Lucene search

K
ibmIBM2C3BCE81845FA3C58E03B519C190DD8B3AC3F3BB94872F60CA53BF5AD5F80C13
HistoryJul 08, 2021 - 9:30 p.m.

Security Bulletin: Security vulnerabilities affecting IBM InfoSphere Optim Performance Manager (CVE-2015-1916, CVE-2015-0488)

2021-07-0821:30:52
www.ibm.com
19

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.063 Low

EPSS

Percentile

92.6%

Summary

This advisory covers all the issues disclosed by Oracle in their April 2015 Critical Patch Update (CPU), plus additional CVEs which are specific to the IBM JRE/SDK.

Vulnerability Details

CVE-2015-1916_ _ Description: Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.

CVSS Base Score: 5.00
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101995 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

CVE-2015-0488 Description: An unspecified vulnerability in Oracle Java SE and Jrockit related to the JSSE component could allow a remote attacker to cause a denial of service.

CVSS Base Score: 5.00
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102336 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected Products and Versions

IBM Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 4.1 through 5.3

Remediation/Fixes

OPM Version

| Download URL
—|—
4.1 - 5.1.1.1| Replace JRE (V6 SR16-Fix Pack 4)
5.2 – 5.3.1| Replace JRE (V7 SR9)

You must replace the IBM® Runtime Environment, Java™ Technology Edition that is installed with IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows with the latest IBM® Runtime Environment, Java™ Technology Edition. Detailed instructions are provided in the tech-note: __“Updating the __IBM Runtime Environment, Java™ Technology Edition__ for InfoSphere Optim Performance Manager__.

Workarounds and Mitigations

None

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.063 Low

EPSS

Percentile

92.6%