5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.063 Low
EPSS
Percentile
92.6%
This advisory covers all the issues disclosed by Oracle in their April 2015 Critical Patch Update (CPU), plus additional CVEs which are specific to the IBM JRE/SDK.
CVE-2015-1916_ _ Description: Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5.00
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101995 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
CVE-2015-0488 Description: An unspecified vulnerability in Oracle Java SE and Jrockit related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5.00
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102336 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
IBM Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 4.1 through 5.3
OPM Version
| Download URL
—|—
4.1 - 5.1.1.1| Replace JRE (V6 SR16-Fix Pack 4)
5.2 – 5.3.1| Replace JRE (V7 SR9)
You must replace the IBM® Runtime Environment, Java™ Technology Edition that is installed with IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows with the latest IBM® Runtime Environment, Java™ Technology Edition. Detailed instructions are provided in the tech-note: __“Updating the __IBM Runtime Environment, Java™ Technology Edition__ for InfoSphere Optim Performance Manager__”.
None