Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2748115B8827AEEB9EE4F46184B9E8999C4D22B9C32938C1B0905130332D0FE2
HistoryJun 29, 2018 - 5:30 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM API Connect

2018-06-2917:30:05
www.ibm.com
13

0.015 Low

EPSS

Percentile

86.9%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ used by IBM API Connect.

These issues were disclosed as part of the IBM Java SDK updates in October 2017, January 2018, and April 2018.

Vulnerability Details

CVEID: CVE-2017-10295 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Networking component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133729&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)

CVEID: CVE-2017-10355 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133784&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-10356 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133785&gt; for the current score

CVEID: CVE-2018-2603 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2657 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-2633 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2018-1417 DESCRIPTION: Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138823&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2018-2783 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

IBM API Connect V5.0.0.0 - V5.0.8.3

Remediation/Fixes

Affected Product Addressed in VRMF APAR Remediation/First Fix
IBM API Connect 5.0.8.4 LI80202

Addressed in IBM API Connect V5.0.8.4.

Follow this link and find the “APIConnect_Management” and “apiconnect-collective-controller” packages:

https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7…

Workarounds and Mitigations

None

Related

ibm 123
nessus 5
nvd 8
debiancve 7
prion 8
ubuntucve 7
veracode 8
redhatcve 8
exploitpack 1
cve 8
cvelist 8
openvas 5
f5 1
exploitdb 1
redhat 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and Client Management Service (CVE-2017-10295, CVE-2017-10355, CVE-2017-10356)
2018-06-17 15:49:33
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational Synergy
2020-12-22 18:05:37
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2018-2633, CVE-2018-2603, CVE-2018-2657)
2023-01-17 17:34:08
nessus
nessus
Oracle JRockit R28.3.15 Multiple Vulnerabilities (October 2017 CPU)
2017-10-18 00:00:00
RHEL 6 : oracle_jdk (Unpatched Vulnerability)
2024-05-11 00:00:00
IBM Java 7.1 < 7.1.4.20 / 8.0 < 8.0.5.10
2022-04-29 00:00:00
nvd
nvd
CVE-2017-10355
2017-10-19 17:29:04
CVE-2018-2657
2018-01-18 02:29:21
CVE-2017-10295
2017-10-19 17:29:02
debiancve
debiancve
CVE-2018-2657
2018-01-18 02:29:21
CVE-2017-10355
2017-10-19 17:29:04
CVE-2017-10295
2017-10-19 17:29:02
prion
prion
Code injection
2018-01-18 02:29:00
Code injection
2017-10-19 17:29:00
Design/Logic Flaw
2017-10-19 17:29:00
ubuntucve
ubuntucve
CVE-2017-10295
2017-10-19 00:00:00
CVE-2017-10355
2017-10-19 00:00:00
CVE-2017-10356
2017-10-19 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 06:37:52
Denial Of Service (DoS)
2019-05-02 06:37:53
Information Disclosure
2019-05-02 06:37:53
redhatcve
redhatcve
CVE-2017-10295
2019-11-07 22:14:25
CVE-2017-10355
2020-10-05 05:26:13
CVE-2018-2657
2019-10-10 09:33:19
exploitpack
exploitpack
Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service
2017-08-30 00:00:00
cve
cve
CVE-2017-10355
2017-10-19 17:29:04
CVE-2017-10295
2017-10-19 17:29:02
CVE-2017-10356
2017-10-19 17:29:04
cvelist
cvelist
CVE-2017-10355
2017-10-19 17:00:00
CVE-2017-10356
2017-10-19 17:00:00
CVE-2017-10295
2017-10-19 17:00:00
openvas
openvas
Oracle Java SE Security Updates (jan2018-3236628) 01 - Linux
2018-01-17 00:00:00
Oracle Java SE Security Updates (jan2018-3236628) 01 - Windows
2018-01-17 00:00:00
IBM Java SDK Remote Privilege Escalation Vulnerability - Linux
2018-08-09 00:00:00
f5
f5
K44923228 : Oracle Java SE vulnerability CVE-2018-2783
2018-05-10 00:00:00
exploitdb
exploitdb
Oracle Java JDK/JRE &lt; 1.8.0.131 / Apache Xerces 2.11.0 - &#039;PDF/Docx&#039; Server Side Denial of Service
2017-08-30 00:00:00
redhat
redhat
(RHSA-2018:0521) Important: java-1.7.1-ibm security update
2018-03-14 15:08:27

0.015 Low

EPSS

Percentile

86.9%

JSON
Related for 2748115B8827AEEB9EE4F46184B9E8999C4D22B9C32938C1B0905130332D0FE2
ibm123nessus5nvd8debiancve7prion8ubuntucve7veracode8redhatcve8exploitpack1cve8cvelist8openvas5f51exploitdb1redhat1