Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM28210593A655DBF24FCB0A06F5D95C2E1AE5C3B6084EE729AAED0B92B3B2A298
HistoryJun 17, 2018 - 3:10 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Storage FlashCopy Manager on Solaris and HP-UX platforms (CVE-2015-0383)

2018-06-1715:10:24
www.ibm.com
8

5.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:P/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition that is used by FlashCopy Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015.

Vulnerability Details

CVEID: CVE-2015-0383**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.
CVSS Base Score: 5.4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100148&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C)

Affected Products and Versions

IBM Tivoli Storage FlashCopy Manager for UNIX and LINUX, FlashCopy Manager for DB2, FlashCopy Manager for Oracle, FlashCopy Manager for Oracle with SAP environments, and FlashCopy Manager for Custom Applications running on Solaris and HP-UX platforms are affected at these levels:
- 4.1.0.0 through 4.1.1.2
- 3.2.0.0 through 3.2.0.4
- 3.1.0.0 through 3.1.0.1

Remediation/Fixes

Tivoli Storage FlashCopy Manager for Unix Release

| First Fixing VRMF Level|_
Client_ Platform|Link to Fix / Fix Availability Target
—|—|—|—
4.1| 4.1.1.3| HP-UX| <ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/hpux/v4113/&gt;

| 4.1.1.3| Solaris| <ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v4r1/solaris/v4113/&gt;

|
|
|

3.2| 3.2.0.5| HP-UX| Note that 3.2.0.5 is no longer available for download. You can download 3.2.0.9 to obtain the fix:<ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/hpux/v3209/&gt;

| 3.2.0.5| Solaris| Note that 3.2.0.5 is no longer available for download. You can download 3.2.0.9 to obtain the fix:
ftp://public.dhe.ibm.com/storage/tivoli-storage-flashcopymanager/patches/v3r2/solaris/v3209/

|
|
|

3.1| 3.1.0.2| HP-UX
Solaris| Fixes for release 3.1 are no longer available for download as this release is no longer supported. Customers requiring fixes should upgrade to the latest release which contains the most recent security fixes. Contact IBM Support with any questions.

Workarounds and Mitigations

None

Related

nessus 53
openvas 41
fedora 3
ubuntucve 1
cve 1
cvelist 1
ibm 24
veracode 14
prion 1
debiancve 1
f5 4
redhat 8
centos 5
mageia 2
oraclelinux 4
debian 3
amazon 4
osv 2
ubuntu 2
suse 3
archlinux 6
kaspersky 1
gentoo 2
securityvulns 1
oracle 1
nessus
nessus
Fedora 20 : java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 (2015-8251)
2015-05-29 00:00:00
Fedora 21 : java-1.8.0-openjdk-1.8.0.45-38.b14.fc21 (2015-8264)
2015-05-18 00:00:00
Fedora 22 : java-1.8.0-openjdk-1.8.0.45-38.b14.fc22 (2015-8226)
2015-05-27 00:00:00
openvas
openvas
Fedora Update for java-1.8.0-openjdk FEDORA-2015-8251
2015-06-09 00:00:00
Fedora Update for java-1.8.0-openjdk FEDORA-2015-8264
2015-06-09 00:00:00
Fedora Update for java-1.8.0-openjdk FEDORA-2015-8226
2015-07-07 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc21
2015-05-17 06:40:01
[SECURITY] Fedora 22 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc22
2015-05-26 03:54:26
[SECURITY] Fedora 20 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc20
2015-05-27 16:03:58
ubuntucve
ubuntucve
CVE-2015-0383
2015-01-21 00:00:00
cve
cve
CVE-2015-0383
2015-01-21 18:59:00
cvelist
cvelist
CVE-2015-0383
2015-01-21 18:00:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK affects IBM® DB2® LUW on HP-UX and Solaris (CVE-2015-0383)
2018-06-16 13:11:08
Security Bulletin: IBM Java SDK Vulnerability affect IBM DB2 Accessories Suite for Linux, Unix and Windows (CVE-2015-0383)
2018-06-16 13:11:31
Security Bulletin: Three vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM (CVE-2014-6593, CVE-2015-0410, and CVE-20150-0383)
2018-06-17 12:10:11
veracode
veracode
Denial Of Service (DoS)
2019-05-02 05:07:17
Arbitrary Code Execution
2019-05-02 05:40:33
Sandbox Restrictions Bypass
2019-05-02 05:40:37
prion
prion
Design/Logic Flaw
2015-01-21 18:59:00
debiancve
debiancve
CVE-2015-0383
2015-01-21 18:59:00
f5
f5
K16353 : Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16353 - Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
K16352 : Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
redhat
redhat
(RHSA-2015:0067) Critical: java-1.7.0-openjdk security update
2015-01-21 00:00:00
(RHSA-2015:0085) Important: java-1.6.0-openjdk security update
2015-01-26 00:00:00
(RHSA-2015:0068) Important: java-1.7.0-openjdk security update
2015-01-20 00:00:00
centos
centos
java security update
2015-01-21 05:35:44
java security update
2015-01-26 19:17:49
java security update
2015-01-21 05:42:52
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2015-01-24 17:32:04
Updated java-1.8.0-openjdk package fixes security vulnerabilities
2015-07-27 12:53:07
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.6.0-openjdk security update
2015-01-26 00:00:00
debian
debian
[SECURITY] [DSA 3147-1] openjdk-6 security update
2015-01-30 15:57:44
[SECURITY] [DLA 157-1] openjdk-6 security update
2015-02-24 18:21:33
[SECURITY] [DSA 3144-1] openjdk-7 security update
2015-01-29 21:57:46
amazon
amazon
Important: java-1.6.0-openjdk
2015-02-11 19:38:00
Critical: java-1.7.0-openjdk
2015-01-22 14:18:00
Important: java-1.8.0-openjdk
2015-01-22 14:20:00
osv
osv
openjdk-6 - security update
2015-01-30 00:00:00
openjdk-6 - security update
2015-02-24 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-01-27 00:00:00
OpenJDK 7 vulnerabilities
2015-01-28 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-02-02 12:04:48
Security update for java-1_7_0-openjdk (important)
2015-03-16 12:05:47
Security update for java-1_7_0-openjdk (important)
2015-02-20 00:04:57
archlinux
archlinux
jre7-openjdk-headless: multiple issues
2015-01-23 00:00:00
jdk7-openjdk: multiple issues
2015-01-23 00:00:00
jre8-openjdk-headless: multiple issues
2015-01-23 00:00:00
kaspersky
kaspersky
KLA10447 Multiple vulnerabilities in Java SE
2015-01-13 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-07-10 00:00:00
IcedTea: Multiple vulnerabilities
2016-03-12 00:00:00
securityvulns
securityvulns
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-01-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00

5.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:P/A:C

JSON
Related for 28210593A655DBF24FCB0A06F5D95C2E1AE5C3B6084EE729AAED0B92B3B2A298
nessus53openvas41fedora3ubuntucve1cve1cvelist1ibm24veracode14prion1debiancve1f54redhat8centos5mageia2oraclelinux4debian3amazon4osv2ubuntu2suse3archlinux6kaspersky1gentoo2securityvulns1oracle1