Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM38FF5069A6DA72D859358561B3D923EF9221468C35DE103C36231F19577D6C73
HistoryJun 18, 2018 - 12:09 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - January 2014

2018-06-1800:09:03
www.ibm.com
7

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in January 2014.

Vulnerability Details

CVE IDs: CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428

CVEID: CVE-2013-5878
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90335 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

CVEID: CVE-2013-5884
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90348 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5887
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90345 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

CVEID: CVE-2013-5888
CVSS Base Score: 4.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90354 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/L:AC/L:Au/N:C/P:I/P:A/P)

CVEID: CVE-2013-5889
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90328 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5896
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90347 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/N:A/P)

CVEID: CVE-2013-5898
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)

CVEID: CVE-2013-5899
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90346 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2013-5907
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90324 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2013-5910
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90352 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2014-0368
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90351 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/N:A/N)

CVEID: CVE-2014-0373
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90334 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

CVEID: CVE-2014-0375
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90339 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/P:A/N)

CVEID: CVE-2014-0376
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90350 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2014-0387
CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90332 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/C:I/C:A/C)

CVEID: CVE-2014-0403
CVSS Base Score: 5.8
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90338 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/P:I/P:A/N)

CVEID: CVE-2014-0410
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90322 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2014-0411
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)

CVEID: CVE-2014-0415
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90323 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2014-0416
CVSS Base Score: 5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90349 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/N:I/P:A/N)

CVEID: CVE-2014-0417
CVSS Base Score: 9.3
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90331 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/M:Au/N:C/C:I/C:A/C)

CVEID: CVE-2014-0422
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90326 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

CVEID: CVE-2014-0423
CVSS Base Score: 5.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90340 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/S:C/P:I/N:A/P)

CVEID: CVE-2014-0424
CVSS Base Score: 7.5
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90333 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

CVEID: CVE-2014-0428
CVSS Base Score: 10
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/90325 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/C:I/C:A/C)

Affected Products and Versions

All versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB) prior to release R2.1 are affected. In addition, microcode versions of releases R2.1, R3.0 and R3.1 prior to the following are also affected:

Release Version
R3.1 8.31.1.4
R3.0 8.30.3.4
R2.1 8.21.0.178
Release R3.2 is not affected.

Remediation/Fixes

Contact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level.

Release Fix
R3.1 Upgrade to 8.31.1.4 or later
R3.0 Upgrade to 8.30.3.4 or later
R2.1 Upgrade to 8.21.0.178 or later
Older Releases Upgrade to 8.21.0.178 or later

Workarounds and Mitigations

Although IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.

Related

nessus 35
suse 5
veracode 19
ibm 16
openvas 37
aix 1
redhat 9
oraclelinux 3
ubuntu 3
amazon 2
centos 3
mageia 1
f5 2
kaspersky 1
cve 19
ubuntucve 19
prion 19
seebug 2
checkpoint_advisories 1
zdi 2
nessus
nessus
SuSE 11.3 Security Update : IBM Java 6 (SAT Patch Number 8896)
2014-02-25 00:00:00
AIX Java Advisory : java_jan2014_advisory.asc
2014-07-28 00:00:00
SuSE 11.3 Security Update : IBM Java (SAT Patch Number 8878)
2014-02-18 00:00:00
suse
suse
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
Security update for IBM Java (important)
2014-02-18 13:04:15
Security update for IBM Java 6 (important)
2014-02-21 15:04:13
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:01:07
Sandbox Restrictions Bypass
2019-05-02 05:01:06
Sandbox Restrictions Bypass
2019-05-02 05:01:07
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM WebSphere Real Time
2018-06-15 06:59:25
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by multiple vulnerabilities in IBM JRE (Multiple CVEs)
2018-06-17 14:41:45
Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server January 2014 CPU
2018-06-15 06:59:28
openvas
openvas
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0246-1)
2015-10-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0266-3)
2021-06-09 00:00:00
SUSE: Security Advisory for IBM Java (SUSE-SU-2014:0266-3)
2015-10-13 00:00:00
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
redhat
redhat
(RHSA-2014:0134) Critical: java-1.7.0-ibm security update
2014-02-04 00:00:00
(RHSA-2014:0135) Critical: java-1.6.0-ibm security update
2014-02-04 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2014-01-27 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
ubuntu
ubuntu
OpenJDK 6 regression
2014-04-08 00:00:00
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
centos
centos
java security update
2014-01-15 11:04:23
java security update
2014-01-27 22:53:27
java security update
2014-01-15 11:16:34
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
f5
f5
SOL53146535 - Multiple Sun Java vulnerabilities
2015-12-30 00:00:00
K53146535 : Multiple Sun Java vulnerabilities
2015-12-31 00:00:00
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
cve
cve
CVE-2013-5898
2014-01-15 16:08:00
CVE-2014-0375
2014-01-15 16:08:00
CVE-2014-0403
2014-01-15 16:08:00
ubuntucve
ubuntucve
CVE-2014-0375
2014-01-15 00:00:00
CVE-2013-5898
2014-01-15 00:00:00
CVE-2014-0403
2014-01-15 00:00:00
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
Design/Logic Flaw
2014-01-15 16:08:00
seebug
seebug
Oracle Java SE远程安全漏洞
2014-02-19 00:00:00
Oracle Java SE远程安全漏洞
2014-01-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java SE GSUB ReqFeatureIndex Buffer Overflow - ver 2 (CVE-2013-5907)
2014-05-08 00:00:00
zdi
zdi
Oracle Java TrueType LookupCount Buffer Overflow Remote Code Execution Vulnerability
2014-04-03 00:00:00
Oracle Java TTF Font Parsing Heap Corruption Remote Code Execution Vulnerability
2014-02-05 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 38FF5069A6DA72D859358561B3D923EF9221468C35DE103C36231F19577D6C73
nessus35suse5veracode19ibm16openvas37aix1redhat9oraclelinux3ubuntu3amazon2centos3mageia1f52kaspersky1cve19ubuntucve19prion19seebug2checkpoint_advisories1zdi2