Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2CB716EC5AD55C9B9CA8F38B3BD361C325C4702D59D3A87FBF4419DC5E57E2A1
HistoryFeb 23, 2022 - 5:02 p.m.

Security Bulletin: IBM QRadar SIEM and IBM QRadar Risk Manager can be affected by Multiple Vulnerabilities in the IBM Java Runtime Environment (CVE-2014-3065, CVE-2014-6512)

2022-02-2317:02:11
www.ibm.com
24

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.7%

JSON

Summary

Previous releases of IBM QRadar SIEM, and IBM QRadar Risk Manager is affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7.

Vulnerability Details

CVE-ID: CVE-2014-3065

Description: Unspecified vulnerability in IBM Java Runtime Environment could allow local users to execute arbitrary code via vectors related to the shared classes cache.

CVSS Base Score: 6.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/93629 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C)

CVE-ID: CVE-2014-6512

Description: It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/97147 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

  • IBM QRadar SIEM 7.2.4 Patch 3 and earlier
  • IBM QRadar Risk Manager 7.2.4 Patch 3 and earlier
  • IBM QRadar SIEM 7.1 MR2 Patch 9 and earlier
  • IBM QRadar Risk Manager 7.1 MR2 Patch 9 and earlier

Remediation/Fixes

The vulnerability has been fixed in the follow versions of QRadar Risk Manager:

* [QRadar SIEM 7.2.4 Patch 4](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.4-QRADAR-QRSIEM-1040318&includeRequisites=0&includeSupersedes=0&downloadMethod=http>)
* [QRadar SIEM 7.1 MR2 Patch 10](<http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=All&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-1036373&includeRequisites=0&includeSupersedes=0&downloadMethod=http>)

Workarounds and Mitigations

None

Related

ibm 40
veracode 7
cvelist 2
cve 2
prion 2
debiancve 1
ubuntucve 1
nessus 45
redhat 12
openvas 40
suse 8
aix 1
debian 3
osv 3
oraclelinux 4
centos 4
amazon 3
mageia 1
ubuntu 3
f5 2
kaspersky 1
securityvulns 2
gentoo 1
oracle 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection (CVE-2014-6512, CVE-2014-6457, CVE-2014-6558, CVE-2014-3065)
2018-06-16 21:22:21
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6457, CVE-2014-3065)
2018-06-16 13:08:09
Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the vulnerabilities in the IBM JRE and Tivoli Directory Server
2018-06-17 14:54:35
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:03:04
Authorization Bypass
2019-05-02 05:05:22
Privilege Escalation
2019-05-02 05:12:51
cvelist
cvelist
CVE-2014-3065
2014-12-02 01:00:00
CVE-2014-6512
2014-10-15 22:03:00
cve
cve
CVE-2014-3065
2014-12-02 01:59:00
CVE-2014-6512
2014-10-15 22:55:00
prion
prion
Design/Logic Flaw
2014-12-02 01:59:00
Buffer overflow
2014-10-15 22:55:00
debiancve
debiancve
CVE-2014-6512
2014-10-15 22:55:00
ubuntucve
ubuntucve
CVE-2014-6512
2014-10-15 00:00:00
nessus
nessus
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)
2014-11-21 00:00:00
Oracle JRockit R27.8.3 / R28.3.3 Multiple Vulnerabilities (October 2014 CPU)
2014-10-15 00:00:00
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2014:1877) (POODLE)
2014-11-20 00:00:00
redhat
redhat
(RHSA-2014:1881) Important: java-1.5.0-ibm security update
2014-11-20 00:00:00
(RHSA-2014:1877) Critical: java-1.6.0-ibm security update
2014-11-19 00:00:00
(RHSA-2014:1876) Critical: java-1.7.0-ibm security update
2014-11-19 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2014) - Windows
2014-10-20 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2014) - Linux
2014-10-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1541-1)
2021-06-09 00:00:00
suse
suse
Security update for java-1_5_0-ibm (important)
2015-02-25 19:05:32
Security update for java-1_6_0-ibm (important)
2015-02-21 01:07:10
Security update for IBM Java (important)
2014-12-02 19:04:43
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48
debian
debian
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:44:06
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:46
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:26:06
osv
osv
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-26 00:00:00
openjdk-6 - security update
2014-11-28 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
centos
centos
java security update
2014-10-15 11:42:17
java security update
2014-10-15 12:22:05
java security update
2014-10-15 11:48:47
amazon
amazon
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
f5
f5
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00
securityvulns
securityvulns
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
2015-01-25 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2014-11-03 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2015-02-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.7%

JSON
Related for 2CB716EC5AD55C9B9CA8F38B3BD361C325C4702D59D3A87FBF4419DC5E57E2A1
ibm40veracode7cvelist2cve2prion2debiancve1ubuntucve1nessus45redhat12openvas40suse8aix1debian3osv3oraclelinux4centos4amazon3mageia1ubuntu3f52kaspersky1securityvulns2gentoo1oracle1