8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
There are multiple vulnerabilities in the IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2019.
CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 5.9
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/159776>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2019-2602 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors.
CVSS Base Score: 7.5
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/159698>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID: CVE-2019-2697 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/159789>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2019-2698 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 8.1
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/159790>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7
Product
|
VRMF
|
APAR
|
Remediation/First Fix
—|—|—|—
InfoSphere Information Server, Information Server on Cloud
|
11.7
|
|
--Follow instructions in the README
InfoSphere Information Server, Information Server on Cloud
|
11.5
|
|
--Follow instructions in the README
InfoSphere Information Server
|
11.3
|
|
--Follow instructions in the README
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm infosphere information server | eq | 11.3 | |
ibm infosphere information server | eq | 11.5 | |
ibm infosphere information server | eq | 11.7 |
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P