Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM279DF7F5F123A843588622F2CFFF648DF475F6C7BD44DA56FA3B20CF984A9786
HistoryJun 15, 2018 - 7:06 a.m.

Security Bulletin: A vulnerability in IBM® Java™ SDK affects IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. (CVE-2016-3485)

2018-06-1507:06:56
www.ibm.com
6

2.9 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition that is used by IBM OS Images for Red Hat Linux Systems, AIX-based, and Windows-based deployments. This issue was disclosed as part of the IBM Java SDK updates in July 2016.

Vulnerability Details

CVEID: CVE-2016-3485 DESCRIPTION: An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM OS Image for Red Hat Linux Systems 3.0.0.0 and earlier.
IBM OS Image for AIX Systems 2.1.1.0 and earlier.

Remediation/Fixes

Virtual machines deployed from IBM PureApplication Systems are affected. This includes RedHat Linux, AIX-based, and Windows-based deployments. The solution is to apply the following IBM PureApplication System fix to the deployed virtual machines.

Java Update for Linux
https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_Linux_Dec_2016-sys&includeRequisites=1&includeSupersedes=0

Java Update for Windows
https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_Windows_Dec_2016-sys&includeRequisites=1&includeSupersedes=0

Java Update for AIX
https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=Java_Update_AIX_Dec_2016-sys&includeRequisites=1&includeSupersedes=0

1. Import the fix into the Emergency Fix catalogue.
2. For deployed instances, apply this emergency fix on the VM.
3. Restart the deployed instance after the fix is applied.

Workarounds and Mitigations

None

Related

ibm 78
suse 11
nessus 21
prion 1
openvas 14
ubuntucve 1
redhatcve 1
cve 1
debiancve 1
aix 1
kaspersky 1
gentoo 2
oracle 1
ibm
ibm
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM MQ Light (CVE-2016-3485)
2018-06-15 07:06:04
Security Bulletin: Vulnerability in IBM Java Runtime affects IBM SPSS Statistics (CVE-2016-3485)
2018-06-16 13:44:45
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2016-3485)
2018-06-17 05:16:38
suse
suse
Security update for java-1_6_0-ibm (important)
2016-09-21 20:10:47
Security update for java-1_8_0-ibm (important)
2016-11-04 15:16:34
Security update for java-1_7_1-ibm (important)
2016-09-07 20:09:17
nessus
nessus
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2348-1)
2016-09-22 00:00:00
SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)
2019-01-02 00:00:00
AIX Java Advisory : java_july2016_advisory.asc (July 2016 CPU)
2016-11-18 00:00:00
prion
prion
Buffer overflow
2016-07-21 10:12:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2348-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2430-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2261-1)
2021-06-09 00:00:00
ubuntucve
ubuntucve
CVE-2016-3485
2016-07-21 00:00:00
redhatcve
redhatcve
CVE-2016-3485
2016-07-20 08:18:31
cve
cve
CVE-2016-3485
2016-07-21 10:12:00
debiancve
debiancve
CVE-2016-3485
2016-07-21 10:12:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-08-18 15:35:03
kaspersky
kaspersky
KLA10849 Multiple vulnerabilities in Oracle Java SE
2016-07-19 00:00:00
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2016-10-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00

2.9 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

JSON
Related for 279DF7F5F123A843588622F2CFFF648DF475F6C7BD44DA56FA3B20CF984A9786
ibm78suse11nessus21prion1openvas14ubuntucve1redhatcve1cve1debiancve1aix1kaspersky1gentoo2oracle1