6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.006 Low
EPSS
Percentile
78.7%
Previous releases of IBM QRadar SIEM, and IBM QRadar Risk Manager is affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7.
CVE-ID: CVE-2014-3065
Description: Unspecified vulnerability in IBM Java Runtime Environment could allow local users to execute arbitrary code via vectors related to the shared classes cache.
CVSS Base Score: 6.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/93629 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)
CVE-ID: CVE-2014-6512
Description: It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/97147 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
The vulnerability has been fixed in the follow versions of QRadar Risk Manager:
* [QRadar SIEM 7.2.4 Patch 4](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.4-QRADAR-QRSIEM-1040318&includeRequisites=0&includeSupersedes=0&downloadMethod=http>)
* [QRadar SIEM 7.1 MR2 Patch 10](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=All&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-1036373&includeRequisites=0&includeSupersedes=0&downloadMethod=http>)
None