IBM3AF757B2CFB186C46CD7C9828AC005185D330646C6A69514D40EF8994C5287DBSecurity Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2016-5568, CVE-2016-5556, CVE-2016-5597, and CVE-2016-5554)
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Summary
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 7, 7R1 and 8 used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in October 2016.
Vulnerability Details
CVEID: CVE-2016-5568 DESCRIPTION: An unspecified vulnerability related to the AWT component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118068> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5556 DESCRIPTION: An unspecified vulnerability related to the 2D component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118067> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5597 DESCRIPTION: An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118071> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-5554 DESCRIPTION: An unspecified vulnerability related to the JMX component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118072> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
Affected Products and Versions
IBM MessageSight v1.1 - 1.1.0.1
IBM MessageSight v1.2 – 1.2.0.3
IBM MessageSight v2.0 – 2.0.0.1
Remediation/Fixes
Product
|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight| 1.1| IT18441| 1.1.0.1-IBM-IMA-IFIT18441
IBM MessageSight| 1.2| IT18441| 1.2.0.3-IBM-IMA-IFIT18441
IBM MessageSight| 2.0| IT18441| 2.0.0.1-IBM-IMA-IFIT18441
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm messagesight | eq | 1.0 | |
| ibm messagesight | eq | 1.1 | |
| ibm messagesight | eq | 1.2 | |
| ibm messagesight | eq | 2.0 |
Related
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C