Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2CCC0082C741DDB5DC34B25ECB013C676FA97F07AF06FE2F7165FEE41D61E833
HistoryMar 23, 2020 - 8:41 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker and IBM Integration Bus (CVE-2016-3485)

2020-03-2320:41:52
www.ibm.com
5

0.001 Low

EPSS

Percentile

45.6%

JSON

Summary

Multiple security vulnerabilities exist in the IBM® Runtime Environment Java™ Technology Edition 6.0.16.26 (and earlier) used by WebSphere Message Broker, and the IBM® Runtime Environment Java™ Technology Edition 7.0.9.40 (and earlier) used by WebSphere Message Broker and IBM Integration Bus, and the IBM® Runtime Environment Java™ Technology Edition 7.1.3.40 (and earlier) used by IBM Integration Bus. These issues were disclosed as part of the IBM Java SDK updates in July 2016.

Vulnerability Details

CVEID: CVE-2016-3485**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 2.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/115273 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Integration Bus V10, V9

WebSphere Message Broker V8

Remediation/Fixes

Product

| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V10| IT16743 | The APAR is available in fix pack 10.0.0.7
<https://www-304.ibm.com/support/docview.wss?uid=swg24043068&gt;
IBM Integration Bus| V9| IT16743| The APAR is available in fix pack 9.0.0.7
<http://www-01.ibm.com/support/docview.wss?uid=swg24043227&gt;
WebSphere Message Broker | V8| IT16743| An interim fix is available from IBM Fix Central for all platforms
http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=All&platform=All&function=aparId&apars=IT16743

If you are running with a fix pack earlier than 8.0.0.7 and do not have IT03599 applied then you must upgrade your fix pack level to 8.0.0.7 or higher, or request IT16735 via IBM support.

APAR IT16743 is targeted to be available in fix pack 8.0.0.9

For unsupported versions of the product IBM recommends upgrading to a fixed, supported version/release/platform of the product.

The planned maintenance release dates for WebSphere Message Broker and IBM Integration Bus are available at :
http://www.ibm.com/support/docview.wss?uid=swg27006308

Related

nvd 1
ibm 78
prion 1
openvas 14
cvelist 1
nessus 21
suse 11
cve 1
redhatcve 1
ubuntucve 1
debiancve 1
aix 1
kaspersky 1
gentoo 2
oracle 1
nvd
nvd
CVE-2016-3485
2016-07-21 10:12:39
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications.
2018-06-16 20:07:04
Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2016-3485)
2018-07-10 08:34:12
Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Enterprise Service Bus (CVE-2016-3485 )
2018-06-15 07:06:13
prion
prion
Buffer overflow
2016-07-21 10:12:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:2348-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2430-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:2261-1)
2021-06-09 00:00:00
cvelist
cvelist
CVE-2016-3485
2016-07-21 10:00:00
nessus
nessus
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2348-1)
2016-09-22 00:00:00
SUSE SLES12 Security Update : java-1_6_0-ibm (SUSE-SU-2016:2430-1)
2019-01-02 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2016:2347-1)
2016-09-22 00:00:00
suse
suse
Security update for java-1_6_0-ibm (important)
2016-09-21 20:10:47
Security update for java-1_7_1-ibm (important)
2016-09-07 20:09:17
Security update for java-1_8_0-ibm (important)
2016-11-04 15:16:34
cve
cve
CVE-2016-3485
2016-07-21 10:12:39
redhatcve
redhatcve
CVE-2016-3485
2016-07-20 08:18:31
ubuntucve
ubuntucve
CVE-2016-3485
2016-07-21 00:00:00
debiancve
debiancve
CVE-2016-3485
2016-07-21 10:12:39
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-08-18 15:35:03
kaspersky
kaspersky
KLA10849 Multiple vulnerabilities in Oracle Java SE
2016-07-19 00:00:00
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2016-10-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - July 2016
2016-07-19 00:00:00

0.001 Low

EPSS

Percentile

45.6%

JSON
Related for 2CCC0082C741DDB5DC34B25ECB013C676FA97F07AF06FE2F7165FEE41D61E833
nvd1ibm78prion1openvas14cvelist1nessus21suse11cve1redhatcve1ubuntucve1debiancve1aix1kaspersky1gentoo2oracle1