IBM448E4390E04D6E2C36559D91D19FD3E4C1CB68913397CF1819ED1328BD200A2BSecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2015-4872, CVE-2015-5006)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Summary
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.7 that is used by Rational Performance Tester. These issues were disclosed as part of the IBM Java SDK updates for October 2015.
Vulnerability Details
CVEID: CVE-2015-4872** **
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVEID: CVE-2015-5006** **
DESCRIPTION: IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106309 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
RPT version 8.2., 8.3., 8.5., 8.6., 8.7.*
Remediation/Fixes
It is strongly recommended to update to RPT version 9.0.
Workarounds and Mitigations
None.
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N