Security Bulletin:A vulnerability in IBM Java SDK affects IBM Image Construction and Composition Tool. (CVE-2015-4872)

2018-06-1507:05:23

www.ibm.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 6 and 7, that is used by IBM Image Construction and Composition Tool. The issue was disclosed as part of the IBM Java SDK updates in October 2015.

Vulnerability Details

CVEID: CVE-2015-4872** **
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Image Construction and Composition Tool v2.3.2.0
IBM Image Construction and Composition Tool v2.3.1.0

Remediation/Fixes

The solution is to apply the following IBM Image Construction and Composition Tool version fixes.

· For IBM Image Construction and Composition Tool v2.3.2.0
IBM Image Construction and Composition Tool v2.3.2.0 Build 23

· http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-23&includeRequisites=1&includeSupersedes=0
· http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.2.0-23&includeRequisites=1&includeSupersedes=0

· For IBM Image Construction and Composition Tool v2.3.1.0
IBM Image Construction and Composition Tool v2.3.1.0 Build 45
· http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-45&includeRequisites=1&includeSupersedes=0

Workarounds and Mitigations

None

CPENameOperatorVersion
pureapplication systemeq2.1.2.1
pureapplication systemeq2.1.2.0
pureapplication systemeq2.1.1.0
pureapplication systemeq2.1.0.2
pureapplication systemeq2.1.0.1
pureapplication systemeq2.1.0.0
pureapplication systemeq2.0.0.1
pureapplication systemeq2.0

Name	Operator	Version
pureapplication system	eq	2.1.2.1
pureapplication system	eq	2.1.2.0
pureapplication system	eq	2.1.1.0
pureapplication system	eq	2.1.0.2
pureapplication system	eq	2.1.0.1
pureapplication system	eq	2.1.0.0
pureapplication system	eq	2.0.0.1
pureapplication system	eq	2.0