6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 5.0 SR16-FP6 and earlier, 6 SR16 and earlier and 7 SR7 and earlier that are used by IBM WebSphere MQ. These issues were disclosed as part of the IBM Java SDK updates in July 2014.
CVEID: CVE-2014-4263**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-4244**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID:CVE-2014-3068
DESCRIPTION: A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores.
CVSS Base Score: 2.4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/93756 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)
IBM JRE 5 (maintenance levels older than SR16 FP6) provided by WebSphere MQ 7.0.1.12 and earlier on all platforms (except IBM i and z/OS)
IBM JRE 6 (maintenance levels older than SR16) provided by WebSphere MQ 7.1.0.5 and earlier and WebSphere MQ 7.5.0.4 and earlier on all platforms (except IBM i and z/OS)
IBM JRE 7 (maintenance levels older than SR7) provided by WebSphere MQ 8.0.0.0 on all platforms (except IBM i and z/OS)
IBM JRE 7 (maintenance levels older than SR7) provided by WebSphere MQ 8.0.0.1 on HP-UX
WebSphere MQ 7.0.1: Apply fix pack 7.0.1.13 when available. In the interim apply APAR IT06182
WebSphere MQ 7.1: Apply fix pack 7.1.0.6.
WebSphere MQ 7.5: Apply fix pack 7.5.0.5 when available. In the interim apply APAR IV67334
WebSphere MQ 8.0: Apply fix pack 8.0.0.1 (except HP-UX). For HP-UX apply fix pack 8.0.0.2 when available, in the interim contact IBM Support
None known
CPE | Name | Operator | Version |
---|---|---|---|
websphere mq | eq | 8.0 | |
websphere mq | eq | 7.5 | |
websphere mq | eq | 7.1 | |
websphere mq | eq | 7.0.1 | |
websphere mq | eq | 7.0 |