DATABASE RESOURCES PRICING ABOUT US

{"id": "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Insight", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Cognos Business Intelligence, and the components it ships with, that are used by Rational Insight. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition Version 7 that is used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. \n \nIBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Business Intelligence has upgraded WLP to a version that addresses the vulnerability. \n \nA deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. \n \nIBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>) \n**DESCRIPTION:** IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRational Insight 1.1.1.4, 1.1.1.5 and 1.1.1.6 | Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \nRational Insight 1.1.1.7 | Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 6.0 \n \n## Remediation/Fixes\n\nNote: If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\nApply the recommended fixes to all affected versions of Rational Insight. \n \n**Rational Insight 1.1.1.4 and 1.1.1.5 and 1.1.1.6 and 1.1.1.7 **\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 1](<http://www-01.ibm.com/support/docview.wss?uid=swg22016749>) and [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 2](<http://www-01.ibm.com/support/docview.wss?uid=ibm10717533>) for addressing the listed vulnerability in the underlying Jazz Team Server.\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23 (Implemented by file 10.2.5013.514)](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) . \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "published": "2018-08-23T19:17:01", "modified": "2018-08-23T19:17:01", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/719165", "reporter": "IBM", "references": [], "cvelist": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "immutableFields": [], "lastseen": "2023-02-21T21:48:17", "viewCount": 13, "enchantments": {"score": {"value": 0.9, "vector": "NONE"}, "dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2018_ADVISORY.ASC", "JAVA_JAN2018_ADVISORY.ASC", "OPENSSL_ADVISORY24.ASC", "OPENSSL_ADVISORY25.ASC", "OPENSSL_ADVISORY26.ASC"]}, {"type": "amazon", "idList": ["ALAS-2018-1002", "ALAS-2018-1007", "ALAS-2018-1016", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-1102", "ALAS-2018-949", "ALAS-2018-974", "ALAS2-2018-1002", "ALAS2-2018-1004", "ALAS2-2018-1007", "ALAS2-2018-1102", "ALAS2-2018-949"]}, {"type": "apple", "idList": ["APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331"]}, {"type": "archlinux", "idList": ["ASA-201711-14", "ASA-201711-15", "ASA-201712-11", "ASA-201712-9", "ASA-201804-2"]}, {"type": "centos", "idList": ["CESA-2018:0095", "CESA-2018:0349", "CESA-2018:0998", "CESA-2018:1188", "CESA-2018:1191", "CESA-2018:1270", "CESA-2018:1278", "CESA-2018:3090", "CESA-2018:3221"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2017-0740", "CPAI-2018-2159"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-15896", "CVE-2017-17485", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-5968", "CVE-2018-7489", "CVE-2019-10202"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1157-1:16CF2", "DEBIAN:DLA-1157-1:FA549", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DLA-1339-1:B1DCE", "DEBIAN:DLA-1339-1:BC39A", "DEBIAN:DLA-2091-1:A9C2E", "DEBIAN:DLA-2342-1:7AEB4", "DEBIAN:DSA-4004-1:17FA8", "DEBIAN:DSA-4004-1:F9730", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4017-1:AEF53", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4018-1:DD3DF", "DEBIAN:DSA-4037-1:25D25", "DEBIAN:DSA-4037-1:C6592", "DEBIAN:DSA-4065-1:A75E5", "DEBIAN:DSA-4144-1:54880", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA", "DEBIAN:DSA-4158-1:43C61", "DEBIAN:DSA-4158-1:561AF", "DEBIAN:DSA-4166-1:929BB", "DEBIAN:DSA-4185-1:16DFF", "DEBIAN:DSA-4190-1:21588", "DEBIAN:DSA-4190-1:7ADD0", "DEBIAN:DSA-4225-1:1B7F1"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-15095", "DEBIANCVE:CVE-2017-15896", "DEBIANCVE:CVE-2017-17485", "DEBIANCVE:CVE-2017-3735", "DEBIANCVE:CVE-2017-3736", "DEBIANCVE:CVE-2017-3737", "DEBIANCVE:CVE-2017-3738", "DEBIANCVE:CVE-2017-7525", "DEBIANCVE:CVE-2018-0739", "DEBIANCVE:CVE-2018-2579", "DEBIANCVE:CVE-2018-2588", "DEBIANCVE:CVE-2018-2599", "DEBIANCVE:CVE-2018-2603", "DEBIANCVE:CVE-2018-2618", "DEBIANCVE:CVE-2018-2634", "DEBIANCVE:CVE-2018-2637", "DEBIANCVE:CVE-2018-2657", "DEBIANCVE:CVE-2018-2663", "DEBIANCVE:CVE-2018-2677", "DEBIANCVE:CVE-2018-2678", "DEBIANCVE:CVE-2018-2783", "DEBIANCVE:CVE-2018-2790", "DEBIANCVE:CVE-2018-2795", "DEBIANCVE:CVE-2018-2796", "DEBIANCVE:CVE-2018-2797", "DEBIANCVE:CVE-2018-2798", "DEBIANCVE:CVE-2018-2799", "DEBIANCVE:CVE-2018-2800", "DEBIANCVE:CVE-2018-2814", "DEBIANCVE:CVE-2018-5968", "DEBIANCVE:CVE-2018-7489"]}, {"type": "f5", "idList": ["F5:K05441360", "F5:K08044291", "F5:K14363514", "F5:K18364001", "F5:K21462542", "F5:K24593421", "F5:K33924005", "F5:K34681653", "F5:K35513527", "F5:K43452233", "F5:K44923228", "F5:K60350722", "F5:K65417229", "F5:K70321874", "F5:K71021401", "F5:K73122539"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:3ED26601CEE3", "FEDORA:613766079706", "FEDORA:68D44601BD0C", "FEDORA:7B564604AACC", "FEDORA:98315602F10D", "FEDORA:9B33E60E86E5", "FEDORA:ACC466324C7C", "FEDORA:AEECE6075DBF", "FEDORA:B4E3C6062CB4", "FEDORA:B5C736087A8D", "FEDORA:B803860875BB", "FEDORA:B98866076020", "FEDORA:BC771622EB72", "FEDORA:BFACF60A35B3", "FEDORA:D17F86077DFD", "FEDORA:D74C160C9AD0", "FEDORA:D7E1E60C4225", "FEDORA:D8DAB61DD062", "FEDORA:DEA206060997"]}, {"type": "freebsd", "idList": ["3BB451FC-DB64-11E7-AC58-B499BAEBFEAF", "909BE51B-9B3B-11E8-ADD2-B499BAEBFEAF", "93F8E0FF-F33D-11E8-BE46-0019DBB15B3F", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9F7A0F39-DDC0-11E7-B5AF-A4BADB2F4699", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "BEA84A7A-E0C9-11E7-B4F3-11BAA0C2DF21", "F40F07AA-C00F-11E7-AC58-B499BAEBFEAF"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-17:11.OPENSSL", "FREEBSD_ADVISORY:FREEBSD-SA-17:12.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201712-03", "GLSA-201803-06", "GLSA-201811-21", "GLSA-201903-14", "GLSA-202007-53"]}, {"type": "github", "idList": ["GHSA-7VGJ-8MW4-HG8R", "GHSA-C27H-MCMW-48HV", "GHSA-CGGJ-FVV3-CQWV", "GHSA-H592-38CM-4GGP", "GHSA-QXXX-2PP7-5HMX", "GHSA-RFX6-VP9G-RH7V", "GHSA-W3F4-3Q6J-RH82"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180228-01-STRUTS", "HUAWEI-SA-20180613-01-OPENSSL"]}, {"type": "ibm", "idList": ["00420FAFAA8875EA075916FF1CAC2CE1CD7DEB3C678E654BFE5E525386DC980C", "00A8A1DF1996A27FC774F48520EBC1C27A9F9FBD49D4F87EFB383544CFB4008A", "00EDB390B75880A879E6A53234E21CB5658CD8C65D3D0DCC9D05D30BF3E32D2E", "015CED4DD111438880FFDB361B30E09A12892E262FEEA8F7178F7A49BBE7D4D2", "015DB6740B5492C96DB07643D3F7479C397A23B688C9430BC0080A02A7AD165F", "02B33E907CBC3B0E0EB8668DD12FA56455943967110D9514CE452B7FC178C03F", "041FCD681925D7AAE0B6F795A004EE207D6FA92A6E376D5597CA24D0D178AF44", "0486FF681C1A0961D28244A014A40136703A4267D414B936A2188B5042485FDB", "04C02A7E582660CD6B68F6BEB1B2E60BA695D9E162B960484D27A37445B0B16D", "04E8F874FD2B3E7E06416F4123259BE61E960F9372B9998C73BBB2EA851A36B3", "06377A242FC5EAF78C030C2B2AB65DB244FDC1CEF86B79077725A62A212AE300", "06547872321FA684E7C87A7CFF9923A2461A57C37C09CEC2AAFB645B2D0ED38A", "06852EEA8CD7CA7F8840D2FC93096A4DD156B248C6D17CEEEBA4095B19D215B6", "06FAF3AD79C8BAC8455C602C3F4C354C0CD9450DE060FB4D831ED000993782B4", "072EBEFE4EF574F4A87AC95BEA1237C43CF6D39DDD94C6BD9B965A322BB8CD15", "0849CEF680F68843BB8ED3027181BFC6E58FA418D5C7E4A78DF8C347CCD2AC36", "089455FB91FDFE7E0E828CF6E910A5D0E5BA1A056A27C13F87FC0F4D9B5A116A", "08F9691BC937E0FF029D7696F76F6F36E69E64093E5231AAA4F8F7612ED181B5", "092CAE22FCBC5AEB35A2E7B881CBD0CAC246C8123BAE6E8B15FA08365612387A", "0956AFB7DB9AFC641FF0AB7205D6B40304DC321488572F7CDCC5BB67BF55C4C2", "09C0C603EECE682CFFD6D5C27B3EAA66D128B79E9D89A33E4AF2314E9BF9995F", "0A251B57941452CDFD64C031582A8D13D6719AEDB99EBF965740CC5E04A717D6", "0A3185367C4C819CB6D1F686A54CF066C2C0634F508315519FDBA3FECD7B7689", "0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0ACDC7CDDEE06F34F2256DD048A556D53156ACF793ADBE3C9ED53FEEE712EF49", "0AEB7D4827941D8E704F9E705114348E917D0ACB57155368AEDD133A33BC5D78", "0AEE92C160595E12F2B408379E77249A37C4E9EA4B7846F737A3F51CDD9B5DC3", "0BAE3F39743A07D73D933FC781394D4C201498DFFDE65C7CA1A49531921269DC", "0BB0F39865741AB9E1AFB9CA3C5508F7FB9BEACECB805F04C6C6B336AA66617E", "0C0756C600D4B428F9DDC7547681FF909EA01654FA2BE7931EB24F307960FE26", "0C55B52A5C32F214BC0363E80618712A46771346F7B2A09C296F9583243EA669", "0D7A334726D7F8214BDF965C6B0ED351221CB7A9A083042878EB2C3CB193A50A", "0DCB9190AD49CA4A44EED134393F472D4D903648111D70599B707F22E81A5F5B", "0E703A42B01F9DF3E0FEC04EEA4F7733F5A313C86865501C0F8A79378E425C34", "0E99885794CFEB4EA92D09FA1554D46778136AD4F14F1A4027E56C6509C20B72", "0F03B5C9C2D06211B67D6937AD3D6F685DB8B1759561725DCC766A603D57FE2E", "1183AFE6070A2858FC9AB7F9B6B70C23D07916E7FB1310965184BA33E2071175", "11AC7F14B60A5C486180C6662F02676A29D51924B42EC510A55CFB87D09F8654", "11D42FCCA543C310105E4C09B5FD7242F7016922EADE66CB796861721CAC1D79", "151931D850B252E77677784DE5EA9681C180EAEFFE0A70AEF636E76D7202A804", "159C34E5AFB6BE1F570922202E0562653C65D24C44D5B08DF0970536EC4F5951", "15B7946476C14969EFBB158D48A2E631603F1323E17E2D4BDC13FB3B86B3B63B", "163ADF654D1EB625A39EB8DD02A8E4E310051F8FC3D34A39927CF015D71EB809", "17334E2B2E377127A3DB9D8D2B3D751E05E47C0A957D29E8C9C6DB01E922B894", "1807EADF7EBF2384517F3DB77ADDC9D63E9DD27A36B822C92526AF1341782404", "185CA7A92837C359609A198BF638BED42D46EC58A2CC11C01C5142B98CF7B593", "18CF8F0579774C83A0D6E6D4B5456431AD2CF024AF0BD0A465437DE7A74A73F9", "19750E0233D0EF1800BE4CB1368963E4510B8CE23C793455B5B74D660B8D0FB5", "198D093D9C927822E165F6429C838BC5B7134A1851CF1DA1828FA2580300FFCA", "199F635B1B35FFA7628E6AE481F1D2EE89267D425F70ACF7D67C55CB7C35B701", "19FDDC2F74E05C9B42A0381D32E09D70E2D2150176C46C3EC98FC8C0DDA647DC", "1A22E85B10B30BDA624FADFD7F66EE4EA7BBA669F8E526BE3453234D647DA7F3", "1A7668E81452E83AB00678328095567DA17543F8BDE6DB1EE678E96C5B064FD6", "1AA4689F61391429998123661409491C7FFF90C591FBB12E8BE2CA2BE514C7C6", "1AE1A5453DE71F54F721615E0361AC5AFC9F69B537244D4EE71AADDF1666ED92", "1AE3C39E2B04171FD23F21949F6202B367042F6DC07FB81BDC1E886F25C20936", "1BB027D3ECE759D4B3772AE6D614EC9C6DE9B952B653965F01D9CBE09BB70CE7", "1BB3E76A9D3BFF47A93C0E8230266D820091FFCEC0B3E126411C6575A9DFD492", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1DBC3BC8A639354F60F11B38F05F43ACD8017F30B07D8D50C64DB5E5A9CA945D", "1E5AE139B10CF500092EA776D2FBEC36F6F4E6FA4F54A5E7D26647544F0BCEDC", "1E645674D777924BC329B3C0A175ED89181CFB788B28FF3FF2391773A332B20F", "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1F0E769E02EDA03664C1D0694AF70B26BFB7E4DBC4D96E353B0F8FCBDA767545", "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "20CF2AD2EFF7DE6AD8F93586D48E59262F447700FFF48E5E610099B41CEE05B7", "2109FD8CED53F2A1B6C1B6353ED39302F68D864AC17515CFAC20B06E5D8FBDC9", "21C909AA925BE0E93928A0ED421E76EC14F61544DF856B3B672A7C484A22B9C6", "245F288CE1AFE183BF0ABD6D6278EC4AF845994D09DCF6701FC721B8633CC141", "2512D59FF30B751C4C9148B35DCDB77335582506FED2848198426D89D81F573B", "2571018C4333BB3F6C19EC9F2B6BB5326A2BDD39E6D8AFC796E89DE41BBABC6B", "2614071BF8D5B0482694D82BE1651280FCE95089D3BF507FE1CD1ED3591D2446", "274251E99258A9645E690CE61A163F27CE228E7CDE12E000F53A4CC38F801747", "2748115B8827AEEB9EE4F46184B9E8999C4D22B9C32938C1B0905130332D0FE2", "286787C68D7D1E5DA11E0C4CA3F8AB0318EC73B4F079B533965E2D7FAB4E48D6", "298D694E8B6EFBF03FA97A7FCDBF327EA4FEEDD97CA520790177E2DF3923F9E1", "2ACCDB7662F05E9499D68A18532E3ACD04381CC0EA741B99E98951C49C144F08", "2B3C9C8FEB87062CB2249D828A603478C6CE6A6307CF7103B8825D9FE81CAD3A", "2BB93AE1C7A3B73A6491F3A66D7F39AEF96849CFFB0026B650053C816A375F8C", "2BEBB38964CEA4B62F9F2515093252761533127501B62DEFAAC8D801CC37ED8F", "2C50142AFAF98D1A6DAAE0DCF60AF9902BA861EACEB35AD2405F8E31A1B54456", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2EB239F42D6D7C7FA19DB2D44FE26391F190CD35DED01956174DF034F07EE7DC", "2F04ECFAA998A1546F1869C5B12B60478AD49E765F4F5D22896BEBB4FDAB1DB4", "2F4353DF684AD6726CB9491220A703D4AD06D4406D7B35BEBCB2D4EE11863E10", "2FE62C1E3A24A2A73592656FDD830196398708E9C059617692732BA9EA6EE79C", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "308A05F5B1028A741D58EC30AC13C7A0A2B660380B87E8811177772F0014DA1B", "308C17C0C6FCE405B0E11B61D017D5167AF357A61BC5A5CACF4B9D2A53C4762F", "3165A2AA157F1B9BD1D78DE6275BFF661B98BF29C82399B7216463D7581B8060", "329954F801ACFEDDDB7B41015C6222E792A3D6CA56B25E2074EEFEC3AF0BEBE0", "32C5F3A427C23B34350EBCA676883F18871AA834AA2E92920588454B1810F4E9", "3351913AA6F914F18448443EC647D11C82F5EA5B9063570096C0FD695ACD7A3A", "345F51EBDC4B614107E623B2D5435B6EE46DAFBE316CB6F79143A9BB38DCD9B2", "3495F9B812339D5B1BD78637C1F420145AAD93AFB44B6E35782DE0160CF7211B", "34EB1A2ABB852D340BEC67AF21710C6CA41354E6EBA67D52D896FB4AC75A5484", "35606141CD078AA5F2C16D07D6781F5F7CA625C4C3A9CC3298A418072E267FA1", "357D30146D619618E3739E7826300A19128A8D82497931D399A47EDDD25D2785", "35EC921ED8E86A98FEDD3951DBB5567B30D12EC279DD10392816CD8646A204B3", "360DC7CD246693E2B1DE1202036FEC8857313D282295C1CF5B81C9D2168D8BC5", "362CA001FD00553BE7174C03BCCCBF89F5AB1348C42B438F71C6E4CFB81D7E56", "363661231CDCF5535EBC32F147EBEEC8D838F947C18CFF4C8F592EC472A3B7D6", "366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "36F644EEAE4513871E9887BA25F3311DD7179E5F76950D932F2F4E3C52D4F660", "3847700CD0E6E4EC70C1CE1CF9751E6968DD9101D5A27C5004079037C413C53C", "389EBF171B9DE83E1047C34105889267C782818794E6572286A9BE544FEA9E28", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "3950A1BC0426AE4D016159E4D2CAF54A8DB5C777E8AD57B2F2EABA89B5BA76DB", "399718E68B1AC921F1F63310793CB30CE98BCB15C409BBB99985FB5BE97A027F", "39E450D4F111F857D19F138C03812ABD7F598DD51D9F08A4C97B699481E1BA33", "3C34CA137D675C01FA30FF52E4840DE4F8835BDD73CFE7BE14C18869DE46A7B2", "3CB47E69C2467E478A054170AAA605E9126ECA9F7C1454094639CF11EA89BF8D", "3CC25C048EFF153229D754CCC6D44E3776394424BB1F44D1F35AEC5747AAB64B", "3D737E91C4B3785D05EA6B518DF81A98A3D897F7446C9E2969F3A9E22A7F3BF4", "3DF4EFFCBD4398CD9D2C6995C59DEC9020B7665B1A75D2B23F0CFA94C34BBB8A", "3E3AF8AC7BA63076BEE8FFB670B3A3F27E0903C83526E54496E50EB2DF74B875", "3E4520A9DDDBF10F6B94F393C5ACDA44738184D5CB46AB64AABDC963283BECFE", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F709EA726EB2BD99A9BF0A52B5FBF758B042727BAB188CBB7DC446E3FE28E4C", "40DB5A57B7961E231CE61E540A9D91F19A708AE97A2D1065D9BAABC6DFD9CC8C", "40E849000289F14BA4EAA8A0BFBD0324AC59A18BA17D9C7411EF7F2C82E2F403", "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "4279BA42EAEA3C9275FD7E26992F8BF20E317D8667039AE35C9E813DA767DA97", "42A344877C136B549F05688E94DC5240A92B2335C47C22983BF8078597CFBEA4", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "432CFD8ACF49DF4442F2A221C9C2DBF70E36DF79F63FE59DD604DAF84CCA414F", "43ECF7C36D1E6DC475530D2CB5DF6E2047C49DC8E177CF79FA363DF0831764BB", "43F04716E6B0E2BF698B22EF7A50C437F4D7B8FF87A1F35A7A342FA2BFEC87F6", "440F021094DE35C6A13F9FADEA7C56D6B4093B16EFDEAEC496EC398C5AC7A327", "442C87761311C31D585A27325AC5DDA28E7FA2C4BF9A5D6F3BFCA0011CEF2CD3", "444F37A66B1439774408C55A7653314698A2FD83CFE39018661304845BACFC46", "453AFD45C0FB61BE3943769FDFFAEE0550DDB1D0D2500D5137B261150F533162", "45EE862A886525741A09CA53CB36F782AC0F17020C63C71E3DF1B5FD95DE8F34", "46966E6228C6EFF168B156D333647B83CD7D598731C72EBDC82AB0F067E0BC8B", "46D4B9F92B3C18E29E5C7BBEC13D92B5ECA31B1A6E3BE57749375938FC2B3CBC", "470FB53E20DCF01D3FF4FB7251C5868A5D215FF7480131C88B1F5C06E159D01A", "4743BBB7405930549833124CAFCB4F8210D235C06F94F92FCC643937B91D2503", "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "488FCEF71EF7DA59C44B85E01B61C9E6F64222BB3CB2279E3106224EAB4D58C5", "48DEEE69E5792EE07FE1C894C86FF0298C1CB17342A23ED9F86C3B1A4804394A", "498B9FE0AADA5AD01EAAA1DCB4B16943A2CEE45FD85CD673C7D4B6425E7EFA8C", "4AFE6CE8CA759A83EBC77112FFC5A16709458542C68FA4217DCFD11E17FAD242", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BAA7DBBD4B519F5509C540F33D2C614C19A50E6429F416A1527257CB1B7FED5", "4C3B655997B1B90D55D74A5668CC31D928F2F462E891BF5BEB27CAD7295489D4", "4C98F5463E3FBB67682E7F864F699DD4A99514832D6E44999F6672401F35C8B0", "4D1E458B98BF60900F9A3740ED6C159561584781B6E9CD058D547A2D459767CD", "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "4F11DD6523020C1FA257E50F0A4716068E2DCD481F4DADFA60B120A57FED7EDA", "506E8C92E0B76D834A33E4AE02E5206A0ABF28570630F6E4A780D13A5238D647", "50838072C1DE2B9FE71DBCE3B389D91E4815E93AE13CCC531030A517E47C3BF6", "52CCE9C9DF1CABCE9FBD611F2F7371FCD808107B0670CF19453AF816601CCFDF", "53B17BB6B4108483D36CC58337C4C06C42C2896966B0B6E5073C7D4D83B647F7", "560B409DDEFB2DD2638B506BBDDE8D0FE455DA5C296A8252E8B5823037364CC4", "5641564DE1A4B9249AC0EED2F265EE204961C428F093EC99321D93DA0AA23C3E", "56CC78C35775BE01C4C9BADAFDF799B350E98CF75CB5957993A02F3027111383", "5711509DD871227FC9F7CD530DA0E06F21DDA1D522E7B1C76AC95D3AD5F6BC07", "57250C8399F5C4AC218847F1045931278E68593D09677651364F0897ED5E2346", "57A11B587849D0E11C412236D22F7BCF16F25A1EFBAC8A9A8B6F2723A64C8C41", "58685AAE03A9A9D3682474C02B9A795A70F2D0020AC63FE13D215437D39C3CE4", "586BBC9F245EA531DFB210F2F8A6E202AA5BA9CC152A9D2E8794FAAF4458DE5E", "58D992DC5C5FFBF330112FBD83FD93D0D471E71498684C99FEBE67B55EB5A054", "591E98996DBAEC8DA2E30D3261AADF9BF750C358714362A5B9B9F30A1AC23AB8", "5921AE7B573463F1C89902D53FDFC518E3B4DDD7D6FAF66D194C0D79D9F77588", "597D87527701B786A682E42DDF2E47761269707632B17C030D7EF1E817438B27", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "5B0D973A3FED1AF2D6DC61C906D27DFB052F1D42B4263EA8695D5ECC3E5F9F09", "5B4C19B2CA9D2714AEF1546FC810D709406148AD04288568A5EFCF5FDEF9B2D5", "5B61A8C776F5DB5A9AF0C13607CB60BA8EAB34C3208154E6FCEAAD0857CCDCEA", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5B90DBC6B1931AFFD4193FFD091D072FC75CCFD3F30FCD4F2360610AA351D363", "5C2AA669FC4216D735AA72EC2C962FA6293CCE722B37D72F1BC2F78867DC8F7F", "5C58EF391DDD33B2BBDFB3C54DD542E632EE73136FCCBDCD03C5ADA46A87A75F", "5DF1DD441A05BCC49D128B3A86617DE71345613946448B1338EF4969D9FC29A7", "5E1A81920E6A1A1EE7EBA39E8D98B9A3EBC541A4AA719610D4E288278B7C2CC7", "5EC4D576F9D73CD4F595A3F1D620A4540FC3AA5D503116CE04F8DF6C1AC8CFC4", "5EE17E6FA7B2E867293769D2B457CC1C902CEA1D9C6F97B78C2166BEB5DBD8E2", "5F0A459E7C55630FE8B65EAE2894E2115CDC425C3D1639EDACE33CFA2D3E5E1F", "5F372B6F223ABF2FD142C3E3D01925FD31F6969DB13DA5F9B4220059E5854A64", "5FC14B41F4F0B56664EF9A1F7C711364D3A0344B2A64B89D0CE1213C7B44428D", "6143803B3BA40C7530457C980DC767312A530B4633D43773E75FE39165A523D8", "61FF6F10F0D76277F85A8A525D2C9989283AB04F3D830BEC0894CE78DF0624A3", "623D51A6E55F06E457D5584F603A4E61CB4FD4631740B86339BBB50B1A1C3544", "6269AA76009AC220BE691BE4465167C63DA6A492C00534C7E1B1A174B173A102", "62E7A719C331FCAB47075BA0B9A2AFE666ABEF25DA19EDB1572CD3B9D2B9095E", "638DAAB789BC1508C08C390197D91062796F4F37A18910C35F02B6C23B101700", "63E729D06BD63E73E2903CE29B50801DF5ED9A7443E42F03710B621DCA72FFE9", "64718A406CCFAE5D2AF591487FDFB0A189E939DF11D8C72E30AAF07C12098478", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "6630F4CF8B10B4B1897C49B39E94913B1AB4B8271F7B40E06CDEA3243856D366", "6741B26AC275DEE67E3CD552E49DB1A6359EC6DA4EB7BEDFA3541E9B504EBE43", "6877A290C4E483A82EA8A166F8741992C1817E945A9A02B43C11E02EC9E3AAFD", "68C77664327070460B17AF10B5AA600E8E7E2FD783142191F4CB257175711874", "69B7C0620CADC704D7AD182503FC0F94251EA42B617ABA4F86BB06A1DFE4EEF7", "6A663A681263595D2882F213BE03BB05AA8F62FFCCF602AF57E6778E2E499DB8", "6A9F30617183D7A0ABB599A05D4D81DEE142C73FB0C46974B6E6FC07D95844B8", "6BE8692D3822CA78B4646C336839C76002B91C314A2131C842F23F12148509D9", "6C45A29D024C9D6F0CAB22E79C478F9FCA9379B61519F60C5A7C254D98E20DDE", "6CDA9CBBD4E668C70A53BD4F7D7CDE00CF73C49E1D8C5300C858682BFBB02BCB", "6DB274E6F7EB4D6F538135EC07CF4443980A5C2FC8C1652E16833E39D5F430D2", "6E8AA7DB116D9A386BBD74DD92885FB79C7B6627B795BAD705B60A761B85D327", "702CCFDB421DD774CE616956D8E276B5B59CD79B66C5263593EAC3AD911B7900", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "722BCCDF36201CB07B5671659BDC24F79862CABED605E7A2C997FDC08A6180BB", "723138763EC8FDB605AE81558EC2B606174F792237A8462C7A4A4D40B82A3A29", "72EF226C4D54E3C5DF61DAC3CC307821E7DA0DFA159C969EAB0769B064E77E9D", "73288A84B49A641505C576DEDC995F44E69001C227078E86112664767072BDA2", "73AC0A21A1C1C6C3987AD6559B838B31C02E7FC2112C00D32E18ABA3B130AC8F", "745500D27B264258E6040DD036B1BE8037D280012B0438748818154D89D1F135", "7522CD8CB1AFE55A09F63CACF58383B78DC2861D1D1C3725F33F297A8DFB7D84", "757B616252D9C5ECF905DFAC8032FBD7AB4A8DAEFD48C0BADFE2734A2E87D1AE", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "76FA12A14D94277858DB1075CD6A9F1E4AAF161AEC3B71FC67679D638C279BD5", "78B5CDD949B0594AC0F181656CB6536E0B075D4B064576C915C9BFAF10028314", "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "79316DFB7D2A1A5938133AC6C009E21454C138AD7AF996976083DF3725FE697A", "7995C63D3451A7C3D84F616783736F8B888530FC2843FD646CEBBD9728452806", "79C9308A38227EABEE316B0407CBC46021561F829AEBF9659F93085D4FC63547", "7A811732B34C1BAA3F2209EA69EE01FCACF762E53C22EAE8A8FB7A45B4E7164D", "7B8C76B8D2D645866DC08E9ED4A4377644A8E1F718784F805D3357BDB03B1F92", "7BD03C97D3450FEAE4EB4F8F33140691B9F85B4915C83AFD5212FE881A12ADDA", "7C371350C79C6F7596054D8B19A4BAAD069A8ADE699FB847B44E70E03F3D6988", "7CD76102AB6BC7575AE0FC31DF4EFC5F5C1D5540091DFEFF03725F29385E3537", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E4E851053AF5C2BFADF66AC8494971BF986538EB9E1BEE4C5D8B83D2DB1BBB0", "7EDF6D557043C701E1232AF1A99A36E05034D53B929336869F5B94154E2854B1", "7F33F41CEA8DCE7CCCF615D587E59AA0744E45F2001ABCD457C81A360E9A4806", "7F44D090B7C137A705C12DD507CD53C8CAE52790B3F08204F5CA5335559C5F8E", "80B453AE505CC102E347D060DD017A64258D86E11FE0054B8137457109AF54FB", "820B1DD869225ABFDEEE5645C1D3A0F396BA3FC9E77C88E3D91F1C4FC0D9B8E3", "8215E02FB88590F4B93468E9B3C6A2785DF30F06545A788005F8AA267BB66470", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "83B53506562CBF4BC038C2AD61252657D2E636B6245E599AFEFEB3EB3FCFBF2B", "84519CF7C0BC0BBF920A3B4993A25CB95A81E31AB442E7DBDE6518F330A967A1", "8451DCEAC7362310C8EAA923574AFEAD09CA58D139A870AE0ED1E3D11764573B", "8536D8B63174615B39C6AF8F68F74A50B7964CDD4E6D798DA69521E1FA81F86C", "853CEBE4F06FD3A5C0463E8330A070AE32FCC86552F66DF27BFA39F37FB08C35", "8585F927BD0C07D6190320B930661656BA9F41A82E8C287DF2F865DB1DD4A1DE", "858D0D998DE9CCC21C74DA9438BC40E1E5DE13790EC10F9280C890FB222AD7EA", "85C244F40F078C64D61F63F2C6CB1A6851B539CC7B4530BE8884CFAD733EEA2C", "86FDA29703FF35A4305664C83850C30892B9B61C669F608409B4DD6B42852AE2", "8746750F3AD0F0BC9622A666856A176609E9CA437C50C11E1F497B64848858A6", "8759A08F8DCE05EB5B0136A785BCAFCDBFE613A7D435C0FA20FDB4424A7CAC70", "87B26C2B63AF8A971A79B4CB2207EC51AF74A57FD839002466AFD594F7918F65", "88599A3167DAF0B38AEE5154E5F81518BD3B06894F8280285C78D3C880CEDF91", "88D4396F5AFD082566BDD5FF95312101BB6F94623E716D993F113380B02DC7D4", "88E78C162C87E46AC4B2CC4D6F5E6676E68218C6F5EF58D37F1A1CCF22E70C41", "89680C8187B72629A49F5B9DB6180EF763F550009996675B378E43536DA36915", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A4B8F016E20BE062D275D1D7DA531E398846FA5F653F9077E943F8758AD58E1", "8AD3371B44D7ADBB4D07C11C71F4D7936BA847B275560A957AE1E42342ED2618", "8D5E2B88D45BBC51C1E874562BD7CA1C628FF6220F99BFFAE4FD6ECD4E193CA0", "8E0AAF010EBF37D1F163FC08D65BD399EDDBF518CA20FD163ECA87BBC1970535", "8EB2C9E7DB5013AD05B30490E2989C17EE64FBE9B0024B1E76805B1F1B95B816", "8ECA6222D3C238F29A31FEE8DEAFD26C737F2975DCA8D95684CFF7F79AA0F358", "900C0C5FA596BF6865133CB9A30158FC9F15E5510D3A1E1A7F4CEB6F509ACF07", "9071A116E86B1C667F14BD5B842330C2BF93ED1CDC0752CD908C4FBFD1667205", "90B72607FC15B1F844110A335A4487D01DE26FAD2616B7249AA74D1FB329DBF6", "9180198017E53C3ABE300BED146F25E3DDEE3F2933FD128F75729D691DFE41B1", "9219C124B39E6D8D77D8BF65C94BCC257D2F8565063C09CF1BBCC841B2DED0FC", "9260A2B5C171726ABB7599EFA18CD6720BE53E97B9B70F6E8146B7284F097922", "927574043636074428D17160336994740F88B51BFB550D862B468C577DFD1F71", "928074C54D11212610E49ED189FC8D5A80197B56A5E700A8D2EF896341C961F2", "942E8FACD0350ED3215EB9DD3629B360E18E87D3ABD165831163EDE9AAB16C21", "94B3EC63956148268E5D16E07FE76E71DA01EB7625BA7498384CCAD5794DE007", "96172B0289A3157617DE620C9610D6DE694BCA12DD20D67BEB2C4BE5720F1E6F", "96539A35B42B77FDA9229502272A8919C72C93BF7DE16900CECB40C1DF7D5A4B", "9689CC781FFB77A68D0808F73F4652707DF84089948BC46748A94D94E9B86E90", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "9765CC2CD4E8CF43C86EE7859F7012EB2A38E6A4A80E55865CD6E4E883D3188A", "97CA1EFED8DD02EF1F210587A1A7E536A5522287B65D578ECE7C8D3AAFBFAAA5", "9872D764206750F6FD9C7F555D6B4C23926B755B4AE368CDD8485546CDEBC462", "989BF293C7092FFD11AA33DF268D74DDF2FE740CEF8C6C7B0A84E8A14F4D2E5F", "98C2299E82C81E1CC3EFB8629E8262393014376C64F3F09018090397A1EA00AE", "9B29E95933D7FC3EBCF270BA84DE60106B20376EEAFD5D4DF4DCD949178CB0AB", "9C6F1EFD064B98941F8B42A32A91BAB15206AC55CF09BF3BAAA5925A1B9B55C9", "9CCEB90B89301ED91DF7A501EF3103FD54D3AD611D342CF6E4B19E5105E84E35", "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "9E1596BF3E1DC037215E2350FDB81881EDCE2CFB3D25FF3758DFC8E32A9F7CD9", "9E784F7DA3AC45712A757C2895CAB2ED940DFE2C11EA30A202F0A84AEFBDEBC5", "9EE2A2A76244AB36DD57115A1BA2CE358055D10D9DD6C1C5DC6DB4586793C9AB", "9F3A4D3D3968D6B816E9E228C328435F5647C85E34542030CA1FA338A0D0E13C", "9FF3831C7E22B3E484BB7DE6DD7B8208547ED4A9D05819AE0271A6E0BA3A8B5D", "A04FE2EEFC21C3A9305B1CF7463C731D28C17EB5521A8E54F5F564939C5E91E2", "A0B8D53AF066307D9450C78E32E16672B7EB98C4F5EA3955033F6BDEB182BCAB", "A10131AF2A1C92FBCA95D8CD6AD1DED5E4C1B28CA16592953EFF35B79B9C96BF", "A1C2FDDC97DA92C8D640554CB425464BADB8BA0B83C879D3365DD5825F6042AA", "A1CC6562C17E5EC673E948D2A2BDC81B95358B992FF6307244AB513E68831007", "A1DC37FA4715F53E6B67BED0395B239612C4AA4B7B5C07E1A9BB32348609AEE4", "A2BAC82E395F9C0C2BED37EEE45890A06C1C799AB1B521E972E4D70A5F31ECA7", "A300040A976BD903CB98034503A98B3DF43F2D294FC41B6768B774085FE1C2DF", "A4167E89DAF98623836F64826EDC7413C8B06B29A2E76A886419750438EAEA04", "A4829964562D4DA75AC835389538AF91BE820F503BFE614BB74E402BC80BACA1", "A4AAF966E6409FFF7525805073744B884361ED71A4AB7F3753164F60382CE635", "A5496C63C833B5DE95C43A9053218E885F73B6103DBA053987F78B3AC96491F1", "A5EEA86379F5C7D3A1EE992802D0C7939167C5B685ED9FCA507342C3FDF2C7D8", "A61A7C03600BAEEA25554A618B0BBFBD3F094977AC0AA1CBB6157F65B3293484", "A71AFA4E20A54B2503C4A5DE40ED960DD9AFC34A35D94A0AF40474FE8CB4047A", "A7B2D28F1E3492E411A234E996E861936D426FE8647F79D09D85E4989FFB0C19", "A7FA78453E195912E6E00177F5DEA438F5180FF8434F182B2A52925D99FC4649", "A940972EE8C6FDFEAA789156E684C0D5729686CEDFD51FCF6C875BE8FF25FBF6", "A965468AD7FD6E0FC84AAD8198928B8ABF25FC38D0638161A79D59279C9E678D", "ABCCAF0B5CA6E3BFA51CA38E50C57E88B8FF461AF2BA9174416F3B345A55C6B8", "ABF8825C48969D423E885B7CCB57BDB86E27F87DD082837A7884ABA77320FDB1", "ACB1BEB9F23F8E2951B24CB2F49DBE6E43DA9F3C9311028237E3DCFF917143EE", "AD4ECEAE4A1A859F7973542989D756EF157892493578480BA674AEFB27995763", "AEDBB2CCFDA945F56DC3A62289286FE47002B310BE61E0143FB55B64A454AAF5", "AFFC7C2B1ABE9852D258219A53CFB1F17D149F2B1D35A4D17CD1C5151D6E156C", "B036BB2AE92C6EA938089791262C55ABDDFF792AB74CF2EB1E7FA2FEE8CC7C47", "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "B0EB6605C4CC12D6E8D36185E6ED609865C93114FCB684DE73EB6BEB035D90DB", "B112C9607CBD35998B2830CA02C7C8517B31FED66C516BE791DE3D1647980CB8", "B15718AA4B8105564F039DDD186FC17074EAEE24D837EA5B1A7E296502934D28", "B244A2BC0A7BD8241EA857E58CB786A72E25AF80B5B87BE5B86DB2539034F07D", "B34195110077034574536A55FA352B5BF90728605D4A2BB88F8E3C60A9F0BAC4", "B35ABC7FD371B02FE816E9CAB206AD60BB04415672B80E8EBEA30794ED8D0160", "B3D45D2869A46128C141CB5B528583CD30585443FB237BA4D4B33436037C6E7C", "B526CAB1DCDE21FF18C6B51A82FBE7D2151C581A107178E0FC15F29D9F03CA71", "B57DE025F88A48D2EFA62FC54DC03536FA54843302611CD2E63D4779D4A54A67", "B5FF3A0A4BEBE5C4947ADA43EB1B39C0645EF9ABEBE4A315AFFAEB9638C6CB41", "B7FF1129A02D2738AED73A8C157F3D6D872B530527C875906B3678301D70ECBB", "B8E199CFC7A9C8DCF033928312B9AE0E344AB91916C93723350723B89FCB619A", "B92958E041283CAFD3A9E0E6A842B60E2AAC3D7DCA455FE3FE9A9B77179A9234", "B92EA974E17CD16DC28C5637663B29EE6FF6203496C28A0EF1F4DC7CB9202921", "BA224C929D509ADDCB0F46007C0E0FACD292F79987D47E9F02DEFD7F67D0990C", "BA623255812F5894326A7A04E7565E7B402C3E556C22462052D019D08EA0871E", "BAB69DBF00D3A38F561B0408FE26F2F58B2AAC9F542B48F9C76DA2B3D45EF7E4", "BB34CDA6062011ADDEBD4318E4615ECEB868423BE5D12A887B5E380444020825", "BBC001607D4FFC5BF566D998892962E49A145A0E15B990B9422BF06E1B00D42E", "BC2283C42C5754BA56D4B137D9299A766BC1E54917CDB4BD5C57BE600AAD1E60", "BC7F561FAB80D5D0A48021AB45201595C02030C9CECEBEB548DFB50B6376384A", "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "BD16AD945811C7C5788FA310FE6EBE4BC8642CAB1164618F1CA91A84044B9A56", "BD1A3FB61CD3EE1C7BC03779DE4E8B49529819A9A99C701323C60D47481C2C9D", "BD707B9A2C920399BE57A503E0CC1633CB723C90A936D7A2E92891D912259987", "BD8DD3308D253EE956C5F6A4D941A50CF207AE66C6870CF76C4D8043AF0AE082", "BF8FE1EB681CE789FD9BB533D39559C4D13FC948127F20C1DCCBE5379430A5F8", "BF95B675104E7D07FF9910517B62F5D708C3391BB8683BE1D3FB920E856A6E97", "BFDF12012C4F7AB15EA439C6A6D54D778E7D8C22F9B552F94B30F801A07D8619", "BFFC97D9B867396253756A09ED28B13F581A2B14A0637B4684951D9BD6071488", "C00F8844211885243E98A13F4DA59C6FB7BE41737A2514C8E7E0B4D813315B79", "C0340F2CD3C15616C3BA231CD2EB6366CEEBABBCB28179D9F1C77DF02E46D643", "C0EACFEC4C235B98CEDC586C444160FF7039FC727D6A239087D2FF18EB8BFD10", "C11C390B971E777914D85592C69C15B80ABB389FD00D2D905C82AF5F4B729A91", "C18E4772030D674D152D69B21575B31602E8081D2A7D63F34DF5712FA898D8EA", "C1DE62607E696F3135AA44A9ED964385998509307175EDF6F47BDAEC9E4F6C06", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C32E6CDF5E2B63D069515E22D16A28819A2DD3401300A5396516F5B1D38A278F", "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "C48B8A24BEA3D79BEA32D69CB925440D9078E9C37A37DBDEB8805808860199D3", "C493462547813E2D896F759039078514A13F0934C26044CBC7F658187CF3E4C0", "C4C7263BB0446457BD010020AAA1AA92EF1D04D66540DB381D8B3996291D6D03", "C712FA1CCF5B00DD1E6F1E9A1F6D0273DDB6A82A5F92E6EB5028F4E4D1FDF20A", "C7752951E8085C186BF5D89E852FCD41F36C211BD9364B8CA87F6E4FF8AFF924", "C85AE805DAE4BFB886E620D203691B28A85BA2DC3F369FF95D93339B02E74573", "C88FD4D469A35327F18A441E0F6F16137E5E2FA23925AE0EC11E2F76B3D0967E", "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "C95A8B937A6CBD06A135F063B01796BA2018504C97160BD39408FE446C9A1F02", "C976F3FB2440651533AB7414A4F76FC3C66CAF49895BE704575E993E6B5F6D48", "C99E5638A3EC9056D8B7F87F4A09793E85C12B072C34891CCC39B09CE3397E7B", "C9DBEC674B465983601DD6E3ACB8651D25D19EC484A0A29BF634859B492C7ECC", "C9F19ED2C7A03593AC283C0067CD2FD24938ADA7B16D8ADE6C80795C2BDA0405", "C9FB34DC4DD9D107AA44B9450C99B916BC840CD0F468825041F3DBD249EAC5CD", "CA8D24C78D501345DB856FF9B53F4B1D8B088BAC6269D5682DAE4D83FBA4E3DC", "CAB98DC8364C4A155470496DCC3DC7BDBAEBCD7BD42B5B8569CD716A73341965", "CB6B7C9BAEEC3A1289CC12A73332335312CE78BAB4B9A3C1E4B32CD7553DF048", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CC0FCA510A1D843BA5CC109DEE83E0560BE5D1E3A84C207ECB65CB64AF35BCE7", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "CC714D6CB93526CA67C3B1AF953783F7648CF4A4936616886992C0290C5D5B18", "CC7E9F5BD3D20273CC222979077E4B7F3A894A6B5AB18E1BACEA50775762946B", "CD1271F65919F0A27ABAC5D2FB90AF847030089BEFBA36FA40622E14F85284D4", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CD97A128A9AE077D44AF9E9B42CD245B0F22FFF6FFA6DCD3C8F11FB01E29E289", "CDE6875133587A5E5E6ED5F01AB9C60FC14D6A03BA892EF38B70353468007DF8", "CE226AE24A6E2D3DE67C38C0C6A7A613A0DDDDABCC8ACB8CAFB1CB1EE2157689", "CEF20F8B2F76F34D20A1332E089A276B62CD83365A66024B5AB7A6CB1887883E", "CF522262D87F5B9763F1CC4CBAEE8D69CF8EAC24981BCFAA135D6302BFDDFDD3", "CF8080897BA997E374072C563D7B6C6088F56DDA07F407BD98DF25411FE5E09C", "CF99691D618EB1EA9A8A075EF91665712165EA871FA9FCC7A423963F869D124A", "CFEEDA0D2CF8ADE789646A78DF47959CF6BEA6E2E1DA7FD18249EFB7A1BF3CDB", "D0934964E9B56702CBED525517F4EA576FF2F33A8BA6C800C34ECA9B7FE90236", "D09AA8FF89760BC7F43ADECCF6E7C45BBA97B978512C4C26BBA10ADABD6F0708", "D182CB632B33579A484CAA078DECBD4223A6DDEECE7EA8E1FDC5025F7DD813F3", "D1AFE8DF5160F7F66429CAC7472DFB3C1CDE36B34873FDBFD8D79F931C352114", "D25F96BF8FFC89967E930C42C71D7208B95B880B834BD2A42F60151967CC51D1", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "D320768EDA0A256974922526FBD9B0D787A99E5EB5A51830D413ECE091D3B830", "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "D472BB6070D3EAAA575EDD37698BF33CF68D69F2859D529D555F7ED693CF3311", "D5AA5A836C6CC887766560D5C0DEA7A00ECE08E7210420C4B9BBFF45EA1FF9F6", "D6240400034A298813BFD7CEB1643211EFCAF06767C7860BA5B6E4F9B2C55421", "D70C0CFD2132EBB5AAF3CF53E301E73B5E5845FB7B0FC143B5DBE6CBAF3A884B", "D711A9D04D2F5CD9E84441FDBAA690899A6DBCDAEE1DFEED368B1C62BB0F755F", "D80811561A68677D06BFD70B2628FE8A381824C7F24050B93727226A89B56CB4", "D94A48AE9F580A6366D29978F998319ED852FD8F689952FC78B6758E2D5F53F1", "D9698EB2CF81825958A16C40C281E4200E50280EC0B7C07E689F7539BB227DB6", "D9E893122D9CDF2BDC1963FA63AEF08CABCD2CBEF3DA16979E9838DE44F25804", "DA52C8AAC8E49FE83875D8FD83693222E58D6D178EBC1C00B564B8EB59727C9C", "DA7DAD37948FEFED484A1FECA050CF1FA716DB1FE72EEAECF45F7D40D359FAC8", "DAD5A8456E75C3E0D61A94AD852443D8D2F457AD466BC30FEDC9E8F6256B0E5E", "DB5D4D065C0F261805DE8CAED872298523533EEBF7999AB216A1D9F951C28DC5", "DB77FA682E1C424D5DC75EF1D7E867B818764A3DCA318FD78F7BB076B3F08B21", "DC3F9DC6E60E7791FEC4335A8C7FB9E85C847042EB357C7AEFE055E589B8FF69", "DD7E796DC101D56D3818D53295F88146B9FC7EE7058C596477B1B5AFCE363B74", "DDAC6B14B8934B2E6C225A197BD36CA0AC38FD8684F572F5702537FFE8240DAB", "DDBD4BDAEE1412B8C8199BA8BCDE15F2A42D1C2982D2BFF3B062BFCD642CDD23", "DE61CF56AD0796A00528B0861C6C0A246E74C685E64843189E387E6635F982A0", "DE6FC785FAEA5CDC22FA3DD95C1113BD7CE8E4668A2B0686DFF968822706AA72", "DE748301C4FF4EB59B2C16DC7443F92BC6B64BB243CD302369521927A09A6441", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DEFEFB2B26B8AC90E2498D0927E571DF52F00DC6BF2D8D922349E48989CEC0DF", "DF04888020AAF903C47A93822DC64E162157D9160B25F353A369685381FAC8CD", "E0CAD87D2D58A2FEE5B2191470CEB1BAD189DB6A091A60BC28E6B8904753BA45", "E16BCF432F7F9141A9384A484C6328B7193F5BE727AABBDDB91CCCFD7FD7C6B8", "E1E17FC8FB3F66C5AD24B5EE11ED61EEB386830E53608FDA6A735CD954FE2F14", "E23B2B70071C87B4B30F175BDFB816A59FF7F9127F0905729A27B7EF44524CBC", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E33201EC49C65F187AA8ACA04FEA6B70FAC4611B409EB8CB257757E542E5F568", "E3D0BB62F3EBBFB0BD048F50837D047A327135C03929630E6A511352E13002E5", "E5F6CA4E9846520FFBE611036320AF23A481268C0C6F8DE632C6CEE7B97E65F5", "E66BEA38ED79A970EA18FDFE0CFF622C04A1AB5532B08FA652DAFD9064216199", "E77CCFE6D6CC58175A34B687AC8FB6D98C54A96B27089F826FFB030B0B8A87F9", "E79BC6C34DAD829FAB4182BB79212B7400A2BCB673A1FFCDE7E446FA6EFAF11B", "E8785330052719CAFEAAD58D08CA6A5AC216720B2ADB457FB5C017CF4DA084A7", "E8A312ECF86D6A1C6D9722B8D51FDE987A400AF0C6568E0E843C6327878D3511", "E8A9D3E9EB263B8252AC392A110C5699C152EBE388EA85E79DC45D6A3DA9A738", "E950067BD8E6649CFB412691BB96FCC6AAFBB758789F58BCEBE7A124E713B8D2", "E95D6D6467CF6AB55E48D5436835BBE42A101787A81CB1552431485054CE0D72", "E9BDE265DE0FAEC04CB8BE1CB2B1316155D19087735DBF92D77E629BCD124564", "E9CDC2AE12443FED73E3319BAB451F9CA59C2E1932A9AFC8B6229F07785579C5", "EA23335228049116A13B1E97DB58AC9A534249D115E1498DA3E57253B1728414", "EB75BB001082ED64F6F295C3004785BCD8F75E218451133709AECC28B2CD6F24", "EC9EBAD01E5D7B1B44261F48DA5AC2A864E6BAB51FFCDC4EDC0C0B1D8F397240", "ECD78CCFAD199384A2E1B0251EC051113AB96CA42C9B3451D235C36A2FB281C6", "EDB34CD93CDAF5921CF795AC72A6405C79962D06DE79535AF74133F2884DA4EB", "EDFF6875873E3D3513A1B01513D19716118E11B19C57D07C181B8FD3CABCF593", "EE3B451E15B910EDFE019526EB15A47C13F289794DDAE5C56C0061680ED00903", "EE82CC9199B17C42AFAB6A595867BB134A888404DCD55A54E85A8AF6C63E4C6F", "EEB9516998DA2DF997DE0C8D2E430D0384019A1F0FB40AA3444928DDBC351E4B", "EF03F78CFD9649085D9C1597ADF2110383865BDB4CAE933F996DD6110490E00E", "EF2B4F4110ACF96FDC34CF6D7B916C577277400859F5F464947088E0CE635995", "EF8F0A9CABE55A98975A5E586449578AFBE0581CC3BBC4848706891FDC02ED1D", "EF9B6C270DCF82283BF13AFE4BD6A359C1D124B7D4895440A36E199964CDEF36", "EFC96C84FC6627E09277E1FB61859CD2CA1859DFD91107C5D299A533D68503BF", "F04464E7DB4FD4328624BFF3373CD456256ED939904587DF26664C07E0FBFECB", "F0864C914EFB62F7C48822F52BDF423B57466738327736DD211AEFBE34B7C109", "F09AD94B48DEE6804F3C9AEE48EB9BA274CE6A40FCE684B18CF3D4B1944D4CCE", "F1042A9B630123E7C1D89397D91327FF1E0E75733E34CC098BDA91ECD2D353AC", "F1D303774ACA9A5AD0E510C3DF5F1397009E7D6FD2FDAFAC4642501D873381FE", "F1ECF74A0087969AEAB2A74D57C4E1ED4D9DC73748D06233229C4CC120CBD882", "F28698F6086818D1DF666F50F367A5081E053275E64E213A13954C45D6245218", "F2C8E4883F10811E81946AE2DFA2908C97E11E392EB4218ED7613EEDABF44BB8", "F3B3B320FC3C8E01B200030208A5935783A0EEB67EF939ADCCF9B03FA410D7C4", "F3DAB8567AF331C8A8360A693B97E286F43D555C7AE51BE5F8AFBCB6E6CB4EDF", "F563F5049032E59EAFDB9D7B8CE85564B12293FD638DE619281632A7B6B9B35B", "F590F9B8CCE606C3A8B1868747618F53738AF0A967C71C872865E6F97E3E2A42", "F62105F81141CDEB3DFFD1F9477D41B2397FCACB19F1417F54D9BA82EB281648", "F6B3541EEFA36ECD398761520E531FA40B48E3275B7C8D31A42E5A645BBB6976", "F6D55409408E5F2A4A2D18C4374E3627633D2238456C250A4584C4F286A6ECCB", "F713D909A314116D26B3223AC74DB2A12F255E8CD10396BE95E0FAE7DEBD27FB", "F779442F0B4B159B647211B27C52485C40EF8D77079FB564145C112408507200", "F79BA4E357CB90CE069217655DB3D6CE7EF68F7A1B216115A6D8278F44302CF1", "F7A4C910A4DF2E02493D2FF5F34AA0A704BD3D1EDF63E2A05589FEA9676846E6", "F863337FF22BB38FB6CDAB12AD085E0BFDD2EE103D58AF0071EAF269683A58F3", "F90FD904FE2AD66DEF4FDDFD5D99DDE1F5E9A79893EE2F3ADB1619E2F648B6FC", "FB7B0D7D51A5A8ED0E01174710F6992C01D57D42E953D250F0E36E0351D2F30A", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FD48BA74DC3A1C3984E282E9336A9AAC5D63A6863D7227C72593B2FEC3CC6C79", "FD54ED57D0984C8885C877F9181732A5619A1E525F7855FB4A72EC63053B7375", "FD98647DA723C33CDEC38C52B57AE83B49EBDE217212120E05428E998223B712", "FDE8E9C242ED2D257B3BCF9E013CB6CFC32441C70BF5803FE16A714EDE9E7DFB", "FDF6E8F7CD2218245453540A985C40ED7D9C20F3F61D50E98DA8EC923B1A387A", "FEA65BE2E457CC16801EC24C06D767370A4744239D4A4161B38A6F52330F9BB0", "FEAF899311408CA38E545D22EE9CBAF38F4A7C17D2B7549CDA42D6D309837179", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2", "FF8DB78F22CB24A549324F1BD88656C5EF156F945EC890C85CED4CCF556C4237", "FF972FF475C6691212D41E145A91B62441337954697CD95DE31DD265512A07AD", "FFE28C886CCFDE5B966268C76FE0497BB831D4C7E71AFADA341A1164C3DF01BA", "FFEF65915DD801D408BA9D75900795F158A407B4735B5BF405076A2C35296696"]}, {"type": "ics", "idList": ["ICSA-18-226-02", "ICSA-19-024-02"]}, {"type": "kaspersky", "idList": ["KLA11178", "KLA11179", "KLA11234", "KLA11236"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2017-0255", "MGASA-2017-0405", "MGASA-2017-0408", "MGASA-2017-0453", "MGASA-2018-0101", "MGASA-2018-0104", "MGASA-2018-0190", "MGASA-2018-0218", "MGASA-2018-0257", "MGASA-2018-0339"]}, {"type": "nessus", "idList": ["700513.PRM", "700523.PRM", "700620.PRM", "700625.PRM", "700627.PRM", "700629.PRM", "700656.PRM", "700657.PRM", "AIX_OPENSSL_ADVISORY24.NASL", "AIX_OPENSSL_ADVISORY25.NASL", "AIX_OPENSSL_ADVISORY26.NASL", "AL2_ALAS-2018-1002.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1007.NASL", "AL2_ALAS-2018-1102.NASL", "AL2_ALAS-2018-949.NASL", "ALA_ALAS-2018-1002.NASL", "ALA_ALAS-2018-1007.NASL", "ALA_ALAS-2018-1016.NASL", "ALA_ALAS-2018-1065.NASL", "ALA_ALAS-2018-1069.NASL", "ALA_ALAS-2018-1070.NASL", "ALA_ALAS-2018-1102.NASL", "ALA_ALAS-2018-949.NASL", "ALA_ALAS-2018-974.NASL", "CENTOS_RHSA-2018-0095.NASL", "CENTOS_RHSA-2018-0349.NASL", "CENTOS_RHSA-2018-0998.NASL", "CENTOS_RHSA-2018-1188.NASL", "CENTOS_RHSA-2018-1191.NASL", "CENTOS_RHSA-2018-1270.NASL", "CENTOS_RHSA-2018-1278.NASL", "CENTOS_RHSA-2018-3090.NASL", "CENTOS_RHSA-2018-3221.NASL", "DEBIAN_DLA-1157.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DLA-1339.NASL", "DEBIAN_DLA-2091.NASL", "DEBIAN_DLA-2342.NASL", "DEBIAN_DSA-4004.NASL", "DEBIAN_DSA-4017.NASL", "DEBIAN_DSA-4018.NASL", "DEBIAN_DSA-4037.NASL", "DEBIAN_DSA-4065.NASL", "DEBIAN_DSA-4144.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "DEBIAN_DSA-4166.NASL", "DEBIAN_DSA-4185.NASL", "DEBIAN_DSA-4190.NASL", "DEBIAN_DSA-4225.NASL", "EULEROS_SA-2018-1027.NASL", "EULEROS_SA-2018-1028.NASL", "EULEROS_SA-2018-1058.NASL", "EULEROS_SA-2018-1059.NASL", "EULEROS_SA-2018-1115.NASL", "EULEROS_SA-2018-1128.NASL", "EULEROS_SA-2018-1129.NASL", "EULEROS_SA-2018-1130.NASL", "EULEROS_SA-2018-1131.NASL", "EULEROS_SA-2018-1179.NASL", "EULEROS_SA-2018-1193.NASL", "EULEROS_SA-2018-1195.NASL", "EULEROS_SA-2018-1339.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2018-1420.NASL", "EULEROS_SA-2019-1009.NASL", "EULEROS_SA-2019-1084.NASL", "EULEROS_SA-2019-1164.NASL", "EULEROS_SA-2019-1185.NASL", "EULEROS_SA-2019-1201.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1547.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2021-1221.NASL", "EULEROS_SA-2021-1506.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "F5_BIGIP_SOL14363514.NASL", "F5_BIGIP_SOL33924005.NASL", "F5_BIGIP_SOL44923228.NASL", "F5_BIGIP_SOL70321874.NASL", "FEDORA_2017-4A071ECBC7.NASL", "FEDORA_2017-4CF72E2C11.NASL", "FEDORA_2017-512A6C5AAE.NASL", "FEDORA_2017-55A3247CFD.NASL", "FEDORA_2017-6A75C816FA.NASL", "FEDORA_2017-7F30914972.NASL", "FEDORA_2017-8DF9EFED5F.NASL", "FEDORA_2017-DBEC196DD8.NASL", "FEDORA_2017-E16ED3F7A1.NASL", "FEDORA_2017-F452765E1E.NASL", "FEDORA_2018-1B4F1158E2.NASL", "FEDORA_2018-2F696A3BE3.NASL", "FEDORA_2018-39E0872379.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-49651B2236.NASL", "FEDORA_2018-76AFAF1961.NASL", "FEDORA_2018-9490B422E7.NASL", "FEDORA_2018-9D667BDFF8.NASL", "FREEBSD_PKG_3BB451FCDB6411E7AC58B499BAEBFEAF.NASL", "FREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL", "FREEBSD_PKG_93F8E0FFF33D11E8BE460019DBB15B3F.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_9F7A0F39DDC011E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_BEA84A7AE0C911E7B4F311BAA0C2DF21.NASL", "FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201803-06.NASL", "GENTOO_GLSA-201811-21.NASL", "GENTOO_GLSA-201903-14.NASL", "GENTOO_GLSA-202007-53.NASL", "IBM_HTTP_SERVER_569301.NASL", "IBM_JAVA_2018_01_16.NASL", "IBM_JAVA_2018_04_17.NASL", "IBM_JAVA_2018_08_01.NASL", "IBM_TEM_9_5_10.NASL", "JFROG_ARTIFACTORY_6_1.NASL", "JFROG_ARTIFACTORY_7_8_1.NASL", "JUNIPER_NSM_JSA10851.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "MYSQL_5_6_39.NASL", "MYSQL_5_6_39_RPM.NASL", "MYSQL_5_6_41_RPM.NASL", "MYSQL_5_7_21.NASL", "MYSQL_5_7_21_RPM.NASL", "MYSQL_5_7_23.NASL", "MYSQL_5_7_23_RPM.NASL", "MYSQL_8_0_12.NASL", "MYSQL_8_0_12_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_3_4_8.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_2_5168.NASL", "MYSQL_ENTERPRISE_MONITOR_4_0_4_5233.NASL", "NEWSTART_CGSL_NS-SA-2019-0012_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0016_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0027_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0032_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0066_OVMF.NASL", "NEWSTART_CGSL_NS-SA-2019-0124_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0126_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0131_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0137_JAVA-1.8.0-OPENJDK.NASL", "OPENSSL_1_0_2M.NASL", "OPENSSL_1_0_2N.NASL", "OPENSSL_1_0_2O.NASL", "OPENSSL_1_1_0G.NASL", "OPENSSL_1_1_0H.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2017-1381.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-254.NASL", "OPENSUSE-2018-256.NASL", "OPENSUSE-2018-361.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-637.NASL", "OPENSUSE-2018-641.NASL", "OPENSUSE-2018-807.NASL", "OPENSUSE-2018-823.NASL", "OPENSUSE-2018-844.NASL", "OPENSUSE-2018-90.NASL", "OPENSUSE-2018-938.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-479.NASL", "OPENSUSE-2019-563.NASL", "ORACLELINUX_ELSA-2018-0095.NASL", "ORACLELINUX_ELSA-2018-0349.NASL", "ORACLELINUX_ELSA-2018-0998.NASL", "ORACLELINUX_ELSA-2018-1188.NASL", "ORACLELINUX_ELSA-2018-1191.NASL", "ORACLELINUX_ELSA-2018-1270.NASL", "ORACLELINUX_ELSA-2018-1278.NASL", "ORACLELINUX_ELSA-2018-3090.NASL", "ORACLELINUX_ELSA-2018-3221.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OCT_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_OCT_2018.NASL", "ORACLE_JAVA_CPU_APR_2018.NASL", "ORACLE_JAVA_CPU_APR_2018_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_JAN_2018_UNIX.NASL", "ORACLE_JROCKIT_CPU_APR_2018.NASL", "ORACLE_JROCKIT_CPU_JAN_2018.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JAN_2018.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2018.NASL", "ORACLE_RDBMS_CPU_JUL_2018.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_APR_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_APR_2018.NASL", "ORACLE_TUXEDO_CPU_JUL_2018.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2018.NBIN", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PFSENSE_SA-17_07.NASL", "PFSENSE_SA-17_11.NASL", "PHOTONOS_PHSA-2017-0042.NASL", "PHOTONOS_PHSA-2017-0042_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A.NASL", "PHOTONOS_PHSA-2018-1_0-0097-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0101.NASL", "PHOTONOS_PHSA-2018-1_0-0101_OPENJDK.NASL", "PHOTONOS_PHSA-2018-1_0-0130.NASL", "PHOTONOS_PHSA-2018-1_0-0130_OPENJDK.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A.NASL", "PHOTONOS_PHSA-2018-2_0-0010-A_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0013.NASL", "PHOTONOS_PHSA-2018-2_0-0013_OPENJDK8.NASL", "PHOTONOS_PHSA-2018-2_0-0039.NASL", "PHOTONOS_PHSA-2018-2_0-0039_OPENJDK8.NASL", "REDHAT-RHSA-2017-1834.NASL", "REDHAT-RHSA-2017-1835.NASL", "REDHAT-RHSA-2017-1837.NASL", "REDHAT-RHSA-2017-2635.NASL", "REDHAT-RHSA-2017-2636.NASL", "REDHAT-RHSA-2017-2637.NASL", "REDHAT-RHSA-2017-2638.NASL", "REDHAT-RHSA-2017-3141.NASL", "REDHAT-RHSA-2017-3189.NASL", "REDHAT-RHSA-2017-3454.NASL", "REDHAT-RHSA-2017-3455.NASL", "REDHAT-RHSA-2017-3458.NASL", "REDHAT-RHSA-2018-0095.NASL", "REDHAT-RHSA-2018-0099.NASL", "REDHAT-RHSA-2018-0100.NASL", "REDHAT-RHSA-2018-0115.NASL", "REDHAT-RHSA-2018-0116.NASL", "REDHAT-RHSA-2018-0342.NASL", "REDHAT-RHSA-2018-0349.NASL", "REDHAT-RHSA-2018-0351.NASL", "REDHAT-RHSA-2018-0352.NASL", "REDHAT-RHSA-2018-0458.NASL", "REDHAT-RHSA-2018-0479.NASL", "REDHAT-RHSA-2018-0480.NASL", "REDHAT-RHSA-2018-0481.NASL", "REDHAT-RHSA-2018-0521.NASL", "REDHAT-RHSA-2018-0998.NASL", "REDHAT-RHSA-2018-1188.NASL", "REDHAT-RHSA-2018-1191.NASL", "REDHAT-RHSA-2018-1201.NASL", "REDHAT-RHSA-2018-1202.NASL", "REDHAT-RHSA-2018-1203.NASL", "REDHAT-RHSA-2018-1204.NASL", "REDHAT-RHSA-2018-1205.NASL", "REDHAT-RHSA-2018-1206.NASL", "REDHAT-RHSA-2018-1270.NASL", "REDHAT-RHSA-2018-1278.NASL", "REDHAT-RHSA-2018-1448.NASL", "REDHAT-RHSA-2018-1449.NASL", "REDHAT-RHSA-2018-1451.NASL", "REDHAT-RHSA-2018-1463.NASL", "REDHAT-RHSA-2018-1525.NASL", "REDHAT-RHSA-2018-1721.NASL", "REDHAT-RHSA-2018-1722.NASL", "REDHAT-RHSA-2018-1723.NASL", "REDHAT-RHSA-2018-1724.NASL", "REDHAT-RHSA-2018-1812.NASL", "REDHAT-RHSA-2018-1974.NASL", "REDHAT-RHSA-2018-1975.NASL", "REDHAT-RHSA-2018-2089.NASL", "REDHAT-RHSA-2018-2090.NASL", "REDHAT-RHSA-2018-2185.NASL", "REDHAT-RHSA-2018-2186.NASL", "REDHAT-RHSA-2018-2423.NASL", "REDHAT-RHSA-2018-2424.NASL", "REDHAT-RHSA-2018-2568.NASL", "REDHAT-RHSA-2018-2575.NASL", "REDHAT-RHSA-2018-2713.NASL", "REDHAT-RHSA-2018-2927.NASL", "REDHAT-RHSA-2018-3090.NASL", "REDHAT-RHSA-2018-3221.NASL", "REDHAT-RHSA-2019-0367.NASL", "REDHAT-RHSA-2019-1711.NASL", "SECURITYCENTER_OPENSSL_1_0_2M.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2017-306-02.NASL", "SLACKWARE_SSA_2017-342-01.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SL_20180117_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180226_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180410_OPENSSL_ON_SL7_X.NASL", "SL_20180419_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20180419_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20180430_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20180502_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20181030_OPENSSL_ON_SL7_X.NASL", "SL_20181030_OVMF_ON_ON_SL7_X.NASL", "STRUTS_2_5_14_1.NASL", "SUSE_SU-2017-2981-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2017-3343-1.NASL", "SUSE_SU-2018-0002-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2018-0293-1.NASL", "SUSE_SU-2018-0630-1.NASL", "SUSE_SU-2018-0645-1.NASL", "SUSE_SU-2018-0661-1.NASL", "SUSE_SU-2018-0663-1.NASL", "SUSE_SU-2018-0665-1.NASL", "SUSE_SU-2018-0694-1.NASL", "SUSE_SU-2018-0743-1.NASL", "SUSE_SU-2018-0902-1.NASL", "SUSE_SU-2018-0906-1.NASL", "SUSE_SU-2018-0925-1.NASL", "SUSE_SU-2018-0975-1.NASL", "SUSE_SU-2018-1447-1.NASL", "SUSE_SU-2018-1458-1.NASL", "SUSE_SU-2018-1690-1.NASL", "SUSE_SU-2018-1690-2.NASL", "SUSE_SU-2018-1692-1.NASL", "SUSE_SU-2018-1692-2.NASL", "SUSE_SU-2018-1738-1.NASL", "SUSE_SU-2018-1738-2.NASL", "SUSE_SU-2018-1764-1.NASL", "SUSE_SU-2018-1764-2.NASL", "SUSE_SU-2018-1938-1.NASL", "SUSE_SU-2018-1938-2.NASL", "SUSE_SU-2018-2068-1.NASL", "SUSE_SU-2018-2072-1.NASL", "SUSE_SU-2018-2158-1.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2018-2839-1.NASL", "SUSE_SU-2018-2839-2.NASL", "SUSE_SU-2018-3082-1.NASL", "SUSE_SU-2020-0495-1.NASL", "UBUNTU_USN-3475-1.NASL", "UBUNTU_USN-3512-1.NASL", "UBUNTU_USN-3611-1.NASL", "UBUNTU_USN-3613-1.NASL", "UBUNTU_USN-3614-1.NASL", "UBUNTU_USN-3644-1.NASL", "UBUNTU_USN-3691-1.NASL", "UBUNTU_USN-4741-1.NASL", "VIRTUALBOX_5_2_10.NASL", "VIRTUALBOX_5_2_6.NASL", "WEBSPHERE_304537.NASL"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:DECEMBER-2017-SECURITY-RELEASES", "NODEJSBLOG:MARCH-2018-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-NOVEMBER-2017"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2017-3735", "OPENSSL:CVE-2017-3736", "OPENSSL:CVE-2017-3737", "OPENSSL:CVE-2017-3738", "OPENSSL:CVE-2018-0739"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107203", "OPENVAS:1361412562310107204", "OPENVAS:1361412562310107260", "OPENVAS:1361412562310107268", "OPENVAS:1361412562310107824", "OPENVAS:1361412562310107831", "OPENVAS:1361412562310108368", "OPENVAS:1361412562310108370", "OPENVAS:1361412562310108371", "OPENVAS:1361412562310704004", "OPENVAS:1361412562310704017", "OPENVAS:1361412562310704018", "OPENVAS:1361412562310704037", "OPENVAS:1361412562310704065", "OPENVAS:1361412562310704144", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310704166", "OPENVAS:1361412562310704185", "OPENVAS:1361412562310704190", "OPENVAS:1361412562310704225", "OPENVAS:1361412562310811719", "OPENVAS:1361412562310811720", "OPENVAS:1361412562310812320", "OPENVAS:1361412562310812321", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812637", "OPENVAS:1361412562310812639", "OPENVAS:1361412562310812640", "OPENVAS:1361412562310812641", "OPENVAS:1361412562310812642", "OPENVAS:1361412562310812643", "OPENVAS:1361412562310812648", "OPENVAS:1361412562310812649", "OPENVAS:1361412562310813098", "OPENVAS:1361412562310813301", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310813305", "OPENVAS:1361412562310813306", "OPENVAS:1361412562310813307", "OPENVAS:1361412562310813310", "OPENVAS:1361412562310813311", "OPENVAS:1361412562310813312", "OPENVAS:1361412562310813691", "OPENVAS:1361412562310813712", "OPENVAS:1361412562310813713", "OPENVAS:1361412562310843360", "OPENVAS:1361412562310843401", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310843490", "OPENVAS:1361412562310843491", "OPENVAS:1361412562310843522", "OPENVAS:1361412562310843568", "OPENVAS:1361412562310851665", "OPENVAS:1361412562310851688", "OPENVAS:1361412562310851714", "OPENVAS:1361412562310851717", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851786", "OPENVAS:1361412562310851789", "OPENVAS:1361412562310851840", "OPENVAS:1361412562310851845", "OPENVAS:1361412562310851869", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310852013", "OPENVAS:1361412562310873202", "OPENVAS:1361412562310873247", "OPENVAS:1361412562310873261", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873673", "OPENVAS:1361412562310873728", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310874108", "OPENVAS:1361412562310874109", "OPENVAS:1361412562310874313", "OPENVAS:1361412562310874318", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874832", "OPENVAS:1361412562310874838", "OPENVAS:1361412562310882830", "OPENVAS:1361412562310882831", "OPENVAS:1361412562310882845", "OPENVAS:1361412562310882846", "OPENVAS:1361412562310882871", "OPENVAS:1361412562310882873", "OPENVAS:1361412562310882893", "OPENVAS:1361412562310882906", "OPENVAS:1361412562310891330", "OPENVAS:1361412562310891339", "OPENVAS:1361412562310892091", "OPENVAS:1361412562310910002", "OPENVAS:1361412562311220181027", "OPENVAS:1361412562311220181028", "OPENVAS:1361412562311220181058", "OPENVAS:1361412562311220181059", "OPENVAS:1361412562311220181115", "OPENVAS:1361412562311220181128", "OPENVAS:1361412562311220181129", "OPENVAS:1361412562311220181130", "OPENVAS:1361412562311220181131", "OPENVAS:1361412562311220181179", "OPENVAS:1361412562311220181193", "OPENVAS:1361412562311220181195", "OPENVAS:1361412562311220181339", "OPENVAS:1361412562311220181392", "OPENVAS:1361412562311220181420", "OPENVAS:1361412562311220191009", "OPENVAS:1361412562311220191084", "OPENVAS:1361412562311220191164", "OPENVAS:1361412562311220191185", "OPENVAS:1361412562311220191201", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191547", "OPENVAS:1361412562311220192509"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0095", "ELSA-2018-0349", "ELSA-2018-0998", "ELSA-2018-1188", "ELSA-2018-1191", "ELSA-2018-1270", "ELSA-2018-1278", "ELSA-2018-3090", "ELSA-2018-3221", "ELSA-2018-4077", "ELSA-2018-4187", "ELSA-2018-4228", "ELSA-2018-4229", "ELSA-2018-4267", "ELSA-2019-2471", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:CVE-2017-3735", "OSV:DLA-1157-1", "OSV:DLA-1330-1", "OSV:DLA-1339-1", "OSV:DLA-2091-1", "OSV:DLA-2342-1", "OSV:DSA-4004-1", "OSV:DSA-4017-1", "OSV:DSA-4018-1", "OSV:DSA-4037-1", "OSV:DSA-4065-1", "OSV:DSA-4144-1", "OSV:DSA-4157-1", "OSV:DSA-4158-1", "OSV:DSA-4166-1", "OSV:DSA-4185-1", "OSV:DSA-4190-1", "OSV:DSA-4225-1", "OSV:GHSA-7VGJ-8MW4-HG8R", "OSV:GHSA-C27H-MCMW-48HV", "OSV:GHSA-CGGJ-FVV3-CQWV", "OSV:GHSA-H592-38CM-4GGP", "OSV:GHSA-QXXX-2PP7-5HMX", "OSV:GHSA-RFX6-VP9G-RH7V", "OSV:GHSA-W3F4-3Q6J-RH82"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015"]}, {"type": "photon", "idList": ["PHSA-2018-0010", "PHSA-2018-0010-A", "PHSA-2018-0013", "PHSA-2018-0039", "PHSA-2018-0097", "PHSA-2018-0130", "PHSA-2018-1.0-0097-A", "PHSA-2018-1.0-0101", "PHSA-2018-1.0-0130", "PHSA-2018-2.0-0013", "PHSA-2018-2.0-0039"]}, {"type": "redhat", "idList": ["RHSA-2017:1834", "RHSA-2017:1835", "RHSA-2017:1836", "RHSA-2017:1837", "RHSA-2017:1839", "RHSA-2017:1840", "RHSA-2017:2477", "RHSA-2017:2546", "RHSA-2017:2547", "RHSA-2017:2633", "RHSA-2017:2635", "RHSA-2017:2636", "RHSA-2017:2637", "RHSA-2017:2638", "RHSA-2017:3141", "RHSA-2017:3189", "RHSA-2017:3190", "RHSA-2017:3454", "RHSA-2017:3455", "RHSA-2017:3456", "RHSA-2017:3458", "RHSA-2018:0095", "RHSA-2018:0099", "RHSA-2018:0100", "RHSA-2018:0115", "RHSA-2018:0116", "RHSA-2018:0294", "RHSA-2018:0342", "RHSA-2018:0349", "RHSA-2018:0351", "RHSA-2018:0352", "RHSA-2018:0458", "RHSA-2018:0478", "RHSA-2018:0479", "RHSA-2018:0480", "RHSA-2018:0481", "RHSA-2018:0521", "RHSA-2018:0576", "RHSA-2018:0577", "RHSA-2018:0998", "RHSA-2018:1188", "RHSA-2018:1191", "RHSA-2018:1201", "RHSA-2018:1202", "RHSA-2018:1203", "RHSA-2018:1204", "RHSA-2018:1205", "RHSA-2018:1206", "RHSA-2018:1270", "RHSA-2018:1278", "RHSA-2018:1447", "RHSA-2018:1448", "RHSA-2018:1449", "RHSA-2018:1450", "RHSA-2018:1451", "RHSA-2018:1463", "RHSA-2018:1525", "RHSA-2018:1721", "RHSA-2018:1722", "RHSA-2018:1723", "RHSA-2018:1724", "RHSA-2018:1786", "RHSA-2018:1812", "RHSA-2018:1974", "RHSA-2018:1975", "RHSA-2018:2088", "RHSA-2018:2089", "RHSA-2018:2090", "RHSA-2018:2185", "RHSA-2018:2186", "RHSA-2018:2187", "RHSA-2018:2423", "RHSA-2018:2424", "RHSA-2018:2425", "RHSA-2018:2428", "RHSA-2018:2568", "RHSA-2018:2575", "RHSA-2018:2713", "RHSA-2018:2927", "RHSA-2018:2930", "RHSA-2018:2938", "RHSA-2018:2939", "RHSA-2018:3090", "RHSA-2018:3221", "RHSA-2018:3505", "RHSA-2019:0366", "RHSA-2019:0367", "RHSA-2019:0910", "RHSA-2019:1711", "RHSA-2019:1712", "RHSA-2019:1782", "RHSA-2019:1797", "RHSA-2019:2858", "RHSA-2019:3149", "RHSA-2019:3892", "RHSA-2020:2562"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-12624", "RH:CVE-2017-15095", "RH:CVE-2017-15896", "RH:CVE-2017-17485", "RH:CVE-2017-3735", "RH:CVE-2017-3736", "RH:CVE-2017-3737", "RH:CVE-2017-3738", "RH:CVE-2017-7525", "RH:CVE-2018-0739", "RH:CVE-2018-2579", "RH:CVE-2018-2588", "RH:CVE-2018-2599", "RH:CVE-2018-2603", "RH:CVE-2018-2618", "RH:CVE-2018-2634", "RH:CVE-2018-2637", "RH:CVE-2018-2657", "RH:CVE-2018-2663", "RH:CVE-2018-2677", "RH:CVE-2018-2678", "RH:CVE-2018-2783", "RH:CVE-2018-2790", "RH:CVE-2018-2795", "RH:CVE-2018-2796", "RH:CVE-2018-2797", "RH:CVE-2018-2798", "RH:CVE-2018-2799", "RH:CVE-2018-2800", "RH:CVE-2018-2814", "RH:CVE-2018-5968", "RH:CVE-2018-7489", "RH:CVE-2019-10202"]}, {"type": "seebug", "idList": ["SSV:92962", "SSV:96913", "SSV:97076", "SSV:97082"]}, {"type": "slackware", "idList": ["SSA-2017-306-02", "SSA-2017-342-01", "SSA-2018-087-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:3345-1", "OPENSUSE-SU-2018:0223-1", "OPENSUSE-SU-2018:0679-1", "OPENSUSE-SU-2018:0684-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:1710-1", "OPENSUSE-SU-2018:1719-1", "OPENSUSE-SU-2018:2208-1", "OPENSUSE-SU-2018:2238-1", "OPENSUSE-SU-2018:2293-1", "OPENSUSE-SU-2018:2524-1", "OPENSUSE-SU-2018:2695-1", "SUSE-SU-2017:2968-1", "SUSE-SU-2017:2981-1", "SUSE-SU-2017:3343-1", "SUSE-SU-2018:0112-1", "SUSE-SU-2018:0630-1", "SUSE-SU-2018:0645-1", "SUSE-SU-2018:0661-1", "SUSE-SU-2018:0663-1", "SUSE-SU-2018:0665-1", "SUSE-SU-2018:0694-1", "SUSE-SU-2018:0743-1", "SUSE-SU-2018:0902-1", "SUSE-SU-2018:0905-1", "SUSE-SU-2018:0906-1", "SUSE-SU-2018:0975-1"]}, {"type": "symantec", "idList": ["SMNTC-1423", "SMNTC-1428", "SMNTC-1443"]}, {"type": "tenable", "idList": ["TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "ubuntu", "idList": ["USN-3475-1", "USN-3512-1", "USN-3611-1", "USN-3611-2", "USN-3613-1", "USN-3614-1", "USN-3644-1", "USN-3691-1", "USN-4741-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-15095", "UB:CVE-2017-15896", "UB:CVE-2017-17485", "UB:CVE-2017-3735", "UB:CVE-2017-3736", "UB:CVE-2017-3737", "UB:CVE-2017-3738", "UB:CVE-2017-7525", "UB:CVE-2018-0739", "UB:CVE-2018-2579", "UB:CVE-2018-2588", "UB:CVE-2018-2599", "UB:CVE-2018-2603", "UB:CVE-2018-2618", "UB:CVE-2018-2634", "UB:CVE-2018-2637", "UB:CVE-2018-2657", "UB:CVE-2018-2663", "UB:CVE-2018-2677", "UB:CVE-2018-2678", "UB:CVE-2018-2783", "UB:CVE-2018-2790", "UB:CVE-2018-2795", "UB:CVE-2018-2796", "UB:CVE-2018-2797", "UB:CVE-2018-2798", "UB:CVE-2018-2799", "UB:CVE-2018-2800", "UB:CVE-2018-2814", "UB:CVE-2018-5968", "UB:CVE-2018-7489"]}, {"type": "zdt", "idList": ["1337DAY-ID-29102"]}]}, "affected_software": {"major_version": [{"name": "rational insight", "version": 1}, {"name": "rational insight", "version": 1}, {"name": "rational insight", "version": 1}, {"name": "rational insight", "version": 1}]}, "epss": [{"cve": "CVE-2017-12624", "epss": "0.001640000", "percentile": "0.512880000", "modified": "2023-03-19"}, {"cve": "CVE-2017-15095", "epss": "0.026590000", "percentile": "0.887370000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3735", "epss": "0.031880000", "percentile": "0.896490000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3736", "epss": "0.002810000", "percentile": "0.635160000", "modified": "2023-03-19"}, {"cve": "CVE-2017-3737", "epss": "0.966690000", "percentile": "0.993620000", "modified": "2023-03-19"}, {"cve": "CVE-2017-7525", "epss": "0.776660000", "percentile": "0.976600000", "modified": "2023-03-19"}, {"cve": "CVE-2018-0739", "epss": "0.012640000", "percentile": "0.835180000", "modified": "2023-03-19"}, {"cve": "CVE-2018-1413", "epss": "0.001670000", "percentile": "0.517520000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2579", "epss": "0.002290000", "percentile": "0.593020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2588", "epss": "0.001260000", "percentile": "0.454650000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2599", "epss": "0.003330000", "percentile": "0.666020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2603", "epss": "0.003330000", "percentile": "0.666020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2618", "epss": "0.002190000", "percentile": "0.581490000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2634", "epss": "0.002060000", "percentile": "0.568720000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2637", "epss": "0.002460000", "percentile": "0.608050000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2657", "epss": "0.010280000", "percentile": "0.815560000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2663", "epss": "0.003330000", "percentile": "0.666020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2677", "epss": "0.003330000", "percentile": "0.666020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2678", "epss": "0.003330000", "percentile": "0.666020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2783", "epss": "0.001960000", "percentile": "0.557660000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2790", "epss": "0.001980000", "percentile": "0.559100000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2795", "epss": "0.002610000", "percentile": "0.620770000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2796", "epss": "0.002610000", "percentile": "0.620770000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2797", "epss": "0.002610000", "percentile": "0.620770000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2798", "epss": "0.002610000", "percentile": "0.620770000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2799", "epss": "0.001530000", "percentile": "0.498020000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2800", "epss": "0.001980000", "percentile": "0.559100000", "modified": "2023-03-19"}, {"cve": "CVE-2018-2814", "epss": "0.002630000", "percentile": "0.621990000", "modified": "2023-03-19"}], "vulnersScore": 0.9}, "_state": {"dependencies": 1677016286, "score": 1684013994, "affected_software_major_version": 1677362209, "epss": 1679288289}, "_internal": {"score_hash": "23c9449d6d13ec6816a6a4002aceafad"}, "affectedSoftware": [{"version": "1.1.1.4", "operator": "eq", "name": "rational insight"}, {"version": "1.1.1.5", "operator": "eq", "name": "rational insight"}, {"version": "1.1.1.6", "operator": "eq", "name": "rational insight"}, {"version": "1.1.1.7", "operator": "eq", "name": "rational insight"}]}

{"ibm": [{"lastseen": "2023-02-21T21:48:15", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Cognos Business Intelligence, and the components it ships with, that are used by Rational Reporting for Development Intelligence (RRDI). \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition Version 7 that is used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. \n \nIBM Cognos Business Intelligence uses the IBM WAS Liberty Profile (WLP). There is a potential denial of service in Apache CXF that is used by WebSphere Application Server . IBM Cognos Business Intelligence has upgraded WLP to a version that addresses the vulnerability. \n \nA deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. \n \nIBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>) \n**DESCRIPTION:** IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nRRDI 5.0, 5.0.1 and 5.0.2 | Cognos BI 10.2.1 Fix pack 2 \nJazz Reporting Service 5.0, 5.0.1 and 5.0.2 \n \n## Remediation/Fixes\n\nNote: If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\nApply the recommended fixes to all affected versions of RRDI. \n \n**RRDI 5.0 and 5.0.1 and 5.0.2 **\n\n 1. If the Data Collection Component (DCC) or Jazz Reporting Service (JRS, also known as Report Builder) is used, perform this step first. \nReview the topics in [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 1](<http://www-01.ibm.com/support/docview.wss?uid=swg22016749>) and [Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service 2](<http://www-01.ibm.com/support/docview.wss?uid=ibm10717533>) for addressing the listed vulnerability in the underlying Jazz Team Server.\n 2. If the Cognos-based reporting server is used, also perform this step. \nDownload the [IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23 (Implemented by file 10.2.5013.514)](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) . \nReview technote [1679283: Installing Cognos Business Intelligence 10.2.1.x fix pack in Rational Reporting for Development Intelligence 2.0.x/5.0.x and Rational Insight 1.1.1.x](<http://www.ibm.com/support/docview.wss?uid=swg21679283>) for the detailed instructions for patch application.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-23T19:15:21", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Cognos Business Intelligence affect Rational Reporting for Development Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-08-23T19:15:21", "id": "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "href": "https://www.ibm.com/support/pages/node/719163", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:54", "description": "## Summary\n\nFixes of Cognos Business Intelligence are provided as part of TCR fixes \n \nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 and IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that are used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Business Intelligence versions prior to 10.2.2. \n \nA deserialization flaw was discovered in the jackson-databind library which is used by IBM Cognos Business Intelligence. \n \nIBM Cognos Business Intelligence is vulnerable to Cross-Site Scripting (XSS) where the application allows a users input to be integrated with client-side application code in an unsafe manner.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2017-7525](<https://vulners.com/cve/CVE-2017-7525>) \n**DESCRIPTION:** Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw within the Jackson JSON library in the readValue method of the ObjectMapper. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134639> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-15095](<https://vulners.com/cve/CVE-2017-15095>) \n**DESCRIPTION:** Jackson Library could allow a remote attacker to execute arbitrary code on the system, caused by a deserialization flaw in the readValue() method of the ObjectMapper. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135123> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1413](<https://vulners.com/cve/CVE-2018-1413>) \n**DESCRIPTION:** IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138819> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nTivoli Common Reporting 3.1\n\nTivoli Common Reporting 3.1.0.1\n\nTivoli Common Reporting 3.1.0.2\n\nTivoli Common Reporting 3.1.2\n\nTivoli Common Reporting 3.1.2.1\n\nTivoli Common Reporting 3.1.3\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n\n**Tivoli Common Reporting Release** | **Remediation** \n---|--- \n3.1.0.0 through 3.1.2 | \n\nDownload \"IBM Cognos Business Intelligence 10.2 Interim Fix 27\" by accessing link <https://www-01.ibm.com/support/docview.wss?uid=swg24044958>\n\nInstall \"IBM Cognos Business Intelligence 10.2 Interim Fix 27\" by following steps listed in [ http://www-01.ibm.com/support/docview.wss?uid=swg21967299](< http://www-01.ibm.com/support/docview.wss?uid=swg21967299>) \n \n3.1.2.1 | \n\nDownload \"IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23\" by accessing link <https://www-01.ibm.com/support/docview.wss?uid=swg24044958>\n\nInstall \"IBM Cognos Business Intelligence 10.2.1.1 Interim Fix 23\" by following steps listed in [ http://www-01.ibm.com/support/docview.wss?uid=swg21967299](< http://www-01.ibm.com/support/docview.wss?uid=swg21967299>) \n \n3.1.3 | \n\nDownload \"IBM Cognos Business Intelligence 10.2.2 Interim Fix 19\" by accessing link <https://www-01.ibm.com/support/docview.wss?uid=swg24044958>\n\nInstall \"IBM Cognos Business Intelligence 10.2.2 Interim Fix 19\" by following steps listed in <https://www.ibm.com/support/knowledgecenter/SSEKCU_1.1.3.0/com.ibm.psc.doc/tcr_original/ttcr_cognos_out_tcr.html> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-14T13:00:02", "type": "ibm", "title": "Security Bulletin: IBM Tivoli Common Reporting (TCR) 2018Q2 Security Updater: TCR, a part of IBM Jazz for Service Management (JazzSM) is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-15095", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-7525", "CVE-2018-0739", "CVE-2018-1413", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-11-14T13:00:02", "id": "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "href": "https://www.ibm.com/support/pages/node/737223", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:22", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Business Intelligence Controller. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 and the IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that are used by IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0 and 10.3.1. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018. \n \nMultiple Open Source OpenSSL vulnerabilities affect IBM Cognos Controller versions 10.2.0, 10.2.1 and 10.3.0. \n \nThere is a potential denial of service in Apache CXF which affects IBM Cognos Controller versions 10.2.0, 10.2.1 and 10.3.0.\n\n## Vulnerability Details\n\n**CVEs applicable for IBM Cognos Controller 10.2.0, 10.2.1 and 10.3.0:**\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-12624](<https://vulners.com/cve/CVE-2017-12624>) \n**DESCRIPTION:** Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135095> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEs applicable for IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0 and 10.3.1:**\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID: **[CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Controller 10.3.1 \nIBM Cognos Controller 10.3.0 \nIBM Cognos Controller 10.2.1 \nIBM Cognos Controller 10.2.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical: \n \nIBM Cognos Controller 10.3.1: http://www.ibm.com/support/docview.wss?uid=ibm10718767 \nIBM Cognos Controller 10.3.0: http://www.ibm.com/support/docview.wss?uid=ibm10718767 \nIBM Cognos Controller 10.2.1: http://www.ibm.com/support/docview.wss?uid=ibm10718767 \nIBM Cognos Controller 10.2.0: http://www.ibm.com/support/docview.wss?uid=ibm10718767\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-03-21T18:10:01", "type": "ibm", "title": "Security Bulletin: IBM Cognos Controller 2018Q3 Security Updater: Multiple vulnerabilities have been identified in IBM Cognos Controller", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12624", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2018-0739", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2019-03-21T18:10:01", "id": "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "href": "https://www.ibm.com/support/pages/node/717121", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:49:52", "description": "## Summary\n\nThis bulletin addresses several security vulnerabilities that are fixed in IBM Cognos Metrics Manager. \n \nIBM Cognos Metrics Manager consumes OpenSSL. Multiple vulnerabilities have been addressed in OpenSSL. \n \nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 and IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that are used by IBM Cognos Metrics Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3738](<https://vulners.com/cve/CVE-2017-3738>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. An attacker could exploit this vulnerability to obtain information about the private key. Note: In order to exploit this vulnerability, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136078> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3737](<https://vulners.com/cve/CVE-2017-3737>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by a flaw in the \"error state\" mechanism when directly calling SSL_read() or SSL_write() for an SSL object after receiving a fatal error. An attacker could exploit this vulnerability to bypass the decryption or encryption process and perform unauthorized actions. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136077> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137885](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137889](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137910](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137855](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137854](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137933](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137932](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137917](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/137833](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n * IBM Cognos Metrics Manager 10.2.2\n * IBM Cognos Metrics Manager 10.2.1\n * IBM Cognos Metrics Manager 10.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the Business Intelligence portfolio, applying the BI Interim Fix will resolve the issue. Note that the prerequisites named in the links are also satisfied by an IBM Cognos Metrics Manager install of the same version. \n \n\n\n| Version | Interim Fix \n---|---|--- \nIBM Cognos Metrics Manager | 10.2.2 | [IBM Cognos Business Intelligence 10.2.2 Interim Fix 19](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) \nIBM Cognos Metrics Manager | 10.2.1 | [IBM Cognos Business Intelligence 10.2.1 Interim Fix 24](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) \nIBM Cognos Metrics Manager | 10.2 | [IBM Cognos Business Intelligence 10.2 Interim Fix 27](<http://www-01.ibm.com/support/docview.wss?uid=swg24044958>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-19T21:33:32", "type": "ibm", "title": "Security Bulletin: IBM Cognos Metrics Manager 2018 Q2 Security Update: IBM Cognos Metrics Manager is affected by multiple vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0701", "CVE-2017-3735", "CVE-2017-3736", "CVE-2017-3737", "CVE-2017-3738", "CVE-2018-0739", "CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-07-19T21:33:32", "id": "76FA12A14D94277858DB1075CD6A9F1E4AAF161AEC3B71FC67679D638C279BD5", "href": "https://www.ibm.com/support/pages/node/713459", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-28T21:58:24", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [CVE-2018-2663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2| Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5| Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5 \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management. \n\n## Remediation/Fixes\n\nConsult [Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology January 2018 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg22016291>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30 May 2018: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSTU9C\",\"label\":\"Jazz Reporting Service\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"5.0;5.0.1;5.0.2;6.0;6.0.1;6.0.2;6.0.3;6.0.4;6.0.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:28:28", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2599", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:28:28", "id": "BCC63CD58C99277D56FB13B51F219E848029F5268684F2A05FD02FD2EF619268", "href": "https://www.ibm.com/support/pages/node/571515", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-05-11T15:34:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.5 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.5 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.5 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.5 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.5 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.5 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n**IMPORTANT CONSIDERATIONS:**\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [ Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www.ibm.com/support/docview.wss?uid=swg22013818>) to get the WAS remediation.\n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process: \n * * **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_\n * **Navigate to the server directory** in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions,_ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n**Windows:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"rem \" at the beginning of the line: \n \n**_Before modification:_** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_**_ ... \nAfter modification:_** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._ \n \n**Linux:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"# \" at the beginning of the line: \n \n**_Before modification:_** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_**_ ... \nAfter modification:_** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n \n \n \n\n * * **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup. _\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 5.0.2 or 6.0.2. Or optionally, upgrade to the latest 6.0.x version. \n \n2\\. Optionally, apply the latest ifix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * * * For the 6.0.5 release: **JRE 7.1.4.20****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP20_**) or **JRE 8.0.5.11****_(&lt;product&gt;-JavaSE-JRE-8.0SR5FP11_**) \n * [_Rational Collaborative Lifecycle Management 6.0.5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.5&platform=All&function=all>)\n * For the 6.0.2 release: **JRE 7.1.4.20****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP20_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases:\n * * IBM SDK Java\u2122 Technology Edition, Version 6 is no longer supported on distributed platforms. IBM Collaborative Lifecycle Management (CLM) products version 5.x use Java 6 and are affected. IBM highly recommends customers to upgrade to Extended Maintenance Release 6.0.2 for those wishing the stability and support of an EMR release, or to the latest 6.0.x version for those desiring the latest features. For additional details review: [Impact to CLM 5.x suite of products due to Java 6 EOS](<http://www.ibm.com/support/docview.wss?uid=swg22015069>)\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n5\\. Navigate to the server directory in your Rational product installation path, and go to jre/lib/security path. \n \n6\\. Open **_java.security_**_ _ file using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and remove MD5 option from the jdk.jar.disabledAlgorithms parameter set:\n\n * **_Before modification:_**\n\njdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize &lt; 1024\n\n * **_After modification:_**\n\njdk.jar.disabledAlgorithms=MD2, RSA keySize &lt; 1024\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affects multiple IBM Rational products based on IBM Jazz technology January 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-04-28T18:35:50", "id": "C3393A29227C0C9FC49F0455ABC614404983902D3C4620110ED407A6527B4770", "href": "https://www.ibm.com/support/pages/node/570815", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:41:56", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Cognos Insight. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Multiple Open Source OpenSSL vulnerabilities have also been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<https://vulners.com/cve/CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0733](<https://vulners.com/cve/CVE-2018-0733>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<https://vulners.com/cve/CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## \n\n## Affected Products and Versions\n\n * IBM Cognos Insight 10.2.1\n * IBM Cognos Insight 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical.\n\n**Cognos Insight Standard Edition 10.2.1 Fix Pack 2 Interim Fix 25**\n\nLink:_ _[_http://www-01.ibm.com/support/docview.wss?uid=swg24042434_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042434>)\n\n**Cognos Insight Standard Edition 10.2.2 Fix Pack 7 Interim Fix 14**\n\nLink:[_http://www.ibm.com/support/docview.wss?uid=swg24042420_](<http://www.ibm.com/support/docview.wss?uid=swg24042420>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos Insight", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3735", "CVE-2017-3736", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2663", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797"], "modified": "2020-02-24T07:27:10", "id": "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "href": "https://www.ibm.com/support/pages/node/716289", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-26T13:50:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. Multiple Open Source OpenSSL vulnerabilities have also been addressed.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2017-3735](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2017-3736](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by a carry propagation flaw in the x86_64 Montgomery squaring function bn_sqrx8x_internal(). An attacker with online access to an unpatched system could exploit this vulnerability to obtain information about the private key. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134397> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** _[CVE-2018-0739](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739>)_ \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2018-0733](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0733>)_ \n**DESCRIPTION:** OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n**CVEID:** [CVE-2018-2663](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2634](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137886> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2637](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2637>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A\n\n**CVEID:** [CVE-2018-2795](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n * IBM Cognos TM1 10.2\n * IBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \nCognos TM1 10.2.0.2 Interim Fix 25 \n \nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24043912_](<http://www.ibm.com/support/docview.wss?uid=swg24043912>) \n \nCognos TM1 10.2.2.7 Interim Fix 14 \n \nLink: [_http://www.ibm.com/support/docview.wss?uid=swg24043911_](<http://www.ibm.com/support/docview.wss?uid=swg24043911>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin (January 2018)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21985393>) \n[_IBM Java SDK Security Bulletin (April 2018)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21997194>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n11 July 2018: Original Version Published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS9RXT\",\"label\":\"Cognos TM1\"},\"Component\":\"Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.2;10.2.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2020-02-24T07:27:10", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities exist in IBM Cognos TM1", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3735", "CVE-2017-3736", "CVE-2018-0733", "CVE-2018-0739", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2663", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797"], "modified": "2020-02-24T07:27:10", "id": "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "href": "https://www.ibm.com/support/pages/node/716285", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-12T17:33:49", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2 | Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5 | Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5 \n \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management.\n\n## Remediation/Fixes\n\nConsult the [Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affect multiple IBM Rational products based on IBM Jazz technology](<https://www-01.ibm.com/support/docview.wss?uid=ibm10713487>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-07-16T19:45:23", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799"], "modified": "2018-07-16T19:45:23", "id": "B0EB6605C4CC12D6E8D36185E6ED609865C93114FCB684DE73EB6BEB035D90DB", "href": "https://www.ibm.com/support/pages/node/717533", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-05-13T18:36:30", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in April 2018. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.6 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.6 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.6 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.6 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.6 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.6 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n**IMPORTANT CONSIDERATIONS:**\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [ Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2018 CPU](<http://www.ibm.com/support/docview.wss?uid=swg22013818>) to get the WAS remediation.\n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process:\n * **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_\n * **Navigate to the server directory** in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions, _ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n**Windows:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"rem \" at the beginning of the line: \n**_Before modification:_** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_ **_ ... \nAfter modification:_** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._ \n**Linux:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"# \" at the beginning of the line: \n**_Before modification:_** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_ **_ ... \nAfter modification:_** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n * **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup. _\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 5.0.2 or 6.0.2. Or optionally, upgrade to the latest 6.0.x version. \n \n2\\. Optionally, apply the latest ifix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * For the 6.0.5 release: **JRE 7.1.4.25****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP25_**) or **JRE 8.0.5.15****_(&lt;product&gt;-JavaSE-JRE-8.0SR15FP15_**)\n * [_Rational Collaborative Lifecycle Management 6.0.5_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.5&platform=All&function=all>)\n * For the 6.0.2 release: **JRE 7.1.4.25****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP25_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases: \n * IBM SDK Java\u2122 Technology Edition, Version 6 is no longer supported on distributed platforms. IBM Collaborative Lifecycle Management (CLM) products version 5.x use Java 6 and are affected. IBM highly recommends customers to upgrade to Extended Maintenance Release 6.0.2 for those wishing the stability and support of an EMR release, or to the latest 6.0.x version for those desiring the latest features. For additional details review: [Impact to CLM 5.x suite of products due to Java 6 EOS](<http://www.ibm.com/support/docview.wss?uid=swg22015069>)\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n5\\. Navigate to the server directory in your Rational product installation path, and go to jre/lib/security path. \n \n6\\. Optionallly, If you have not performed a Licenses upgrade as described in the link below, please follow the instructions to complete the setup:\n\n_[No IBM Rational trial, server, or client access licenses available after upgrading Java and/or listed products](<http://www.ibm.com/support/docview.wss?uid=swg22008957>)_\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affect multiple IBM Rational products based on IBM Jazz technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799"], "modified": "2021-04-28T18:35:50", "id": "F79BA4E357CB90CE069217655DB3D6CE7EF68F7A1B216115A6D8278F44302CF1", "href": "https://www.ibm.com/support/pages/node/713487", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:55", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141970>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Security Guardium Data Redaction V 2.5.1\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \n \nIBM Security Guardium Data Redaction\n\n| \n\n2.5.1\n\n| \n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecur\u2026](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=Guardium_DataRedaction_2.5.1_SecurityUpdate_2018-08-03&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-06T20:49:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium Data Redaction", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-08-06T20:49:24", "id": "9F3A4D3D3968D6B816E9E228C328435F5647C85E34542030CA1FA338A0D0E13C", "href": "https://www.ibm.com/support/pages/node/718421", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:55:05", "description": "## Summary\n\nJava SE issues disclosed in the Oracle April 2018 Critical Patch Update \n\n## Vulnerability Details\n\n**CVE IDs:** CVE-2018-2814 CVE-2018-2794 CVE-2018-2783 CVE-2018-2799 CVE-2018-2798 CVE-2018-2797 CVE-2018-2796 CVE-2018-2795 CVE-2018-2800 CVE-2018-2790 \n\n**DESCRIPTION:** This bulletin covers all applicable Java SE CVEs published by Oracle as part of their April 2018 Critical Patch Update. For more information please refer to [Oracle's April 2018 CPU Advisory](<http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixJAVA>) and the X-Force database entries referenced below.\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60 and earlier releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60 and earlier releases \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and earlier releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and earlier releases \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and earlier releases \n \n**NOTE:** These releases are affected by CVE-2018-2814 on Solaris, HP-UX, and Mac OS only. \n \nFor detailed information on which CVEs affect which releases, please refer to the [IBM SDK, Java Technology Edition Security Vulnerabilities page](<https://developer.ibm.com/javasdk/support/security-vulnerabilities/>). \n\n## Remediation/Fixes\n\nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 65 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 65 and subsequent releases, where embedded with supported IBM products \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 25 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 25 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 15 and subsequent releases \n \nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the [developer center](<https://developer.ibm.com/javasdk/downloads/>). \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [IBM support](<http://www.ibm.com/support/>), and/or refer to the appropriate product security bulletin. \n \n**APAR numbers are as follows:**\n\n[IJ06342](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06342>) (CVE-2018-2794) \n[IJ06343](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06343>) (CVE-2018-2783) \n[IJ06344](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06344>) (CVE-2018-2799) \n[IJ06345](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06345>) (CVE-2018-2798) \n[IJ06346](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06346>) (CVE-2018-2797) \n[IJ06347](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06347>) (CVE-2018-2796) \n[IJ06348](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06348>) (CVE-2018-2795) \n[IJ06349](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06349>) (CVE-2018-2800) \n[IJ06351](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06351>) (CVE-2018-2790)\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-06-15T07:09:13", "id": "7995C63D3451A7C3D84F616783736F8B888530FC2843FD646CEBBD9728452806", "href": "https://www.ibm.com/support/pages/node/570015", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:53:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 and IBM\u00ae Runtime Environment Java\u2122 Versions 6 and 7 used by IBM Decision Optimization Center. These issues were disclosed as part of the IBM Java SDK updates in April 2018\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2799_](<https://vulners.com/cve/CVE-2018-2799>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141955_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2798_](<https://vulners.com/cve/CVE-2018-2798>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141954_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2797_](<https://vulners.com/cve/CVE-2018-2797>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141953_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2796_](<https://vulners.com/cve/CVE-2018-2796>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141952_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2795_](<https://vulners.com/cve/CVE-2018-2795>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141951_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2800_](<https://vulners.com/cve/CVE-2018-2800>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141956_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Decision Optimization Center v3.9.0.1 and earlier\n\n## Remediation/Fixes\n\n**IBM ILOG ODM Enterprise** \nFrom v3.6 to v3.7.0.2: [IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 65](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+Optimization+Decision+Manager&release=All&platform=All&function=fixId&fixids=SDK6sr16fp65-DO-ODME-*&includeSupersedes=0>) and subsequent releases \n \n**IBM Decision Optimization Center** \nFrom v3.8 to v3.8.0.1: [IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 65](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+Optimization+Decision+Manager&release=All&platform=All&function=fixId&fixids=SDK6sr16fp65-DO-DOC-*&includeSupersedes=0>) and subsequent releases \n \nFrom v3.8.0.2: [IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 25](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+Optimization+Decision+Manager&release=All&platform=All&function=fixId&fixids=SDK7sr10fp25-DO-DOC-*&includeSupersedes=0>) and subsequent releases \n \n \nThe recommended solution is to download and install the IBM Java SDK as soon as practicable. \n \nBefore installing a newer version of IBM Java SDK, please ensure that you: \n\n * Close any open programs that you have running;\n * Rename the initial directory of the IBM Java SDK (for example: with a .old at the end),\n * Download and install IBM Java SDK.\n \n[Here are the detailed instructions](<http://www.ibm.com/support/docview.wss?uid=swg21691505>) for updating IBM Java SDK. \n \nYou must verify that applying this fix does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-16T14:21:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime IBM affect IBM Decision Optimization Center and IBM ILOG ODM Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-06-16T14:21:02", "id": "3351913AA6F914F18448443EC647D11C82F5EA5B9063570096C0FD695ACD7A3A", "href": "https://www.ibm.com/support/pages/node/570987", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:44:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Spectrum LSF Process Manager. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141970>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Spectrum LSF Process Manager 10.2\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nIBM Spectrum LSF Process Manager | _10.2_ | _None_ | _See below steps_ \n \n**IBM Spectrum LSF Process Manager 10.2**\n\n1\\. Download IBM JRE 8.0 from the following location: [_http://www.ibm.com/support/fixcentral_](<http://www.ibm.com/support/fixcentral>). (The following steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the PM server host.\n\n3\\. Log on the PM server host as root, stop jfd.\n\n# jadmin stop\n\n4\\. On the PM server host, extract new JRE files and replace old folders with new ones.\n\n# tar -zxvf ibm-java-jre-8.0-5.15-linux-x86_64.tgz\n\n \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre-old \n# mkdir -p /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# cp -r ibm-java-x86_64-80/* /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/bin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/lib /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/plugin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# rm -rf /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre\n\n5\\. On the PM server host, start jfd\n\n# jadmin start\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-05-24T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum LSF Process Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2019-05-24T05:10:01", "id": "360DC7CD246693E2B1DE1202036FEC8857313D282295C1CF5B81C9D2168D8BC5", "href": "https://www.ibm.com/support/pages/node/665249", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:47:06", "description": "## Summary\n\nIBM Initiate Master Data Service is vulnerable to Oracle Java SE and Java SE Embedded issues and could allow remote attackers to affect the confidentiality, integrity, and availability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nThese vulnerabilities are known to affect the following offerings: \n \nIBM Initiate Master Data Service version 10.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n\n\n**_Product_**** ** | **_VRMF_** | **_APAR_** | **_Remediation/First Fix_** \n---|---|---|--- \nIBM Initiate Master Data Service | \n\n10.1\n\n| None | [_10.1.050118_IM_Initiate_MasterDataService_ALL_Interim Fix_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/IBM+Initiate+Master+Data+Service&release=All&platform=All&function=fixId&fixids=10.1.050118_IM_Initiate_MasterDataService_ALL_Interm%20Fix&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-10-02T21:15:01", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - April 2018 - Includes Oracle April 2018 CPU affects IBM InfoSphere Master Data Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-10-02T21:15:01", "id": "F1ECF74A0087969AEAB2A74D57C4E1ED4D9DC73748D06233229C4CC120CBD882", "href": "https://www.ibm.com/support/pages/node/732375", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:40:50", "description": "## Summary\n\nJava SE issues were disclosed in the Oracle April 2018 Critical Patch Update. IBM SDK, Java Technology Edition, is included with IBM Intelligent Operations Center products.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:**An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:**An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141951 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [ https://exchange.xforce.ibmcloud.com/vulnerabilities/141956 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector:(CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n**Principal Product and Versions**\n\n| **Affected Supporting Products and Versions** \n---|--- \nIBM Intelligent Operations Center V1.6.0, V1.6.0.1, V1.6.0.2, V1.6.0.3, V5.1.0, V5.1.0.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, V5.1.0.5, V5.1.0.6, V5.1.0.7, V5.1.0.8, V5.1.0.9, V5.1.0.10, V5.1.0.11, and V5.1.0.12 | IIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 60 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 60 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 20 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 20 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 10 and earlier releases \nIBM Intelligent Operations Center for Emergency Management V1.6, V.5.1, V5.1.0.2, V5.1.0.3, V5.1.0.4, and V5.1.0.6 \nIBM Intelligent Operations for Transportation V1.6.1 \nIBM Water Operations for Waternamics V5.1, V5.2.0, V5.2.0.1, V5.2.0.2, V5.2.0.3, V5.2.0.4, V5.2.0.5, and V5.2.0.6 \n \n## Remediation/Fixes\n\nConsult the security bulletin, [Security Bulletin: Multiple vulnerabilities may affect IBM SDK, Java Technology Edition](<http://www.ibm.com/support/docview.wss?uid=swg22015806>), for information about fixes.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-10-31T14:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition, in IBM Intelligent Operations Center products (April 2018 CPU)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2018-10-31T14:50:01", "id": "F3DAB8567AF331C8A8360A693B97E286F43D555C7AE51BE5F8AFBCB6E6CB4EDF", "href": "https://www.ibm.com/support/pages/node/572055", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-07T14:56:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 versions, specifically Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Spectrum Conductor with Spark 2.2.0 and 2.2.1. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section.\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Spectrum Conductor with Spark 2.2.0 \nIBM Spectrum Conductor with Spark 2.2.1\n\n## Remediation/Fixes\n\n## **Before installation **\n\n 1. Log in to the cluster management console as the cluster administrator and stop all Spark instance groups.\n 2. Log on to the primary management host as the cluster administrator: \n&gt; egosh user logon -u Admin -x Admin\n 3. Stop all services and shut down the cluster: \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n\n## **Installation**\n\n 1. Log on to each host in your cluster (root or sudo to root permission).\n 2. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files. For example: \n&gt; export CLUSTERADMIN=egoadmin\n 3. Upgrade the JRE by using the RPM in this interim fix. \nNOTE: RPM version 4.2.1 or later must be installed on the host. Ensure that you replace _dbpath_location_ in the following RPM commands with the path to your database. \nFor IBM Spectrum Conductor with Spark 2.2.0, take Linux x86_64 as example: \n&gt; mkdir -p /tmp/cws22build498783 \n&gt; tar zxof cws-2.2.0.0_x86_64_build498783.tgz -C /tmp/cws22build498783 \n&gt; rpm -ivh --replacefiles --prefix $EGO_TOP --dbpath _dbpath_location _/tmp/cws22build498783/egojre-8.0.5.17.x86_64.rpm \nFor IBM Spectrum Conductor with Spark 2.2.1, take Linux x86_64 as example: \n&gt; mkdir -p /tmp/cws221build498785 \n&gt; tar zxof cws-2.2.1.0_x86_64_build498785.tgz -C /tmp/cws221build498785 \n&gt; rpm -ivh \\--replacefiles --prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/cws221build498785/egojre-8.0.5.17.x86_64.rpm \nThe _cshrc.jre _and _profile.jre_ files are updated to the current JRE version. If you made copies of these files, ensure that you update the copied files with the new JRE version.\n 4. Source the cluster profile again and start the cluster: \n&gt; egosh ego start all\n 5. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n\n## **Verify the installation**\n\nRun the **rpm \u2013qa** command to verify the installation.\n\nFor IBM Spectrum Conductor with Spark 2.2.0, enter: \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre \negojre-8.0.5.17-498783.x86_64\n\nFor IBM Spectrum Conductor with Spark 2.2.1, enter: \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre \negojre-8.0.5.17-498785.x86_64\n\n## **Uninstallation (if required)**\n\n 1. Log in to the cluster management console as the cluster administrator and stop all Spark instance groups.\n 2. Log on to the primary management host as the cluster administrator: \n&gt; egosh user logon -u Admin -x Admin\n 3. Stop services and shut down the cluster: \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n 4. Log on to each host in your cluster (root or sudo to root permission).\n 5. Define the **CLUSTERADMIN** environment variable and set it to any valid operating user account, which then owns all installation files. For example: \n&gt; export CLUSTERADMIN=egoadmin\n 6. Uninstall the existing JRE and then install the old JRE. \nNOTE: RPM version 4.2.1 or later must be installed on the host. \nEnsure that you replace _dbpath_location_ in the following RPM commands with the path to your database. \nFor IBM Spectrum Conductor with Spark 2.2.0, enter: \n&gt; rpm -e egojre-8.0.5.17-498783.x86_64 --dbpath _dbpath_location_ \\--nodeps \n&gt; rpm -qa --dbpath _dbpath_location_ |grep egojre \nFor each previous egojre rpm, run: \n&gt; rpm -e [egojre_name] --dbpath _dbpath_location_ \\--nodeps \nThen, install the old JRE: \n&gt; mkdir -p /tmp/extract22 \n&gt; cws-2.2.0.0_x86_64.bin --extract /tmp/extract22 \n&gt; rpm -ivh --prefix $EGO_TOP --dbpath _dbpath_location _/tmp/extract22/egojre-*.rpm \nFor IBM Spectrum Conductor with Spark 2.2.1, enter: \n&gt; rpm -e egojre-8.0.5.17-498785.x86_64 --dbpath _dbpath_location_ \\--nodeps \n&gt; rpm -qa \\--dbpath _dbpath_location_ |grep egojre \nFor each previous egojre rpm, run: \n&gt; rpm -e [egojre_name] --dbpath _dbpath_location_ \\--nodeps \nThen, install the old JRE: \n&gt; mkdir -p /tmp/extract221 \n&gt; cws-2.2.1.0_x86_64.bin --extract /tmp/extract221 \n&gt; rpm -ivh \\--prefix $EGO_TOP --dbpath _dbpath_location__ _/tmp/extract221/egojre-*.rpm\n 7. Source the cluster profile and start the cluster: \n&gt; egosh ego start all\n 8. Log in to the cluster management console as the cluster administrator and start the required Spark instance groups.\n\n**Packages**\n\n_**Product**_ | _**VRMF**_ | _**APAR**_ | _**Remediation/First Fix**_ \n---|---|---|--- \n_IBM Spectrum Conductor with Spark_ | _2.2.0_ | _P102673_ | \n\n_egojre-8.0.5.17.x86_64.rpm_\n\n_egojre-8.0.5.17.ppc64le.rpm_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=cws-2.2-build498783&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=cws-2.2-build498783&includeSupersedes=0>) \n \n_IBM Spectrum Conductor with Spark_ | _2.2.1_ | _P102673_ | \n\n_egojre-8.0.5.17.x86_64.rpm_\n\n_egojre-8.0.5.17.ppc64le.rpm_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=cws-2.2.1-build498785&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Conductor+with+Spark&release=All&platform=All&function=fixId&fixids=cws-2.2.1-build498785&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-08-02T08:47:37", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Conductor with Spark", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2021-08-02T08:47:37", "id": "04C02A7E582660CD6B68F6BEB1B2E60BA695D9E162B960484D27A37445B0B16D", "href": "https://www.ibm.com/support/pages/node/720115", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-07T14:56:11", "description": "## Summary\n\nMultiple vulnerabilities exist in IBM\u00ae Runtime Environment Java\u2122 versions, specifically Version 6 Service Refresh 16 Fix Pack 60 and earlier releases used by IBM Platform Symphony 6.1.1, Version 7 Service Refresh 10 Fix Pack 20 and earlier releases used by IBM Platform Symphony 7.1 Fix Pack 1, Version 8 Service Refresh 5 Fix Pack 10 and earlier releases used by IBM Platform Symphony 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Platform Symphony 6.1.1 \nIBM Platform Symphony 7.1 Fix Pack 1 \nIBM Platform Symphony 7.1.1 \nIBM Spectrum Symphony 7.1.2 \nIBM Spectrum Symphony 7.2.0.2\n\n## Remediation/Fixes\n\n### Applicability\n\n * Operating systems: Linux x64\n\n * Cluster type: Single grid cluster\n\n### Prequisite\n\nTo install or uninstall the .rpm packages for IBM Spectrum Symphony 7.1.2 and 7.2.0.2, you must have root permission and RPM version 4.2.1 or later must be installed on the host.\n\n### Before installation\n\n 1. Log on to the primary management host as the cluster administrator.\n 2. Disable your applications, stop services, and shut down the cluster: \n&gt; source profile.platform \n&gt; soamcontrol app disable all \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n 3. For Platform Symphony 6.1.1, 7.1 Fix Pack 1, and 7.1.1, back up the JRE folder (under _$EGO_TOP/jre/_&lt;EGO_version&gt;_/linux-x86_64/_) on all hosts. For example, in a Platform Symphony 7.1.1 cluster, back up the JRE folder at _$EGO_TOP/jre/3.3/linux-x86_64/_.\n 4. For IBM Spectrum Symphony 7.1.2 and 7.2.0.2, uninstall the existing JRE. \n 1. Query the existing JRE package and uninstall it from the dbpath location, for example: \n&gt; rpm -qa --dbpath /tmp/rpm | grep egojre \negojre-1.8.0.3-408454.x86_64 \n&gt; rpm -e egojre-1.8.0.3-408454.x86_64 --dbpath /tmp/rpm --nodeps\n 2. For IBM Spectrum Symphony 7.2.0.2, remove the leftover link under the _jre_ folder, for example: \n&gt; rm -rf $EGO_TOP/jre/8.0.5.0\n\n### Install this interim fix\n\n 1. Log on to each host as the cluster administrator and replace your current JRE folder with the files in this interim fix. \nFor Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, remove the files in the existing JRE folder and extract the interim package to the JRE folder on all hosts. \nFor example, in a Platform Symphony 7.1.1 cluster, enter the following commands: \n&gt; rm -rf $EGO_TOP/jre/3.3/linux-x86_64/* \n&gt; tar zxfo symSetup_jre8sr5fp17_linux-64_build497456.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64 \nFor IBM Spectrum Symphony 7.1.2 and 7.2.0.2, use the same dbpath and prefix as the installation, for example: \n&gt; rpm \u2013ivh --dbpath /tmp/rpm --prefix /opt/platform egojre-1.8.0.517.x86_64.rpm\n 2. Delete all subdirectories and files in the GUI work directory: \n&gt; rm -rf $EGO_TOP/gui/work/* \n&gt; rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to **true** in the _$EGO_CONFDIR/conf/wlp.conf_ file, you must clean up the _$WLP_OUTPUT_DIR/_webgui_hostname_/gui/workarea/_ directory.\n 3. Launch your browser and clear the browser cache.\n 4. Log on to the primary management host as the cluster administrator, start the cluster, and enable your applications: \n&gt; source profile.platform \n&gt; egosh ego start all \n&gt; soamcontrol app enable &lt;_appName_&gt;\n\n### Verify the installation\n\nFor Platform Symphony 6.1.1, the following example shows output for the **java -version** command: \n&gt; java -version \njava version \"1.6.0\" \nJava(TM) SE Runtime Environment (build pxa6460sr16fp65-20180505_01(SR16 FP65)) \nIBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux amd64-64 jvmxa6460sr16fp65-20180411_383947 (JIT enabled, AOT enabled) \nJ9VM - 20180411_383947 \nJIT - r9_20180411_383947 \nGC - GA24_Java6_SR16_20180411_1747_B383947) \nJCL - 20180504_01\n\nFor Platform Symphony 7.1 Fix Pack 1, the following example shows output for the **java -version** command: \n&gt; java -version \njava version \"1.7.0\" \nJava(TM) SE Runtime Environment (build pxa6470sr10fp25-20180430_01(SR10 FP25)) \nIBM J9 VM (build 2.6, JRE 1.7.0 Linux amd64-64 Compressed References 20180420_384915 (JIT enabled, AOT enabled) \nJ9VM - R26_Java726_SR10_20180420_1715_B384915 \nJIT - r11_20180420_384915 \nGC - R26_Java726_SR10_20180420_1715_B384915_CMPRSS \nJ9CL - 20010803_384915) \nJCL - 20180427_01 based on Oracle jdk7u181-b09\n\nFor Platform Symphony 7.1.1, the following example shows output for the **java -version** command: \n&gt; java -version \njava version \"1.8.0_171\" \nJava(TM) SE Runtime Environment (build 8.0.5.17 - pxa6480sr5fp17-20180627_01(SR5 FP17)) \nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20180626_390413 (JIT enabled, AOT enabled) \nOpenJ9 - 5cdc604 \nOMR - a24bc01 \nIBM - 21870d6) \nJCL - 20180619_01 based on Oracle jdk8u171-b11\n\nFor IBM Spectrum Symphony 7.1.2, the following example shows output for the **rpm -qa** command: \n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-1.8.0.517-497456.x86_64\n\nFor IBM Spectrum Symphony 7.2.0.2, the following example shows output for the **rpm -qa** command: \n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre \negojre-8.0.5.17-497456.x86_64\n\n### Uninstallation\n\nIf required, follow these instructions to uninstall this interim fix in your cluster:\n\n 1. Log on to the primary management host as the cluster administrator.\n 2. Disable your applications, stop services, and shut down the cluster: \n&gt; source profile.platform \n&gt; soamcontrol app disable all \n&gt; egosh service stop all \n&gt; egosh ego shutdown all\n 3. Log on to all hosts as the cluster administrator and restore the JRE folder from your backup. \nFor Platform Symphony 6.1.1, 7.1 Fix Pack 1 and 7.1.1, restore your backup to the _$EGO_TOP/jre/_&lt;EGO_version&gt;_/linux-x86_64/_ folder. For example, in a Platform Symphony 7.1.1 cluster, restore your backup to the _$EGO_TOP/jre/3.3/linux-x86_64/_ folder. \n \nFor IBM Spectrum Symphony 7.1.2 and 7.2.0.2, uninstall the existing JRE, then install the old one: \n 1. Uninstall the JRE fix, for example: \n&gt; rpm -e egojre-1.8.0.517-497456.x86_64 \\--dbpath /tmp/rpm/ --nodeps\n 2. For IBM Spectrum Symphony 7.2.0.2, remove the leftover link under the _jre_ folder, for example: \n&gt; rm -rf $EGO_TOP/jre/8.0.5.17\n 3. Extract the _egojre_ .rpm package from the .bin installation package, for example, for IBM Spectrum Symphony 7.1.2: \n&gt; sym-7.1.2.0_x86_64.bin --extract /opt/extract\n 4. Reinstall the old JRE package. Use the same dbpath and prefix as the installation, for example: \n&gt; rpm -ivh --dbpath /tmp/rpm --prefix /opt/extract/egojre-1.8.0.3.x86_64.rpm\n 4. Delete all subdirectories and files in the GUI work directory: \n&gt; rm -rf $EGO_TOP/gui/work/* \n&gt; rm -rf $EGO_TOP/gui/workarea/* \n**NOTE: **If you configured the **WLP_OUTPUT_DIR** parameter and **APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR** is set to **true** in the _$EGO_CONFDIR/conf/wlp.conf_ file, you must clean up the _$WLP_OUTPUT_DIR/_webgui_hostname_/gui/workarea/_ directory.\n 5. Launch your browser and clear the browser cache.\n 6. Log on to the primary management host as the cluster administrator, start the cluster, and enable your applications: \n&gt; source profile.platform \n&gt; egosh ego start all \n&gt; soamcontrol app enable &lt;_appName_&gt;\n\nPackages\n\n_**Product**_ | _**VRMF**_ | _**APAR**_ | _**Remediation/First Fix**_ \n---|---|---|--- \n_IBM Platform Symphony_ | _6.1.1_ | _P102655_ | \n\n_symSetup_jre6sr16fp65_linux-64_build497456.tar.gz_\n\n_[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-6.1.1-build497456&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-6.1.1-build497456&includeSupersedes=0>)_ \n \n_IBM Platform Symphony_ | _7.1 Fix Pack 1_ | _P102655_ | \n\n_symSetup_jre7sr10fp25_linux-64_build497456.tar.gz_\n\n_[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1-build497456&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build497456&includeSupersedes=0>)_ \n \n_IBM Platform Symphony_ | _7.1.1_ | _P102655_ | \n\n_symSetup_jre8sr5fp17_linux-64_build497456.tar.gz_\n\n_[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.1-build497456&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build497456&includeSupersedes=0>)_ \n \n_IBM Spectrum Symphony_ | _7.1.2_ | _P102655_ | \n\n_egojre-1.8.0.517.x86_64.rpm_\n\n_[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.2-build497456&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build497456&includeSupersedes=0>)_ \n \n_IBM Spectrum Symphony_ | _7.2.0.2_ | _P102655_ | \n\n_egojre-8.0.5.17.x86_64.rpm_\n\n_[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.2.0.2-build497456&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build497456&includeSupersedes=0>)_ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-08-02T08:43:28", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814"], "modified": "2021-08-02T08:43:28", "id": "5DF1DD441A05BCC49D128B3A86617DE71345613946448B1338EF4969D9FC29A7", "href": "https://www.ibm.com/support/pages/node/718381", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 used by IBM System Networking Switch Center (SNSC). These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. \n\n## Vulnerability Details\n\n**VEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2815](<https://vulners.com/cve/CVE-2018-2815>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141971> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Affected Version ** \n \n---|--- \n \nIBM System Networking Switch Center (SNSC) \n\n| \n\n7.3 \n \n## Remediation/Fixes\n\nSoftware fix versions are available on Passport Advantage: <https://www.ibm.com/software/passportadvantage/>\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM System Networking Switch Center (SNSC) \n\\- Windows English Install Package (CNV5VEN) \n\\- AIX English Install Package (CNV5UEN) \n\\- Linux English Install Package (CNV5TEN)\n\n| \n\n7.3.4 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-08-23T23:49:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (SNSC)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2603", "CVE-2018-2663", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2815"], "modified": "2018-08-23T23:49:32", "id": "EE3B451E15B910EDFE019526EB15A47C13F289794DDAE5C56C0061680ED00903", "href": "https://www.ibm.com/support/pages/node/729112", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T21:49:32", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141950](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141946](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected:\n\nIBM InfoSphere Information Server: versions 9.1, 11.3, 11.5, and 11.7 \nIBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR59513](<http://www.ibm.com/support/docview.wss?uid=swg1JR59513>)\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR59513_ISF_services_engine_*>) \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.5\n\n| \n\n[JR59513](<http://www.ibm.com/support/docview.wss?uid=swg1JR59513>)\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR59513_ISF_services_engine_*>) \n \nInfoSphere Information Server\n\n| \n\n11.3\n\n| \n\n[JR59513](<http://www.ibm.com/support/docview.wss?uid=swg1JR59513>)\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR59513_ISF_services_engine_*>) \n \nInfoSphere Information Server\n\n| \n\n9.1\n\n| \n\n[JR59513](<http://www.ibm.com/support/docview.wss?uid=swg1JR59513>)\n\n| \n\n\\--Upgrade to a new release \n \nFor versions 8.5, 8.7 IBM recommends upgrading to a fixed, supported version/release/platform of the product.\n\n**Contact Technical Support:**\n\nIn the United States and Canada dial **1-800-IBM-SERV** \nView the support [contacts for other countries](<http://www.ibm.com/planetwide/>) outside of the United States. \nElectronically [open a Service Request](<http://www.ibm.com/software/support/probsub.html>) with Information Server Technical Support.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-07-27T18:39:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-07-27T18:39:39", "id": "ABCCAF0B5CA6E3BFA51CA38E50C57E88B8FF461AF2BA9174416F3B345A55C6B8", "href": "https://www.ibm.com/support/pages/node/716941", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 versions 6, 7 and 8 used by IBM MQ. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\nCVEID:[ CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \nCVEID:[ CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \nCVEID: [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \nCVEID: [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n \nCVEID: [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\nCVEID: [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\nCVEID: [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE VM component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\nCVEID: [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \nCVEID: [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \nDESCRIPTION: An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\n_**IBM MQ 9.0.0.x Long Term Support (LTS)**_ \nMaintenance level 9.0.0.4 and earlier\n\n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nContinuous delivery update 9.0.5 and earlier\n\n_**IBM MQ 8.0 and IBM MQ Appliance 8.0**_ \nMaintenance levels 8.0.0.9 and earlier\n\n_**WebSphere MQ 7.5**_ \nMaintenance levels 7.5.0.8 and earlier\n\n_**WebSphere MQ 7.1**_ \nMaintenance levels 7.1.0.9 and earlier\n\n## Remediation/Fixes\n\n_**IBM MQ 9.0.0.x**_ \nApply iFix [IT25436](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=9.0&platform=All&function=aparId&apars=IT25436&source=fc>)\n\n_**IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)**_ \nUpgrade to [IBM MQ 9.1.](<https://developer.ibm.com/messaging/2018/07/23/ibm-mq-9-1-ibm-mq-appliance-m2002-available/#get>)\n\n_**IBM MQ V8.0 and IBM MQ Appliance 8.0**_ \nApply fix pack [8.0.0.10](<http://www-01.ibm.com/support/docview.wss?uid=swg22017459>)\n\nPlease note: Users of MQ v8.0 on the HP-UX platform are advised that patches for these issues have not been released by the manufacturer for this JRE level (7.0) at this time. These updates will be published by IBM once available.\n\n_**WebSphere MQ 7.5**_ \nApply iFix [IT25549](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.5&platform=All&function=aparId&apars=IT25549>)\n\n_**WebSphere MQ 7.1**_ \nApply iFix [IT25549](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.1&platform=All&function=aparId&apars=IT25549+>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-14T16:02:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2814"], "modified": "2018-08-14T16:02:50", "id": "68C77664327070460B17AF10B5AA600E8E7E2FD783142191F4CB257175711874", "href": "https://www.ibm.com/support/pages/node/717125", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:51:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2800_](<https://vulners.com/cve/CVE-2018-2800>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141956_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n\n**CVEID:** [_CVE-2018-2795_](<https://vulners.com/cve/CVE-2018-2795>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141951_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2796_](<https://vulners.com/cve/CVE-2018-2796>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141952_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2797_](<https://vulners.com/cve/CVE-2018-2797>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141953_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2798_](<https://vulners.com/cve/CVE-2018-2798>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141954_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2799_](<https://vulners.com/cve/CVE-2018-2799>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141955_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2790_](<https://vulners.com/cve/CVE-2018-2790>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141946_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAIX 5.3, 6.1, 7.1, 7.2 \nVIOS 2.2.x \n \nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed: \n \nFor Java7: Less than 7.0.0.625 \nFor Java7.1: Less than 7.1.0.425 \nFor Java8: Less than 8.0.0.515 \n \nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide. \n \nExample: `lslpp -L | grep -i java`\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version. \n \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 25 and subsequent releases: \n32-bit: [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all>) \n \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 25 and subsequent releases: \n32-bit: [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all>) \n \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 15 and subsequent releases: \n32-bit: [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all>) \n64-bit: [_https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all>)\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-18T01:44:04", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-06-18T01:44:04", "id": "FFEF65915DD801D408BA9D75900795F158A407B4735B5BF405076A2C35296696", "href": "https://www.ibm.com/support/pages/node/665299", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications v3.0\n\nIBM Content Collector for SAP Applications v4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM** | **Remediation** \n---|---|--- \nIBM Content Collector for SAP Applications | 3.0 | Use IBM Content Collector for SAP Applications [3.0.0.2 Interim Fix 8](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=3.0.0.2&platform=All&function=all>) \nIBM Content Collector for SAP Applications | 4.0 | Use IBM Content Collector for SAP Applications[ 4.0.0.2 Interim Fix 2](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=4.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-08-30T11:39:07", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799"], "modified": "2018-08-30T11:39:07", "id": "89680C8187B72629A49F5B9DB6180EF763F550009996675B378E43536DA36915", "href": "https://www.ibm.com/support/pages/node/715263", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7, 7R1 and 8 used by IBM DataPower Gateway. IBM DataPower Gateway has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141939](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141955](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141953](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141952](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/141951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nIBM DataPower Gateway 7.1.0.0 - 7.1.0.22\n\nIBM DataPower Gateway 7.2.0.0 - 7.2.0.20\n\nIBM DataPower Gateway 7.5.0.0 - 7.5.0.16\n\nIBM DataPower Gateway 7.5.1.0 - 7.5.1.15\n\nIBM DataPower Gateway 7.5.2.0 - 7.5.2.15\n\nIBM DataPower Gateway 7.6.0.0 - 7.6.0.8\n\n## Remediation/Fixes\n\nIBM DataPower Gateway 7.1.0.23, 7.2.0.21, 7.5.0.17, 7.5.1.16, 7.5.2.16, 7.6.0.9, 7.7.1.3 [APAR IT25958](<http://www-01.ibm.com/support/docview.wss?uid=swg1IT25958>)\n\nFor IBM DataPower Gateway version 7.0 and below, IBM recommends upgrading to a fixed, supported version of the product.\n\n## Workarounds and Mitigations\n\nNone\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin](<http://www.ibm.com/support/docview.wss?uid=swg22015806>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n13 August 2018 Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-09-07T14:47:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect DataPower Gateways", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799"], "modified": "2018-09-07T14:47:17", "id": "2EB239F42D6D7C7FA19DB2D44FE26391F190CD35DED01956174DF034F07EE7DC", "href": "https://www.ibm.com/support/pages/node/726009", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by QRadar SIEM. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID: ** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \n**CVSS Base Score: **7.40 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N \n \n**CVEID: ** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score: **5.30 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID: ** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score: **5.30 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID: ** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score: **5.30 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID: ** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score: **5.30 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID: ** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score: **5.30 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n\n\n## Affected Products and Versions\n\nIBM QRadar SIEM 7.3.0 to 7.3.1 Patch 4\n\nIBM QRadar SIEM 7.2.0 to 7.2.8 Patch 13\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180720020816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n[QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 13 Interim Fix 1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FOther+software%2FIBM+Security+QRadar+Vulnerability+Manager&fixids=7.2.8-QRADAR-QRSIEM-20180816182608INT&function=fixId&parent=IBM%20Security>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-08-29T21:42:07", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799"], "modified": "2018-08-29T21:42:07", "id": "90B72607FC15B1F844110A335A4487D01DE26FAD2616B7249AA74D1FB329DBF6", "href": "https://www.ibm.com/support/pages/node/729699", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:55:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 versions 6, 7 and 8 used by IBM MQ. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n \n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\n**_IBM MQ 9.0.0.x Long Term Support (LTS)_** \nMaintenance level 9.0.0.2 and earlier \n \n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nContinuous delivery update 9.0.4 and earlier \n \n**_IBM MQ 8.0 and IBM MQ Appliance 8.0_** \nMaintenance levels 8.0.0.8 and earlier \n \n**_WebSphere MQ 7.5_** \nMaintenance levels 7.5.0.8 and earlier \n \n**_WebSphere MQ 7.1_** \nMaintenance levels 7.1.0.8 and earlier\n\n## Remediation/Fixes\n\n**_IBM MQ 9.0.0.0_** \nApply fix pack [9.0.0.3](<http://www-01.ibm.com/support/docview.wss?uid=swg24044508>) \n \n**_IBM MQ 9.0.x and IBM MQ Appliance 9.0.x Continuous Delivery Release (CDR)_** \nUpgrade to [IBM MQ 9.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg24043463>) \n \n**_IBM MQ V8.0 and IBM MQ Appliance 8.0_** \nApply fix pack [8.0.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22015103>) \n \n**_Please note_**_: Users of MQ v8.0 on the HP-UX platform are advised that patches for these issues have not been released by the manufacturer for this JRE level (7.0) at this time. These updates will be published by IBM once available. _ \n \n**_WebSphere MQ 7.5_** \nApply iFix [IT23405](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.5&platform=All&function=aparId&apars=IT23405>) \n \n**_WebSphere MQ 7.1_** \nApply fix pack [7.1.0.9](<http://www-01.ibm.com/support/docview.wss?uid=swg22010694>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:20", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-15T07:09:20", "id": "203637A7337D06861774179D4D3518E325B33E9B8CD6DCE1BD240CA49279FE67", "href": "https://www.ibm.com/support/pages/node/570791", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:47:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and IBM\u00ae Runtime Environment Java\u2122 Version 7 used by Content Collector for SAP Applications. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications v3.0 \n\nIBM Content Collector for SAP Applications v4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRM**| **Remediation** \n---|---|--- \nIBM Content Collector for SAP Applications| 3.0| Use IBM Content Collector for SAP Applications [Interim Fix 7](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=3.0.0.2&platform=All&function=all>) \nIBM Content Collector for SAP Applications| 4.0| Use IBM Content Collector for SAP Applications[ Interim Fix 1](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=4.0.0.2&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T12:19:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T12:19:27", "id": "4F01C0B61707270A1ABDE9AC46E85FB38F93C93876E8F606FD7148EBBAD57C5C", "href": "https://www.ibm.com/support/pages/node/567875", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-22T01:47:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 15 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2018 and April 2018. \n\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: ** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n**CVEID: ** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: ** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID: ** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**DESCRIPTION: ** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM B2B Advanced Communications 1.0.0.2 - 1.0.0.6_2\n\n## Remediation/Fixes\n\n_**Release**_ | **_VRMF_** | **_How to acquire fix_** \n---|---|--- \n1.0.1.0 | 1.0.1.0 | IBM Fix Central &gt; [B2B_Advanced_Communications_V1.0.1.0_Media](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther%20software&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2019-01-15T18:15:02", "type": "ibm", "title": "Security Bulletin: B2B Advanced Communications is Affected by Multiple Vulnerabilities in IBM Java Runtime", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "modified": "2019-01-15T18:15:02", "id": "26FDEF4686F824A255770B8961AB492AA5E4A9A534F8EC7775C73A50569E127C", "href": "https://www.ibm.com/support/pages/node/793713", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:15", "description": "## Summary\n\nThere are several vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2815](<https://vulners.com/cve/CVE-2018-2815>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141971> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2814](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141970> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-2790](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141946> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin: \n \n-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.3.0 Fix Pack 7 (JRE 7) (All CVE's listed except for CVE-2018-2799 and CVE-2018-2796) \n-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.3.0 Fix Pack 7 (All CVE's listed) \n\n\n## Remediation/Fixes\n\n**_Java (TEP) Remediation:_** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix below provides updated JRE packages for the portal server which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients.\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20180726 | 6.2.3 FP1 through 6.3.0 FP7 | <http://www.ibm.com/support/docview.wss?uid=ibm10718975> \n \n**_Java (CANDLEHOME) Remediation:_** \nThe patch below should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows). \n\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20180726 | 6.2.3 through 6.3.0 FP7 | <http://www.ibm.com/support/docview.wss?uid=ibm10718867> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-23T22:07:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-08-23T22:07:15", "id": "C32E6CDF5E2B63D069515E22D16A28819A2DD3401300A5396516F5B1D38A278F", "href": "https://www.ibm.com/support/pages/node/717693", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:55:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by z/TPF. These issues were disclosed as part of the IBM Java SDK updates in April 2018.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \n**CVEID:** [_CVE-2018-2800_](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141956_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141956>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2018-2795_](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141951_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141951>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2796_](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141952_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141952>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2797_](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141953_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141953>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2798_](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141954_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141954>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2799_](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141955_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141955>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2815_](<https://vulners.com/cve/CVE-2018-2815>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141971_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141971>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n \n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2814_](<https://vulners.com/cve/CVE-2018-2814>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141970_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141970>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2018-2790_](<https://vulners.com/cve/CVE-2018-2790>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141946_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nz/TPF Enterprise Edition Version 1.1.14 - 1.1.15\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nz/TPF| 1.1.14 - 1.1.15| N/A| Download and install the `PJ45246_ibm-java-jre-8.0-5.15.tar.gz` package from the [IBM 64-bit Runtime Environment for z/TPF, Java Technology Edition, Version 8](<http://www-01.ibm.com/support/docview.wss?uid=swg24043118>) download page. \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-06-15T07:09:23", "id": "6A9F30617183D7A0ABB599A05D4D81DEE142C73FB0C46974B6E6FC07D95844B8", "href": "https://www.ibm.com/support/pages/node/571429", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:43:57", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.6, and Version 7 that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-2663](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137917> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2677](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2618](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137870> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2018-2641](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137893> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2582](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137836> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin: \n \n-Java (CANDLEHOME) ITM 6.2.3 Fix Pack 1 (JRE 1.6) through 6.2.3 Fix Pack 5 and 6.3.0 through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-2602 only) \n-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.2.3 Fix pack 1 through 6.2.3 Fix Pack 5 (JRE 1.6) and 6.3.0 throught 6.3.0 Fix Pack 7 (JRE 7) (All CVE's listed) \n \n\n\n## Remediation/Fixes\n\n**_Java (TEP) Remediation:_** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix below provides updated JRE packages for the portal server which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients. \n \n\n\n**_Fix_**| **_VRMF_**| **_How to acquire fix_** \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20180512| 6.2.3 FP1 through 6.3.0 FP7| <http://www.ibm.com/support/docview.wss?uid=swg24044851> \n \n \n \n**_Java (CANDLEHOME) Remediation:_** \nThe patch below should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows). \n \n**_Fix_**| **_VMRF_**| **_Remediation/First Fix_** \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20180512| 6.2.3 through 6.3.0 FP7| <http://www.ibm.com/support/docview.wss?uid=swg24044852> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T15:51:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java JRE affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T15:51:34", "id": "1EB4C94ED5192A787B590CC4302D443A60AA1648687FC5F70C91C7216427D0D1", "href": "https://www.ibm.com/support/pages/node/570667", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T21:45:22", "description": "## Summary\n\nThere are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU which includes Oracle Apr 2018 CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2800](<https://vulners.com/cve/CVE-2018-2800>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit RMI component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.2 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141956> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2798](<https://vulners.com/cve/CVE-2018-2798>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141954> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [CVE-2018-2794](<https://vulners.com/cve/CVE-2018-2794>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141950> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected InfoSphere Streams | Affected Versions \n---|--- \nInfoSphere Streams | 4.0.1.6 and earlier \nInfoSphere Streams | 3.2.1.6 and earlier \nIBM Streams | 4.1.1.6 and earlier \nIBM Streams | 4.2.1.4 and earlier \nIBM Streams | 4.3.0.0 \n \n## Remediation/Fixes\n\nNOTE: Fix Packs are available on IBM Fix Central.\n\nTo remediate/fix this issue, follow the instructions below:\n\nVersion 4.3.x: Contact IBM technical support \nVersion 4.2.x: Apply [_4.2.1 Fix Pack 4 (4.2.1.5) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>). \nVersion 4.1.x: Apply [_4.1.1 Fix Pack 6 (4.1.1.7) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>). \nVersion 4.0.x: Apply [_4.0.1 Fix Pack 6 (4.0.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>). \nVersions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-12-03T16:50:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU which includes Oracle Apr 2018 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-12-03T16:50:01", "id": "D182CB632B33579A484CAA078DECBD4223A6DDEECE7EA8E1FDC5025F7DD813F3", "href": "https://www.ibm.com/support/pages/node/737253", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:47:50", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7 &amp; 8 and IBM\u00ae Runtime Environment Java\u2122 Versions 6,7 &amp; 8 used by IBM Security Access Manager software and appliances. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-2795](<https://vulners.com/cve/CVE-2018-2795>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141951> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2796](<https://vulners.com/cve/CVE-2018-2796>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141952> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2797](<https://vulners.com/cve/CVE-2018-2797>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141953> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2799](<https://vulners.com/cve/CVE-2018-2799>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-2783](<https://vulners.com/cve/CVE-2018-2783>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141939> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Access Manager for e-business version 6.1\n\nIBM Tivoli Access Manager for e-business version 6.1.1\n\nIBM Security Access Manager for Web version 7.0 software release\n\nIBM Security Access Manager for Web version 8 appliance\n\nIBM Security Access Manager for Mobile version 8 appliance\n\nIBM Security Access Manager version 9 appliance\n\n## Remediation/Fixes\n\nIf you run your own Java code using the IBM Java Runtime delivered with an IBM Security Access Manager software product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information. \n \nThe table below provides links to patches for all affected versions. Follow the installation instructions in the README file included with the patch. \n\n\n**Product** | **VRMF** | **APAR** | **Remediation** \n---|---|---|--- \nIBM Tivoli Access Manager for e-business | 6.1 - 6.1.0.35 | IJ06528 | Apply Interim Fix 36: \n[6.1.0-ISS-TAM-IF0036](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.1.0&platform=All&function=all>) \nIBM Tivoli Access Manager for e-business | 6.1.1 - 6.1.1.34 | IJ06528 | Apply Interim Fix 35: \n[6.1.1-ISS-TAM-IF0035](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=6.1.1&platform=All&function=all>) \nIBM Security Access Manager for Web (software) | 7.0 - 7.0.0.34 (software) | IJ06528 | Apply Interim Fix 35: \n[7.0.0-ISS-SAM-IF0035](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=7.0.0&platform=All&function=all>) \nIBM Security Access Manager for Web (appliance) | 8.0 - 8.0.1.7 | IJ06496 | Upgrade to 8.0.1.8: \n[_8.0.1-ISS-WGA-FP0008_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=8.0.1.7&platform=All&function=all>) \nIBM Security Access Manager for Mobile (appliance) | 8.0 - 8.0.1.7 | IJ06510 | Upgrade to 8.0.1.8: \n[8.0.1-ISS-ISAM-FP0008](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Tivoli/Security+Access+Manager+for+Mobile&release=8.0.1.7&platform=Linux&function=all>) \nIBM Security Access Manager (appliance) | 9.0 - 9.0.5.0 | IJ06496 | Upgrade to 9.0.5.0: \n[9.0.5-ISS-ISAM-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n \nFor IBM Tivoli Access Manager for e-business 6.0 and earlier, IBM recommends upgrading to a fixed, supported release of the product.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-09-17T21:35:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Security Access Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2799"], "modified": "2018-09-17T21:35:02", "id": "199F635B1B35FFA7628E6AE481F1D2EE89267D425F70ACF7D67C55CB7C35B701", "href": "https://www.ibm.com/support/pages/node/731815", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T21:48:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 \nused by QRadar SIEM. These issues were disclosed as part of the IBM Java SDK updates in January 2018. \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-2579](<https://vulners.com/cve/CVE-2018-2579>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score:**3.70 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137833> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N \n \n**CVEID:** [CVE-2018-2588](<https://vulners.com/cve/CVE-2018-2588>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score:**4.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137841> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N \n \n**CVEID:** [CVE-2018-2599](<https://vulners.com/cve/CVE-2018-2599>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score:**4.80 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137851> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L \n \n**CVEID:** [CVE-2018-2602](<https://vulners.com/cve/CVE-2018-2602>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \n**CVSS Base Score:**4.50 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137854> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L \n \n**CVEID:** [CVE-2018-2603](<https://vulners.com/cve/CVE-2018-2603>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score:**5.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137855> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID:** [CVE-2018-2633](<https://vulners.com/cve/CVE-2018-2633>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \n**CVSS Base Score:**8.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137885> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H \n \n**CVEID:** [CVE-2018-2637](<https://vulners.com/cve/CVE-2018-2637>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \n**CVSS Base Score:**7.40 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137889> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N \n \n**CVEID:** [CVE-2018-2657](<https://vulners.com/cve/CVE-2018-2657>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \n**CVSS Base Score:**5.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137910> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L \n \n**CVEID:** [CVE-2018-2678](<https://vulners.com/cve/CVE-2018-2678>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. Not Applicable \n**CVSS Base Score:**4.30 \n**CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/137933> for the current score \n**CVSS Environmental Score:** *Undefined \n**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L\n\n## Affected Products and Versions\n\nQRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4\n\nQRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \n_QRadar / QRM / QVM / QRIF / QNI_\n\n| \n\n_7.3.1 Patch 4_\n\n| \n\n_None_\n\n| [QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&function=fixId&fixids=7.3.1-QRADAR-QRSIEM-20180720020816&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n_QRadar / QRM / QVM / QRIF / QNI_\n\n| \n\n_7.2.8 Patch 11_\n\n| \n\n_None_\n\n| [QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.8-QRADAR-QRSIEM-20180416164940&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-08-15T16:28:10", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2657", "CVE-2018-2678"], "modified": "2018-08-15T16:28:10", "id": "DEFEFB2B26B8AC90E2498D0927E571DF52F00DC6BF2D8D922349E48989CEC0DF", "href": "https://www.ibm.com/support/pages/node/719115", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:53:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8, Service Refresh 5 used by IBM Streams. IBM Streams has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2599_](<https://vulners.com/cve/CVE-2018-2599>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137851_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137851>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) \n** \nCVEID: **[_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2629_](<https://vulners.com/cve/CVE-2018-2629>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JGSS component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137880_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137880>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2641_](<https://vulners.com/cve/CVE-2018-2641>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded AWT component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137893_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137893>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2582_](<https://vulners.com/cve/CVE-2018-2582>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Hotspot component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137836_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137836>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n** \nCVEID: **[_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * IBM Streams Version 4.2.1.3 and earlier \n * IBM InfoSphere Streams Version 4.1.1.5 and earlier \n * IBM InfoSphere Streams Version 4.0.1.5 and earlier \n * IBM InfoSphere Streams Version 3.2.1.6 and earlier \n * IBM InfoSphere Streams Version 3.1.0.8 and earlier \n * IBM InfoSphere Streams Version 3.0.0.6 and earlier\n\n## Remediation/Fixes\n\n**NOTE:** Fix Packs are available on IBM Fix Central. \n \nTo remediate/fix this issue, follow the instructions below: \n\n * Version 4.2.x: Apply [_4.2.1 Fix Pack 4 (4.2.1.4) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>).\n * Version 4.1.x: Apply [_4.1.1 Fix Pack 6 (4.1.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>).\n * Version 4.0.x: Apply [_4.0.1 Fix Pack 6 (4.0.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>).\n * Versions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T14:20:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Streams", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-16T14:20:00", "id": "D3FEAA2DA6A2E0603EB01D2A6B4656C251C272EE79F4EAC14B510DF21E388FC4", "href": "https://www.ibm.com/support/pages/node/570185", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-06-28T22:12:26", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2633_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n\n**CVEID:** [_CVE-2018-2634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2657_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2603_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2602_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2018-2678_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2677_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2663_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2018-2588_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2579_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID:** [_CVE-2018-1417_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected: \nIBM InfoSphere Information Server: versions 9.1, 11.3, 11.5 and 11.7 \nIBM InfoSphere Information Server on Cloud: version 11.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nInfoSphere Information Server| 11.7| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR59198_ISF_services_engine_*>) \nInfoSphere Information Server, Information Server on Cloud| 11.5| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR59198_ISF_services_engine_*>) \nInfoSphere Information Server| 11.3| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR59198_ISF_services_engine_*>) \nInfoSphere Information Server| 9.1| [_JR59198_](<http://www.ibm.com/support/docview.wss?uid=swg1JR59198>)| \\--Upgrade to a new release \n \n## Workarounds and Mitigations\n\n**None**\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin_](<http://www.ibm.com/support/docview.wss?uid=swg22006695>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n08 May 2018: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1;11.5;11.3;11.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}},{\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.1;11.5;11.3;11.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-16T14:19:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-16T14:19:47", "id": "274251E99258A9645E690CE61A163F27CE228E7CDE12E000F53A4CC38F801747", "href": "https://www.ibm.com/support/pages/node/569159", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:48:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 and Version 8 used by Rational Directory Server (Tivoli) and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in January 2018. Upgrade the JRE in order to resolve these issues. \n\n## Vulnerability Details\n\nRational Directory Server &amp; Rational Directory Administrator are affected by the following vulnerabilities: \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2663_](<https://vulners.com/cve/CVE-2018-2663>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137917_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137917>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2677_](<https://vulners.com/cve/CVE-2018-2677>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE AWT component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137932_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137932>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2678_](<https://vulners.com/cve/CVE-2018-2678>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137933_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137933>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2657_](<https://vulners.com/cve/CVE-2018-2657>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE, Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137910_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137910>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability related to the Java SE JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-1417_](<https://vulners.com/cve/CVE-2018-1417>)** \nDESCRIPTION:** Under certain circumstances, a flaw in the J9 JVM allows untrusted code running under a security manager to elevate its privileges. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/138823_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/138823>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nRational Directory Server (Tivoli) v5.2.1 iFix 13 and earlier. \n\nRational Directory Administrator v6.0.0.2 iFix 06 and earlier.\n\n## Remediation/Fixes\n\n1\\. Download one of the following IBM JREs supported versions that contain the fixes for these vulnerabilities: \n\n * [IBM Java Runtime Environment, Version 7 R1 Service Refresh 4 Fix Pack 20](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-71SR4FP20&source=SAR>)\n * [IBM Java Runtime Environment, Version 8 Service Refresh 5 Fix Pack 10](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FIBM+Rational+Directory+Server&fixids=5.2.1-RDS-JRE-8SR5FP10&source=SAR>)\n \n2\\. After downloading a fixed IBM JRE version, refer the following technote for JRE upgrade instructions: \n\n * [JRE Upgrade Instructions for Rational Directory Server (Tivoli) 5.2.1](<http://www-01.ibm.com/support/docview.wss?uid=swg22015993>)\n * [JRE Upgrade Instructions for Rational Directory Administrator 6.0.0.x](<http://www-01.ibm.com/support/docview.wss?uid=swg22016277>)\n_For versions of Rational Directory Server that are earlier than version 5.2.1, and Rational Directory Administrator versions earlier than 6.0.0.2, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-17T05:28:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-17T05:28:24", "id": "AFFC7C2B1ABE9852D258219A53CFB1F17D149F2B1D35A4D17CD1C5151D6E156C", "href": "https://www.ibm.com/support/pages/node/570643", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T05:55:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR10 FP15 used by WebSphere Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in January and April 2018.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2018-2783_](<https://vulners.com/cve/CVE-2018-2783>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Security component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141939_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N) \n\n**CVEID:** [_CVE-2018-2794_](<https://vulners.com/cve/CVE-2018-2794>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, JRockit Security component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 7.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141950_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141950>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2018-2790_](<https://vulners.com/cve/CVE-2018-2790>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/141946_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141946>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)\n\n \n \n**CVEID:** [_CVE-2018-2579_](<https://vulners.com/cve/CVE-2018-2579>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137833_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137833>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2018-2588_](<https://vulners.com/cve/CVE-2018-2588>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit LDAP component could allow an authenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137841_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137841>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2602_](<https://vulners.com/cve/CVE-2018-2602>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded I18n component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact. \nCVSS Base Score: 4.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137854_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137854>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2018-2603_](<https://vulners.com/cve/CVE-2018-2603>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137855_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137855>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2018-2618_](<https://vulners.com/cve/CVE-2018-2618>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JCE component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137870_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137870>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2634_](<https://vulners.com/cve/CVE-2018-2634>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded JGSS component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137886_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137886>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2018-2637_](<https://vulners.com/cve/CVE-2018-2637>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JMX component could allow an unauthenticated attacker to cause high confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137889_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137889>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\n**CVEID:** [_CVE-2018-2633_](<https://vulners.com/cve/CVE-2018-2633>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JNDI component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/137885_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/137885>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.1.0, 7.5.0.1, 7.5.0.0 \nWebSphere Cast Iron v 7.0.0.2, 7.0.0.1, 7.0.0.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nCast Iron Appliance| 7.5.1.0 \n7.5.0.1 \n7.5.0.0| LI80072| [7.5.1.0-CUMUIFIX-021](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.scrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.vcrypt2,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-linux,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.32bit.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.sc-win,7.5.1.0-WS-WCI-20180604-1919_H7_64-CUMUIFIX-021.docker,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.32bit.studio,7.5.1.0-WS-WCI-20180604-1920_H11_64-CUMUIFIX-021.studio&includeSupersedes=0>) \nCast Iron Appliance| 7.0.0.2 \n7.0.0.1 \n7.0.0.0| LI80072| [7.0.0.2-CUMUIFIX-041](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.scrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.vcrypt2,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.32bit.sc-win,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-linux,7.0.0.2-WS-WCI-20180604-1919_H8_64-CUMUIFIX-041.sc-win,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.32bit.studio,7.0.0.2-WS-WCI-20180604-1920_H9_64-CUMUIFIX-041.studio&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-15T07:09:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Cast Iron", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794"], "modified": "2018-06-15T07:09:25", "id": "792281EDAE598F9BD5CFF8654A4B0CA05F1A44F2380D7DE34DBDFB2038BF2404", "href": "https://www.ibm.com/support/pages/node/571891", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es):\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-25T14:45:12", "type": "redhat", "title": "(RHSA-2018:1975) Moderate: java-1.8.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-06-25T14:46:08", "id": "RHSA-2018:1975", "href": "https://access.redhat.com/errata/RHSA-2018:1975", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es):\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-05-24T18:29:32", "type": "redhat", "title": "(RHSA-2018:1721) Important: java-1.8.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-05-24T18:32:59", "id": "RHSA-2018:1721", "href": "https://access.redhat.com/errata/RHSA-2018:1721", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es):\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-05-24T18:29:43", "type": "redhat", "title": "(RHSA-2018:1724) Important: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-06-07T14:21:51", "id": "RHSA-2018:1724", "href": "https://access.redhat.com/errata/RHSA-2018:1724", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es):\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-05-24T18:29:34", "type": "redhat", "title": "(RHSA-2018:1722) Important: java-1.8.0-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-06-07T14:21:52", "id": "RHSA-2018:1722", "href": "https://access.redhat.com/errata/RHSA-2018:1722", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es):\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-05-24T18:29:41", "type": "redhat", "title": "(RHSA-2018:1723) Important: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-05-24T18:34:18", "id": "RHSA-2018:1723", "href": "https://access.redhat.com/errata/RHSA-2018:1723", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es):\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.7, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-25T14:45:00", "type": "redhat", "title": "(RHSA-2018:1974) Moderate: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2018-06-25T14:46:02", "id": "RHSA-2018:1974", "href": "https://access.redhat.com/errata/RHSA-2018:1974", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-08-04T12:29:22", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-01-18T21:10:33", "type": "redhat", "title": "(RHSA-2018:0100) Important: java-1.7.0-oracle security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "modified": "2018-06-07T14:20:31", "id": "RHSA-2018:0100", "href": "https://access.redhat.com/errata/RHSA-2018:0100", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2018-2641)\n\n* It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633)\n\n* The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634)\n\n* It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637)\n\n* It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588)\n\n* It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599)\n\n* It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602)\n\n* It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603)\n\n* It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618)\n\n* It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629)\n\n* It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\n\n* It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-02-26T17:04:14", "type": "redhat", "title": "(RHSA-2018:0349) Important: java-1.7.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-07T14:22:41", "id": "RHSA-2018:0349", "href": "https://access.redhat.com/errata/RHSA-2018:0349", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-19T17:05:19", "type": "redhat", "title": "(RHSA-2018:1191) Critical: java-1.8.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-04-19T17:12:58", "id": "RHSA-2018:1191", "href": "https://access.redhat.com/errata/RHSA-2018:1191", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 181.\n\nSecurity Fix(es):\n\n* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-23T17:10:25", "type": "redhat", "title": "(RHSA-2018:1206) Critical: java-1.7.0-oracle security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-06-07T14:20:34", "id": "RHSA-2018:1206", "href": "https://access.redhat.com/errata/RHSA-2018:1206", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 6 to version 6 Update 181.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-01-22T20:29:11", "type": "redhat", "title": "(RHSA-2018:0115) Important: java-1.6.0-sun security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-07T14:20:33", "id": "RHSA-2018:0115", "href": "https://access.redhat.com/errata/RHSA-2018:0115", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nNote: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-19T16:16:20", "type": "redhat", "title": "(RHSA-2018:1188) Critical: java-1.8.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-06-07T14:22:57", "id": "RHSA-2018:1188", "href": "https://access.redhat.com/errata/RHSA-2018:1188", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es):\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* Oracle JDK: unspecified vulnerability fixed in 7u171, 8u161, and 9.0.4 (JavaFX) (CVE-2018-2581)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* OpenJDK: GSS context use-after-free (JGSS, 8186212) (CVE-2018-2629)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-06-07T15:54:13", "type": "redhat", "title": "(RHSA-2018:1812) Important: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-09T10:12:00", "id": "RHSA-2018:1812", "href": "https://access.redhat.com/errata/RHSA-2018:1812", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es):\n\n* OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-03-14T15:08:27", "type": "redhat", "title": "(RHSA-2018:0521) Important: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-06-07T14:21:38", "id": "RHSA-2018:0521", "href": "https://access.redhat.com/errata/RHSA-2018:0521", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-30T15:25:23", "type": "redhat", "title": "(RHSA-2018:1270) Important: java-1.7.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-06-07T14:21:51", "id": "RHSA-2018:1270", "href": "https://access.redhat.com/errata/RHSA-2018:1270", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit.\n\nSecurity Fix(es):\n\n* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-05-02T21:05:42", "type": "redhat", "title": "(RHSA-2018:1278) Important: java-1.7.0-openjdk security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-05-02T21:11:45", "id": "RHSA-2018:1278", "href": "https://access.redhat.com/errata/RHSA-2018:1278", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 181.\n\nSecurity Fix(es):\n\n* OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814)\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-04-23T16:33:15", "type": "redhat", "title": "(RHSA-2018:1201) Critical: java-1.7.0-oracle security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2018-04-23T16:56:29", "id": "RHSA-2018:1201", "href": "https://access.redhat.com/errata/RHSA-2018:1201", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-04T12:29:22", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP20.\n\nSecurity Fix(es):\n\n* OpenJDK: insufficient validation of the invokeinterface instruction (Hotspot, 8174962) (CVE-2018-2582)\n\n* OpenJDK: LDAPCertStore insecure handling of LDAP referrals (JNDI, 8186606) (CVE-2018-2633)\n\n* OpenJDK: use of global credentials for HTTP/SPNEGO (JGSS, 8186600) (CVE-2018-2634)\n\n* OpenJDK: SingleEntryRegistry incorrect setup of deserialization filter (JMX, 8186998) (CVE-2018-2637)\n\n* OpenJDK: GTK library loading use-after-free (AWT, 8185325) (CVE-2018-2641)\n\n* OpenJDK: LdapLoginModule insufficient username encoding in LDAP query (LDAP, 8178449) (CVE-2018-2588)\n\n* OpenJDK: DnsClient missing source port randomization (JNDI, 8182125) (CVE-2018-2599)\n\n* OpenJDK: loading of classes from untrusted locations (I18n, 8182601) (CVE-2018-2602)\n\n* OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387) (CVE-2018-2603)\n\n* OpenJDK: insufficient strength of key agreement (JCE, 8185292) (CVE-2018-2618)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u181 and 7u171 (Serialization) (CVE-2018-2657)\n\n* OpenJDK: ArrayBlockingQueue deserialization to an inconsistent state (Libraries, 8189284) (CVE-2018-2663)\n\n* OpenJDK: unbounded memory allocation during deserialization (AWT, 8190289) (CVE-2018-2677)\n\n* OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142) (CVE-2018-2678)\n\n* OpenJDK: unsynchronized access to encryption key data (Libraries, 8172525) (CVE-2018-2579)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2018-03-07T10:00:22", "type": "redhat", "title": "(RHSA-2018:0458) Important: java-1.7.1-ibm security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1417", "CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2018-05-04T20:27:29", "id": "RHSA-2018:0458", "href": "https://access.redhat.com/errata/RHSA-2018:0458", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-19T14:19:14", "description": "This update for java-1_7_0-ibm provides the following fixes: The version was updated to 7.0.10.20 [bsc#1082810] :\n\n - Following security issues were fixed :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl &Atilde;&cent;&Acirc;&#128;&Acirc;&#147;\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-12T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0645-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_0-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc"], "id": "SUSE_SU-2018-0645-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0645-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107288);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2018:0645-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_0-ibm provides the following fixes: The\nversion was updated to 7.0.10.20 [bsc#1082810] :\n\n - Following security issues were fixed :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n &Atilde;&cent;&Acirc;&#128;&Acirc;&#147;\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180645-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?45cb336f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-java-1_7_0-ibm-13503=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-java-1_7_0-ibm-13503=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-devel-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"java-1_7_0-ibm-jdbc-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-alsa-1.7.0_sr10.20-65.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"java-1_7_0-ibm-plugin-1.7.0_sr10.20-65.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_0-ibm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:08", "description": "An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-05-25T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.7.1-ibm (RHSA-2018:1723)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-1723.NASL", "href": "https://www.tenable.com/plugins/nessus/110117", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1723. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110117);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\");\n script_xref(name:\"RHSA\", value:\"2018:1723\");\n\n script_name(english:\"RHEL 7 : java-1.7.1-ibm (RHSA-2018:1723)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores\n(Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and\n8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of\nmultiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nPriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nTabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nContainer (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nNamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)\n(CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest\n(Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1723\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.3.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.3.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:47", "description": "An update for java-1.7.1-ibm is now available for Red Hat Satellite 5.6 and Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-06-26T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.1-ibm (RHSA-2018:1974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1974.NASL", "href": "https://www.tenable.com/plugins/nessus/110692", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1974. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110692);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\");\n script_xref(name:\"RHSA\", value:\"2018:1974\");\n\n script_name(english:\"RHEL 6 : java-1.7.1-ibm (RHSA-2018:1974)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Satellite\n5.6 and Red Hat Satellite 5.7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores\n(Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and\n8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of\nmultiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nPriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nTabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nContainer (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nNamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)\n(CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest\n(Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2800\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.7.1-ibm and / or java-1.7.1-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1974\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.3.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:21", "description": "An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-05-25T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2022-01-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1722.NASL", "href": "https://www.tenable.com/plugins/nessus/110116", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1722. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110116);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/28\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\");\n script_xref(name:\"RHSA\", value:\"2018:1722\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-ibm (RHSA-2018:1722)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores\n(Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and\n8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of\nmultiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nPriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nTabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nContainer (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nNamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)\n(CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest\n(Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1722\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-plugin-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-plugin-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.2.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:26", "description": "An update for java-1.7.1-ibm is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-05-25T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.7.1-ibm (RHSA-2018:1724)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2022-01-28T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1724.NASL", "href": "https://www.tenable.com/plugins/nessus/110118", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1724. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110118);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/28\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\");\n script_xref(name:\"RHSA\", value:\"2018:1724\");\n\n script_name(english:\"RHEL 6 : java-1.7.1-ibm (RHSA-2018:1724)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.1-ibm is now available for Red Hat Enterprise\nLinux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 7 Release 1 includes the IBM Java Runtime\nEnvironment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP25.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores\n(Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and\n8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of\nmultiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nPriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nTabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nContainer (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nNamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)\n(CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest\n(Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.1-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1724\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-demo-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-devel-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-jdbc-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-plugin-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.1-ibm-src-1.7.1.4.25-1jpp.2.el6_9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.1-ibm / java-1.7.1-ibm-demo / java-1.7.1-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:21", "description": "An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-05-25T00:00:00", "type": "nessus", "title": "RHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-1721.NASL", "href": "https://www.tenable.com/plugins/nessus/110115", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1721. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110115);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\");\n script_xref(name:\"RHSA\", value:\"2018:1721\");\n\n script_name(english:\"RHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-ibm is now available for Red Hat Enterprise\nLinux 7 Supplementary.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores\n(Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and\n8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of\nmultiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nPriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nTabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nContainer (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nNamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)\n(CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest\n(Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2800\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1721\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-demo-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-jdbc-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-plugin-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.5.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-src-1.8.0.5.15-1jpp.5.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:58", "description": "An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2018-06-29T00:00:00", "type": "nessus", "title": "RHEL 6 : java-1.8.0-ibm (RHSA-2018:1975)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2018-1975.NASL", "href": "https://www.tenable.com/plugins/nessus/110793", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:1975. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110793);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/10/24 15:35:45\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\");\n script_xref(name:\"RHSA\", value:\"2018:1975\");\n\n script_name(english:\"RHEL 6 : java-1.8.0-ibm (RHSA-2018:1975)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.8.0-ibm is now available for Red Hat Satellite\n5.8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nIBM Java SE version 8 includes the IBM Java Runtime Environment and\nthe IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 8 to version 8 SR5-FP15.\n\nSecurity Fix(es) :\n\n* OpenJDK: unrestricted deserialization of data from JCEKS key stores\n(Security, 8189997) (CVE-2018-2794)\n\n* Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and\n8u161 (Security) (CVE-2018-2783)\n\n* OpenJDK: insufficient consistency checks in deserialization of\nmultiple classes (Security, 8189977) (CVE-2018-2795)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nPriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nTabularDataSupport (JMX, 8189985) (CVE-2018-2797)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nContainer (AWT, 8189989) (CVE-2018-2798)\n\n* OpenJDK: unbounded memory allocation during deserialization in\nNamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799)\n\n* OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)\n(CVE-2018-2800)\n\n* OpenJDK: incorrect merging of sections in the JAR manifest\n(Security, 8189969) (CVE-2018-2790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:1975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2796\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2798\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2800\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected java-1.8.0-ibm and / or java-1.8.0-ibm-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:1975\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-1.8.0.5.15-1jpp.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.8.0-ibm-devel-1.8.0.5.15-1jpp.2.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.8.0-ibm / java-1.8.0-ibm-devel\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:19", "description": "This update for java-1_7_1-ibm fixes the following issues: The version was updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR 110991601735. [bsc#966304]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0694-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0694-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108400", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0694-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108400);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0694-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issues: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed symlinks to policy files on update [bsc#1085018]\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180694-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95900a6d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-475=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-475=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-475=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-475=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.12.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.12.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:05", "description": "This update for java-1_7_1-ibm provides the following fix: The version was updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl &Atilde;&cent;&Acirc;&#128;&Acirc;&#147;\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-08T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0630-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107213", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0630-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107213);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0630-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm provides the following fix: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl\n &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions\n are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl\n &Atilde;&cent;&Acirc;&#128;&Acirc;&#147; Bad sessions\n are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl - Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl\n &Atilde;&cent;&Acirc;&#128;&Acirc;&#147;\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180630-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d88d6af2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-java-1_7_1-ibm-13500=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-java-1_7_1-ibm-13500=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-26.13.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-26.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:02", "description": "This update for java-1_7_1-ibm fixes the following issue: The version was updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582 CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603 CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677 CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant dot when converted from BigDecimal with 0 on all platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl -- SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI error with stash, JKS Chain issue and JVM argument parse issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString() throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to allow Java jnlp files run from Firefox. [bsc#1057460, bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and for SUSEs SR 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the proper file system locations. Without those symlinks, several OES iManager plugins did not function properly.\n [bsc#1085018]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2582", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:java-1_7_1-ibm", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc", "p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0743-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108482", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0743-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108482);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2582\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\");\n\n script_name(english:\"SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2018:0743-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for java-1_7_1-ibm fixes the following issue: The version\nwas updated to 7.1.4.20 [bsc#1082810]\n\n - Security fixes :\n\n - CVE-2018-2633 CVE-2018-2637 CVE-2018-2634 CVE-2018-2582\n CVE-2018-2641 CVE-2018-2618 CVE-2018-2657 CVE-2018-2603\n CVE-2018-2599 CVE-2018-2602 CVE-2018-2678 CVE-2018-2677\n CVE-2018-2663 CVE-2018-2588 CVE-2018-2579\n\n - Defect fixes :\n\n - IJ04281 Class Libraries: Startup time increase after\n applying apar IV96905\n\n - IJ03822 Class Libraries: Update timezone information to\n tzdata2017c\n\n - IJ03605 Java Virtual Machine: Legacy security for\n com.ibm.jvm.dump, trace, log was not enabled by default\n\n - IJ03607 JIT Compiler: Result String contains a redundant\n dot when converted from BigDecimal with 0 on all\n platforms\n\n - IX90185 ORB: Upgrade ibmcfw.jar to version O1800.01\n\n - IJ04282 Security: Change in location and default of\n jurisdiction policy files\n\n - IJ03853 Security: IBMCAC provider does not support\n SHA224\n\n - IJ02679 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ02706 Security: IBMPKCS11Impl -- Bad sessions are\n being allocated internally\n\n - IJ03552 Security: IBMPKCS11Impl -- Config file problem\n with the slot specification attribute\n\n - IJ01901 Security: IBMPKCS11Impl --\n SecureRandom.setSeed() exception\n\n - IJ03801 Security: Issue with same DN certs, iKeyman GUI\n error with stash, JKS Chain issue and JVM argument parse\n issue with iKeyman\n\n - IJ03256 Security: javax.security.auth.Subject.toString()\n throws NPE\n\n - IJ02284 JIT Compiler: Division by zero in JIT compiler\n\n - SUSE fixes :\n\n - Make it possible to run Java jnlp files from Firefox.\n (bsc#1057460)\n\n - Fixed jpackage-java-1_7_1-ibm-webstart.desktop file to\n allow Java jnlp files run from Firefox. [bsc#1057460,\n bsc#1076390]\n\n - Fix javaws segfaults when java expiration timer has\n elapsed. [bsc#929900]\n\n - Provide IBM Java updates for IBMs PMR 55931,671,760 and\n for SUSEs SR 110991601735. [bsc#966304]\n\n - Ensure that all Java policy files are symlinked into the\n proper file system locations. Without those symlinks,\n several OES iManager plugins did not function properly.\n [bsc#1085018]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=929900\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=955131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2579/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2582/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2599/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2602/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2603/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2618/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2637/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2641/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2657/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2663/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2677/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-2678/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180743-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e573633\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-498=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-498=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2018-498=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-498=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-498=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-498=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-alsa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:java-1_7_1-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-devel-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-alsa-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"java-1_7_1-ibm-plugin-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-1.7.1_sr4.20-38.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"java-1_7_1-ibm-jdbc-1.7.1_sr4.20-38.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1_7_1-ibm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:49", "description": "The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.65 / 6.1 < 6.1.8.65 / 7.0 < 7.0.10.25 / 7.1 < 7.1.4.25 / 8.0 < 8.0.5.15. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle April 17 2018 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded:\n 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2783)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2790)\n\n - Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE, JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2794)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded:\n 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2795)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded:\n 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2796)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161;\n JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2797)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161;\n JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2798)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP).\n Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit:\n R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2799)\n\n - Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. (CVE-2018-2800)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2814)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). (CVE-2018-2826)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "IBM Java 6.0 < 6.0.16.65 / 6.1 < 6.1.8.65 / 7.0 < 7.0.10.25 / 7.1 < 7.1.4.25 / 8.0 < 8.0.5.15 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2826"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/a:ibm:java"], "id": "IBM_JAVA_2018_04_17.NASL", "href": "https://www.tenable.com/plugins/nessus/160357", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160357);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2018-2783\",\n \"CVE-2018-2790\",\n \"CVE-2018-2794\",\n \"CVE-2018-2795\",\n \"CVE-2018-2796\",\n \"CVE-2018-2797\",\n \"CVE-2018-2798\",\n \"CVE-2018-2799\",\n \"CVE-2018-2800\",\n \"CVE-2018-2814\",\n \"CVE-2018-2826\"\n );\n script_xref(name:\"IAVA\", value:\"2018-A-0119-S\");\n\n script_name(english:\"IBM Java 6.0 < 6.0.16.65 / 6.1 < 6.1.8.65 / 7.0 < 7.0.10.25 / 7.1 < 7.1.4.25 / 8.0 < 8.0.5.15 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"IBM Java is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of IBM Java installed on the remote host is prior to 6.0 < 6.0.16.65 / 6.1 < 6.1.8.65 / 7.0 < 7.0.10.25 /\n7.1 < 7.1.4.25 / 8.0 < 8.0.5.15. It is, therefore, affected by multiple vulnerabilities as referenced in the Oracle\nApril 17 2018 CPU advisory.\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded:\n 8u152; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network\n access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or\n complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and\n server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start\n applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the\n specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as\n through a web service. (CVE-2018-2783)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker. Successful attacks of this vulnerability can result in unauthorized\n update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This\n vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start\n applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the\n internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2018-2790)\n\n - Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported\n versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to\n exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Java SE,\n JRockit executes to compromise Java SE, JRockit. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, JRockit, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in takeover\n of Java SE, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be\n exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be\n exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start\n applications or sandboxed Java applets, such as through a web service. (CVE-2018-2794)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded:\n 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network\n access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This\n vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java\n Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2795)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent:\n Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded:\n 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network\n access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This\n vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java\n Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2796)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161;\n JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This\n vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java\n Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2797)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161;\n JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access\n via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This\n vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java\n Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2798)\n\n - Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP).\n Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit:\n R28.3.17. Easily exploitable vulnerability allows unauthenticated attacker with network access via\n multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This\n vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets.\n It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java\n Web Start applications or sandboxed Java applets, such as through a web service. (CVE-2018-2799)\n\n - Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions\n that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit\n vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise\n Java SE, JRockit. Successful attacks require human interaction from a person other than the attacker.\n Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to\n some of Java SE, JRockit accessible data as well as unauthorized read access to a subset of Java SE,\n JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the\n specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as\n through a web service. (CVE-2018-2800)\n\n - Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).\n Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161.\n Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple\n protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a\n person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may\n significantly impact additional products. Successful attacks of this vulnerability can result in takeover\n of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients\n running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code\n (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability\n does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code\n installed by an administrator). (CVE-2018-2814)\n\n - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version\n that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with\n network access via multiple protocols to compromise Java SE. Successful attacks require human interaction\n from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly\n impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE.\n Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web\n Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from\n the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java\n deployments, typically in servers, that load and run only trusted code (e.g., code installed by an\n administrator). (CVE-2018-2826)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06342\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06343\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06344\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06345\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06346\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06347\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06348\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06349\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www-01.ibm.com/support/docview.wss?uid=swg1IJ06351\");\n # https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities#Oracle_April_17_2018_CPU\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a34c814d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the Oracle April 17 2018 CPU advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-2783\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-2826\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:ibm:java\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ibm_java_nix_installed.nbin\", \"ibm_java_win_installed.nbin\");\n script_require_keys(\"installed_sw/Java\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_list = ['IBM Java'];\nvar app_info = vcf::java::get_app_info(app:app_list);\n\nvar constraints = [\n { 'min_version' : '6.0.0', 'fixed_version' : '6.0.16.65' },\n { 'min_version' : '6.1.0', 'fixed_version' : '6.1.8.65' },\n { 'min_version' : '7.0.0', 'fixed_version' : '7.0.10.25' },\n { 'min_version' : '7.1.0', 'fixed_version' : '7.1.4.25' },\n { 'min_version' : '8.0.0', 'fixed_version' : '8.0.5.15' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:23:21", "description": "An update for java-1.7.0-oracle is now available for Oracle Java for Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)", "cvss3": {}, "published": "2018-01-19T00:00:00", "type": "nessus", "title": "RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2579", "CVE-2018-2581", "CVE-2018-2588", "CVE-2018-2599", "CVE-2018-2602", "CVE-2018-2603", "CVE-2018-2618", "CVE-2018-2629", "CVE-2018-2633", "CVE-2018-2634", "CVE-2018-2637", "CVE-2018-2641", "CVE-2018-2657", "CVE-2018-2663", "CVE-2018-2677", "CVE-2018-2678", "CVE-2018-2783"], "modified": "2021-03-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src", "cpe:/o:redhat:enterprise_linux:6", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2018-0100.NASL", "href": "https://www.tenable.com/plugins/nessus/106183", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0100. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106183);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2018-2579\", \"CVE-2018-2581\", \"CVE-2018-2588\", \"CVE-2018-2599\", \"CVE-2018-2602\", \"CVE-2018-2603\", \"CVE-2018-2618\", \"CVE-2018-2629\", \"CVE-2018-2633\", \"CVE-2018-2634\", \"CVE-2018-2637\", \"CVE-2018-2641\", \"CVE-2018-2657\", \"CVE-2018-2663\", \"CVE-2018-2677\", \"CVE-2018-2678\", \"CVE-2018-2783\");\n script_xref(name:\"RHSA\", value:\"2018:0100\");\n\n script_name(english:\"RHEL 6 / 7 : java-1.7.0-oracle (RHSA-2018:0100)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for java-1.7.0-oracle is now available for Oracle Java for\nRed Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise\nLinux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nOracle Java SE version 7 includes the Oracle Java Runtime Environment\nand the Oracle Java Software Development Kit.\n\nThis update upgrades Oracle Java SE 7 to version 7 Update 171.\n\nSecurity Fix(es) :\n\n* This update fixes multiple vulnerabilities in the Oracle Java\nRuntime Environment and the Oracle Java Software Development Kit.\nFurther information about these flaws can be found on the Oracle Java\nSE Critical Patch Update Advisory page listed in the References\nsection. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599,\nCVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629,\nCVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641,\nCVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678)\"\n );\n # http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ae82f1b1\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.oracle.com/technetwork/java/javaseproducts/documentation/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2599\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2629\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2677\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-2783\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-javafx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.7.0-oracle-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x / 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0100\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el6_9\")) flag++;\n\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"i686\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-devel-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-javafx-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-jdbc-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-plugin-1.7.0.171-1jpp.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"java-1.7.0-oracle-src-1.7.0.171-1jpp.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"java-1.7.0-oracle / java-1.7.0-oracle-devel / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:28:33", "description": "It was discovered that the Security component of OpenJDK did not correctly perform merging of multiple sections for the same file listed in JAR archive file manifests. An attacker could possibly use this to modify attributes in a manifest without invalidating the signature. (CVE-2018-2790)\n\nFrancesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo Focardi discovered that the Security component of OpenJDK did not restrict which classes could be used when deserializing keys from the JCEKS key stores. An attacker could use this to specially craft a JCEKS key store to execute arbitrary code. (CVE-2018-2794)\n\nIt was discovered that the Security component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2795)\n\nIt was discovered that the Concurrency component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2796)\n\nIt was discovered that the JMX component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2797)\n\nIt was discovered that the AWT component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2798)\n\nIt was discovered that the JAXP component of OpenJDK in some situations did not properly limit the amount of memory allocated when performing deserialization. An attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2799)\n\nMoritz Bechler discovered that the RMI component of OpenJDK enabled HTTP transport for RMI servers by default. A remote attacker could use this to gain access to restricted services. (CVE-2018-2800)\n\nIt was discovered that a vulnerability existed in the Hotspot component of OpenJDK affecting confidentiality, data integrity, and availability. An attacker could use this to specially craft an Java application that caused a denial of service or bypassed sandbox restrictions. (CVE-2018-2814)\n\nApostolos Giannakidis discovered that the Serialization component of OpenJDK did not properly bound memory allocations in some situations.\nAn attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-2815)\n\nDavid Benjamin discovered a vulnerability in the Security component of OpenJDK related to data integrity and confidentiality. A remote attacker could possibly use this to expose sensitive information.\n(CVE-2018-2783).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-05-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 17.10 : OpenJDK 8 vulnerabilities (USN-3644-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-2783", "CVE-2018-2790", "CVE-2018-2794", "CVE-2018-2795", "CVE-2018-2796", "CVE-2018-2797", "CVE-2018-2798", "CVE-2018-2799", "CVE-2018-2800", "CVE-2018-2814", "CVE-2018-2815"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-headless", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-jamvm", "p-cpe:/a:canonical:ubuntu_linux:openjdk-8-jre-zero", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:17.10"], "id": "UBUNTU_USN-3644-1.NASL", "href": "https://www.tenable.com/plugins/nessus/109723", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3644-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109723);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-2783\", \"CVE-2018-2790\", \"CVE-2018-2794\", \"CVE-2018-2795\", \"CVE-2018-2796\", \"CVE-2018-2797\", \"CVE-2018-2798\", \"CVE-2018-2799\", \"CVE-2018-2800\", \"CVE-2018-2814\", \"CVE-2018-2815\");\n script_xref(name:\"USN\", value:\"3644-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 17.10 : OpenJDK 8 vulnerabilities (USN-3644-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Security component of OpenJDK did not\ncorrectly perform merging of multiple sections for the same file\nlisted in JAR archive file manifests. An attacker could possibly use\nthis to modify attributes in a manifest without invalidating the\nsignature. (CVE-2018-2790)\n\nFrancesco Palmarini, Marco Squarcina, Mauro Tempesta, and Riccardo\nFocardi discovered that the Security component of OpenJDK did not\nrestrict which classes could be used when deserializing keys from the\nJCEKS key stores. An attacker could use this to specially craft a\nJCEKS key store to execute arbitrary code. (CVE-2018-2794)\n\nIt was discovered that the Security component of OpenJDK in some\nsituations did not properly limit the amount of memory allocated when\nperforming deserialization. An attacker could use this to cause a\ndenial of service (memory exhaustion). (CVE-2018-2795)\n\nIt was discovered that the Concurrency component of OpenJDK in some\nsituations did not properly limit the amount of memory allocated when\nperforming deserialization. An attacker could use this to cause a\ndenial of service (memory exhaustion). (CVE-2018-2796)\n\nIt was discovered that the JMX component of OpenJDK in some situations\ndid not properly limit the amount of memory allocated when performing\ndeserialization. An attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-2797)\n\nIt was discovered that the AWT component of OpenJDK in some situations\ndid not properly limit the amount of memory allocated when performing\ndeserialization. An attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2018-2798)\n\nIt was discovered that the JAXP component of OpenJDK in some\nsituations did not properly limit the amount of memory allocated when\nperforming deserialization. An attacker could use this to cause a\ndenial of service (memory exhaustion). (CVE-2018-2799)\n\nMoritz Bechler discovered that the RMI component of OpenJDK enabled\nHTTP transport for RMI servers by default. A remote attacker could use\nthis to gain access to restricted services. (CVE-2018-2800)\n\nIt was discovered that a vulnerability existed in the Hotspot\ncomponent of OpenJDK affecting confidentiality, data integrity, and\navailability. An attacker could use this to specially craft an Java\napplication that caused a denial of service or bypassed sandbox\nrestrictions. (CVE-2018-2814)\n\nApostolos Giannakidis discovered that the Serialization component of\nOpenJDK did not properly bound memory allocations in some situations.\nAn attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2018-2815)\n\nDavid Benjamin discovered a vulnerability in the Security component of\nOpenJDK related to data integrity and confidentiality. A remote\nattacker could possibly use this to expose sensitive information.\n(CVE-2018-2783).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set