Query the existing JRE package and uninstall it from the dbpath location, for example: \n> rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-1.8.0.3-408454.x86_64 \n> rpm -e egojre-1.8.0.3-408454.x86_64 --dbpath /tmp/rpm --nodeps \nb) For IBM Spectrum Symphony 7.2.0.2, remove the leftover link under the jre folder, for example: \n> rm -rf $EGO_TOP/jre/8.0.5.0 \n \n**Install this interim fix** \na. Log on to each host as the cluster administrator and replace your current JRE folder with the files in this interim fix. \nFor Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, remove the files in the existing JRE folder and extract the interim package to the JRE folder on all hosts. \nFor example, in a Platform Symphony 7.1.1 cluster, enter the following commands: \n> rm -rf $EGO_TOP/jre/3.3/linux-x86_64/* \n> tar zxfo symSetup_jre8sr5fp11_linux-64_build491204.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64 \nFor IBM Spectrum Symphony 7.1.2 and 7.2.0.2, use the same dbpath and prefix as the installation, for example: \n> rpm \u2013ivh --dbpath /tmp/rpm --prefix /opt/platform egojre-1.8.0.511.x86_64.rpm \nb. Delete all subdirectories and files in the GUI work directory: \n> rm -rf $EGO_TOP/gui/work/* \n> rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory. \nc. Launch your browser and clear the browser cache. \nd. Log on to the master host as the cluster administrator, start the cluster and enable your applications: \n> source profile.platform \n> egosh ego start all \n> soamcontrol app enable <_appName_> \n \n**Verify the installation** \n\u00b7 For Platform Symphony 6.1.1, the following example shows output for the java -version command: \n> java -version \njava version \"1.6.0\" \nJava(TM) SE Runtime Environment (build pxa6460sr16fp60-20180213_02(SR16 FP60)) \nIBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr16fp60-20180125_377078 (JIT enabled, AOT enabled) \nJ9VM - 20180125_377078 \nJIT - r9_20180125_377078 \nGC - GA24_Java6_SR16_20180125_1132_B377078) \nJCL - 20180209_01 \n\u00b7 For Platform Symphony 7.1 Fix Pack 1, the following example shows output for the java -version command: \n> java -version \njava version \"1.7.0\" \nJava(TM) SE Runtime Environment (build pxa6470sr10fp20-20180221_01(SR10 FP20)) \nIBM J9 VM (build 2.6, JRE 1.7.0 Linux amd64-64 Compressed References 20180126_377201 (JIT enabled, AOT enabled) \nJ9VM - R26_Java726_SR10_20180126_1056_B377201 \nJIT - r11_20180126_377201 \nGC - R26_Java726_SR10_20180126_1056_B377201_CMPRSS \nJ9CL - 20180126_377201) \nJCL - 20180221_01 based on Oracle jdk7u171-b11 \n\u00b7 For Platform Symphony 7.1.1, the following example shows output for the java -version command: \n> java -version \njava version \"1.8.0_161\" \nJava(TM) SE Runtime Environment (build 8.0.5.11 - pxa6480sr5fp11-20180326_01(SR5 FP11)) \nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64 Compressed References 20180309_380776 (JIT enabled, AOT enabled) \nOpenJ9 - 49fcaf39 \nOMR - 5cbbadf \nIBM - 4453dac) \nJCL - 20180319_01 based on Oracle jdk8u161-b12 \n\u00b7 For IBM Spectrum Symphony 7.1.2, the following example shows output for the rpm -qa command: \n> rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-1.8.0.511-491204.x86_64 \n\u00b7 For IBM Spectrum Symphony 7.2.0.2, the following example shows output for the rpm -qa command: \n> rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-8.0.5.11-491204.x86_64 \n \n**Uninstallation** \nIf required, follow these instructions to uninstall this interim fix in your cluster: \na. Log on to the master host as the cluster administrator. \nb. Disable your applications, stop services, and shut down the cluster: \n> source profile.platform \n> soamcontrol app disable all \n> egosh service stop all \n> egosh ego shutdown all \nc. Log on to all hosts as the cluster administrator and restore the JRE folder from your backup. \nFor Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, restore your backup to the $EGO_TOP/jre/<_EGO_version_>/linux-x86_64/ folder. For example, in a Platform Symphony 7.1.1 cluster, restore your backup to the $EGO_TOP/jre/3.3/linux-x86_64/ folder. \nFor IBM Spectrum Symphony 7.1.2 and 7.2.0.2, uninstall the existing JRE, then install the old one: \na) Uninstall the JRE fix, for example: \n> rpm -e egojre-1.8.0.511-491204.x86_64 --dbpath /tmp/rpm/ --nodeps \nb) For IBM Spectrum Symphony 7.2.0.2, remove the leftover link under the jre folder, for example: \n> rm -rf $EGO_TOP/jre/8.0.5.11 \nc) Extract the egojre .rpm package from the .bin installation package, for example, for IBM Spectrum Symphony 7.1.2: \n> sym-7.1.2.0_x86_64.bin --extract /opt/extract \nd) Reinstall the old JRE package. Use the same dbpath and prefix as the installation, for example: \n> rpm -ivh --dbpath /tmp/rpm --prefix /opt/extract/egojre-1.8.0.3.x86_64.rpm \nd. Delete all subdirectories and files in the GUI work directory: \n> rm -rf $EGO_TOP/gui/work/* \n> rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory. \ne. Launch your browser and clear the browser cache. \nf. Log on to the master host as the cluster administrator, start the cluster and enable your applications: \n> source profile.platform \n> egosh ego start all \n> soamcontrol app enable <_appName_> \n \n**Packages:**\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM Platform Symphony_| _6.1.1_| _P102477_| _symSetup_jre6sr16fp60_linux-64_build491204.tar.gz: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-6.1.1-build491204&includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-6.1.1-build491204&includeSupersedes=0>) \n_IBM Platform Symphony_| _7.1 Fix Pack 1_| _P102477_| _symSetup_jre7sr10fp20_linux-64_build491204.tar.gz: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build491204&includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build491204&includeSupersedes=0>)_ _ \n_IBM Platform Symphony_| _7.1.1_| _P102477_| _symSetup_jre8sr5fp11_linux-64_build491204.tar.gz for Platform Symphony 7.1.1: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build491204&includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build491204&includeSupersedes=0>) \n_IBM Spectrum Symphony_| _7.1.2_| _P102477_| _egojre-1.8.0.511.x86_64.rpm: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build491204&includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build491204&includeSupersedes=0>) \n_IBM Spectrum Symphony_| _7.2.0.2_| _P102477_| _egojre-8.0.5.11.x86_64.rpm: _ \n[__http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build491204&includeSupersedes=0__](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build491204&includeSupersedes=0>)_ _ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:43:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T01:43:59", "id": "FF972FF475C6691212D41E145A91B62441337954697CD95DE31DD265512A07AD", "href": "https://www.ibm.com/support/pages/node/665265", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7, 7.1, and 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nAIX 5.3, 6.1, 7.1, 7.2 \nVIOS 2.2.x \n \nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed: \nFor Java7: Less than 7.0.0.620 \nFor Java7.1: Less than 7.1.0.420 \nFor Java8: Less than 8.0.0.510 \n \nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide. \n \nExample: ` lslpp -L | grep -i java`\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version. \n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and subsequent releases: \n32-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all>) \n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and subsequent releases: \n32-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all>) \n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and subsequent releases: \n32-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:42:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-18T01:42:33", "id": "39E450D4F111F857D19F138C03812ABD7F598DD51D9F08A4C97B699481E1BA33", "href": "https://www.ibm.com/support/pages/node/664651", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:47:10", "description": "## Summary\n\nThere are multiple vulnerabilities in SDK Java\u2122 Technology Edition used by IBM b-type SAN directors and switches. These issues were disclosed as part of the Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137880> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nProducts | VRMF \n---|--- \nIBM Network Advisor | all VRMFs prior to 14.4.2 \n \n## Remediation/Fixes\n\nProduct | VRMF | Fix \n---|---|--- \nIBM Network Advisor | 14.4.2 | https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=SAN%20management%20software&product=ibm/StorageAreaNetwork/Network+Advisor&release=14.x&platform=All&function=all \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-10-02T14:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java SDK affect IBM b-type SAN directors and switches.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-10-02T14:15:01", "id": "CE226AE24A6E2D3DE67C38C0C6A7A613A0DDDDABCC8ACB8CAFB1CB1EE2157689", "href": "https://www.ibm.com/support/pages/node/733527", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:44:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7, and 8** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Asset Management Essentials, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, and IBM Control Desk. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following IBM Java versions are affected: \n\n\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases\n * IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases\n * IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases\n \nIt is likely that earlier unsupported versions are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers running unsupported versions upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities. \n\n## Remediation/Fixes\n\nThere are two areas where the vulnerabilities in the Java SDK/JDK or JRE may require remediation: \n \n1\\. Application Server \u2013 Update the Websphere Application Server. Refer to [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22013818>) for additional information on updating and maintaining the JDK component within Websphere. Customers with Oracle Weblogic Server, which is not an IBM product and is not shipped by IBM, will also want to update their server. \n \n2\\. Browser Client - Update the Java plug-in used by the browser on client systems, using the remediated JRE version referenced on [_developerWorks JavaTM Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>) or referenced on [_Oracle\u2019s latest Critical Patch Update_](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) (which can be accessed via [_developerWorks JavaTM Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>)). Updating the browser Java plug-in may impact some applets such as Maximo Asset Management Scheduler. Download from IBM FixCentral the latest [_Maximo Asset Management Fix Pack_](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=All&platform=All&function=all&source=fc>). \n \nDue to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.\n\n## Workarounds and Mitigations\n\nUntil you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:49:58", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T15:49:58", "id": "089455FB91FDFE7E0E828CF6E910A5D0E5BA1A056A27C13F87FC0F4D9B5A116A", "href": "https://www.ibm.com/support/pages/node/567435", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:53:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM(R) SDK Java(TM) Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**Summary**\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 used by IBM Fabric Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n**Vulnerability Details**\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>)\n\n**Description:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.\n\nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>)\n\n**Description:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system.\n\nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)\n\n**Description:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system.\n\nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)\n\n**Description:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>)\n\n**Description:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)\n\n**Description:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)\n\n**Description:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)\n\n**Description:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)\n\n**Description:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>)\n\n**Description:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137880> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)\n\n**Description:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)\n\n**Description:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.\n\nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)\n\n**Description:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.\n\nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)\n\n**Description:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)\n\n**Description:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)\n\n**Description:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)\n\n**Description:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)\n\n**Description:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.\n\nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**Affected Products and Versions**\n\nProduct | Version \n---|--- \nIBM Fabric Manager | 4.1 \n \n**Remediation/Fixes**\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nProduct | Fixed Version \n---|--- \nIBM Fabric Manager \n(ibm_sw_ifm-4.1.12.0057_linux_32-64.bin) \n(ibm_sw_ifm-4.1.12.0057_windows_32-64.exe) | 4.1.12.0057 \n \n**Workarounds and Mitigations**\n\nNone.\n\n**References**\n\n * [Complete CVSS V3 Guide](<http://www.first.org/cvss/user-guide>)\n * [On-line Calculator V3](<http://www.first.org/cvss/calculator/3.0>)\n * [IBM Java SDK Security Bulletin](<http://www.ibm.com/support/docview.wss?uid=swg22012965>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/psirt/>) \n[Lenovo Product Security Advisories](<https://support.lenovo.com/us/en/product_security/home>)\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n26 March, 2018: Original Version Published\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-01-28T04:05:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-01-28T04:05:01", "id": "FC7CF2AAADA390A2F462964257D0D7991FF5A6813C6B635D5C2864BCDA584DFB", "href": "https://www.ibm.com/support/pages/node/842572", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:52:59", "description": "## Summary\n\nJava SE issues disclosed in the Oracle January 2018 Critical Patch Update, plus one additional vulnerability\n\n## Vulnerability Details\n\n**CVE IDs:** CVE-2018-2639 CVE-2018-2638 CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579 CVE-2018-1417 \n\n**DESCRIPTION:** This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2018 Critical Patch Update. For more information please refer to [Oracle's January 2018 CPU Advisory](<http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixJAVA>) and the X-Force database entries referenced below.\n\nThis bulletin also describes one additional vulnerability which affects IBM SDK, Java Technology Edition.\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137891> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137890> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n \n**CVEID:** [CVE-2018-1417](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138823> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 55 and earlier releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 55 and earlier releases \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 and earlier releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 15 and earlier releases \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 7 and earlier releases\n\n## Remediation/Fixes\n\nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and subsequent releases \n\nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from [_here_](<http://www.ibm.com/developerworks/java/jdk/index.html>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [_IBM support_](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin.\n\n**APAR numbers are as follows****:**\n\n \n \n[IJ04031](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04031>) (CVE-2018-2639) \n[IJ04034](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04034>) (CVE-2018-2638) \n[IJ04036](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04036>) (CVE-2018-2633) \n[IJ04037](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04037>) (CVE-2018-2637) \n[IJ04038](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04038>) (CVE-2018-2634) \n[IJ04039](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04039>) (CVE-2018-2582) \n[IJ04040](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04040>) (CVE-2018-2641) \n[IJ04041](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04041>) (CVE-2018-2618) \n[IJ04042](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04042>) (CVE-2018-2657) \n[IJ04043](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04043>) (CVE-2018-2603) \n[IJ04044](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04044>) (CVE-2018-2599) \n[IJ04045](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04045>) (CVE-2018-2602) \n[IJ04046](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04046>) (CVE-2018-2678) \n[IJ04047](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04047>) (CVE-2018-2677) \n[IJ04051](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04051>) (CVE-2018-2663) \n[IJ04052](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04052>) (CVE-2018-2588) \n[IJ04053](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04053>) (CVE-2018-2579) \n[IJ04021](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ04021>) (CVE-2018-1417) \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:08:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:08:50", "id": "6143803B3BA40C7530457C980DC767312A530B4633D43773E75FE39165A523D8", "href": "https://www.ibm.com/support/pages/node/303533", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR10 FP15 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2790_](<https://vulners.com/cve/CVE-2018-2790>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141946_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.1.0, 7.5.0.1, 7.5.0.0 \nWebSphere Cast Iron v 7.0.0.2, 7.0.0.1, 7.0.0.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.1.0 \n7.5.0.1 \n7.5.0.0| LI80072| [7.5.1.0-CUMUIFIX-021](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.scrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.vcrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.docker,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.32bit.studio,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.studio&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.2 \n7.0.0.1 \n7.0.0.0| LI80072| [7.0.0.2-CUMUIFIX-041](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.scrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.vcrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-win,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-win,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.32bit.studio,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794"], "modified": "2018-06-15T07:09:25", "id": "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "href": "https://www.ibm.com/support/pages/node/571891", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 that is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:\n\n * 8.1.0.000 through 8.1.5.000\n * 7.1.0.000 through 7.1.9.000\n\n \nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Services (CMS) are affected:\n\n * 8.1.0.000 through 8.1.5.000\n * 7.1.0.000 through 7.1.9.000\n\n## Remediation/Fixes\n\n**Operations \nCenter \nRelease**\n\n| **First Fixing \nVRM Level** | \n \n**Platform** | \n \n**Link to Fix** \n---|---|---|--- \n8.1 | 8.1.5.100 | AIX \nLinux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/8.1.5.100> \n7.1 | 7.1.9.100 | AIX \nLinux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.9.100> \n \n.\n\n**Client \nManagement Service (CMS) \nRelease** | **First Fixing \nVRM Level** | \n \n \n**Platform** | \n \n \n**Link to Fix** \n---|---|---|--- \n8.1 | 8.1.5.100 | Linux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/cms/8.1.5.100> \n7.1 | 7.1.9.100 | Linux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/cms/7.1.9.100> \n \n.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-08-28T00:04:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-2579, CVE-2018-2693, CVE-2018-2783)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2603", "CVE-2018-2693", "CVE-2018-2783"], "modified": "2018-08-28T00:04:56", "id": "0BAE3F39743A07D73D933FC781394D4C201498DFFDE65C7CA1A49531921269DC", "href": "https://www.ibm.com/support/pages/node/715217", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in Jan 2018. \n\n\n## Vulnerability Details\n\n \n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION: **Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Guardium**\n\n| \n**Affected Versions** \n---|--- \nIBM Security Guardium | \n10.0-10.5 \n \n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium | 10.0-10.5 | [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/\u2026](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p505_Bundle_Jun-24-2018&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-09-07T15:14:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-09-07T15:14:08", "id": "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "href": "https://www.ibm.com/support/pages/node/715207", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:48:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0.10.15 used by IBM Cloud Manager with OpenStack. These issues were disclosed as part of IBM SDK, Java Technology Edition Quarterly CPU - Jan 2018 - Includes Oracle Jan 2018 CPU. [</ br>] [</ br>] \nIBM Cloud Manager with OpenStack has addressed these vulnerabilities. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you must evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Principal Product **\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Cloud Manager with OpenStack| 4.3 \nbr> \nbr>\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Cloud Manager with OpenStack| 4.3| Upgrade to 4.3 FP 10: \n[**_http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.10-IBM-CMWO-FP10&source=SAR_**](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FOther+software%2FCloud+Manager+with+Openstack&fixids=4.3.0.10-IBM-CMWO-FP10&source=SAR>) \nbr> \nbr>\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-08T04:13:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Manager with OpenStack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-08-08T04:13:55", "id": "6C45A29D024C9D6F0CAB22E79C478F9FCA9379B61519F60C5A7C254D98E20DDE", "href": "https://www.ibm.com/support/pages/node/664851", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by z/TPF. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nz/TPF Enterprise Edition Version 1.1.14 - 1.1.15\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nz/TPF| 1.1.14 - 1.1.15| PJ45246| Download and install the `PJ45246_ibm-java-jre-8.0-5.10.tar.gz` package from the [IBM 64-bit Runtime Environment for z/TPF, Java Technology Edition, Version 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24043118>) download page. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:09:02", "id": "21C909AA925BE0E93928A0ED421E76EC14F61544DF856B3B672A7C484A22B9C6", "href": "https://www.ibm.com/support/pages/node/568141", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6, 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2639](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137891](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2638](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137890](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137836](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137893](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137870](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2629](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137880](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137851](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137933](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137833](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [CVE-2018-1417](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/138823](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nPlatform Cluster Manager Standard Edition Version 4.1.0, 4.1.1 and 4.1.1.1 \n\nPlatform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1\n\nPlatform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1\n\nSpectrum Cluster Foundation 4.2.2\n\n## Remediation/Fixes\n\n**Platform Cluster Manager 4.1.x & Platform HPC 4.1.x**\n\n1\\. Download IBM JRE 6.0 x86_64 from the following location: [_http://www.ibm.com/support/fixcentral_](<http://www.ibm.com/support/fixcentral>). (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n\n3\\. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n\n4\\. On the management node, stop GUI and PERF services\n\nHA disabled:# pmcadmin stop \n# perfadmin stop allHA enabled:# egosh user logon -u Admin -x Admin \n# egosh service stop all\n\n5\\. On management node, extract new JRE files and replace some old folders with new ones.\n\n# tar -zxvf ibm-java-jre-6.0-16.60-linux-x86_64.tgz \n# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-60/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-60/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-60/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n6\\. On management node, start GUI and PERF services\n\nHA disabled:# pmcadmin start \n# perfadmin start allHA enabled:# egosh user logon -u Admin -x Admin \n# egosh service start all\n\n**Platform Cluster Manager 4.2.x & Platform HPC 4.2.x & Spectrum Cluster Foundation 4.2.2**\n\n1\\. Download IBM JRE 7.0 x86_64 from the following location: [_http://www.ibm.com/support/fixcentral_](<http://www.ibm.com/support/fixcentral>). (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n\n3\\. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n\n4\\. On the management node, stop GUI and PERF services\n\n# pcmadmin service stop --group ALL\n\n5\\. On management node, extract new JRE files and replace some old folders with new ones.\n\n# tar -zxvf ibm-java-jre-7.0-10.20-linux-x86_64.tgz \n# mv /opt/pcm/jre/bin /opt/pcm/jre/bin-old \n# mv /opt/pcm/jre/lib /opt/pcm/jre/lib-old \n# mv /opt/pcm/jre/plugin /opt/pcm/jre/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/jre/# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n6\\. On management node, start GUI and PERF services\n\n# pcmadmin service start --group ALL\n\n7\\. If high availability is enabled, start up standby management node, and replace bin, lib, plugin folders under /opt/pcm/web-portal/jre/linux-x86_64, on standby management node.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-05-23T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-05-23T05:10:01", "id": "3CC25C048EFF153229D754CCC6D44E3776394424BB1F44D1F35AEC5747AAB64B", "href": "https://www.ibm.com/support/pages/node/706173", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:50:38", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n \n**CVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[_Not Applicable_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=Not%20Applicable>) \n**DESCRIPTION: **Use this if you deliver IBM Java and are N/A to the IBM Java SDK update vulnerabilities because the vulnerabilities could not be exploited by your product. However, customers could run their own Java code using the IBM Java Runtime delivered with your product. \nCVSS Base Score: 0 \nCVSS Temporal Score: See for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: () \n \n**CVEID: **[_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION: **Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nSpectrum LSF Analytics: 9.1.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nSpectrum LSF Analytics | 9.1.4 | _None_ | 1\\. Download LSF Analytics 9.1.4 Fix 486808 installation package from the following location: <http://www.ibm.com/support/fixcentral>. Select the fix for download after searching product 'Platform Analytics' and version '9.1.4'. \n2\\. Install the package by LSF Analytics 9.1.4 Fix 486808 README file. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-09T11:21:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-07-09T11:21:26", "id": "0A3185367C4C819CB6D1F686A54CF066C2C0634F508315519FDBA3FECD7B7689", "href": "https://www.ibm.com/support/pages/node/713929", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:42:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM i.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected. \n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to the IBM i Operating System. \n \nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \n \nPlease see the Java document at this URL for the latest Java information for IBM i: \n[_https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Java%20on%20IBM%20i_](<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Java%20on%20IBM%20i>) \n \nThe IBM i Group PTF numbers containing the fix for these CVEs follow. Future Group PTFs for Java will also contain the fixes for these CVEs. \n \n** Release 7.1 \u2013 SF99572 level 31** \n** Release 7.2 \u2013 SF99716 level 16** \n**Release 7.3 \u2013 SF99725 level 8** \n \n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-12-18T14:26:38", "id": "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "href": "https://www.ibm.com/support/pages/node/688037", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:50:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK quarterly updates in January 2018. IBM PureApplication System has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>) \n**DESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2638_](<https://vulners.com/cve/CVE-2018-2638>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137890_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137890>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2639_](<https://vulners.com/cve/CVE-2018-2639>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137891_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137891>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM PureApplication System V2.2.3.0 \nIBM PureApplication System V2.2.3.1 \nIBM PureApplication System V2.2.3.2 \nIBM PureApplication System V2.2.4.0 \nIBM PureApplication System V2.2.5.0 \nIBM PureApplication System V2.2.5.1\n\n## Remediation/Fixes\n\nThe PureSystems\u00ae Managers on IBM PureApplication System is affected. The solution is to upgrade the IBM PureApplication System to the following fix level: \n \nIBM PureApplication System V2.2.5.2. \n \nIBM recommends upgrading to a fixed version of the product. Contact IBM for assistance. \n \nBluemix Local System is the evolution of the IBM PureApplication\u00ae System Intel\u2122 based offerings. \n \n**_AIX_** \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=All&function=fixId&fixids=Java_Update_AIX_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=All&function=fixId&fixids=Java_Update_AIX_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n**_Linux_** \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=Linux&function=fixId&fixids=Java_Update_Linux_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=Linux&function=fixId&fixids=Java_Update_Linux_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n**_Windows_** \n[https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=Linux&function=fixId&fixids=Java_Update_Windows_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.2.5.2&platform=Linux&function=fixId&fixids=Java_Update_Windows_Apr_2018-sys&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \nInformation about upgrading can be found here: <http://www-01.ibm.com/support/docview.wss?uid=swg27039159>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-02T14:53:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2638", "CVE-2018-2639", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-07-02T14:53:57", "id": "308C17C0C6FCE405B0E11B61D017D5167AF357A61BC5A5CACF4B9D2A53C4762F", "href": "https://www.ibm.com/support/pages/node/715233", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:51:24", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" locat