3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.1%
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool (LMT) and IBM BigFix Inventory (BFI). These issues were disclosed as part of the IBM Java SDK updates in April 2017.Fixes are already included in LMT and BFI version 9.2.8 or later.
CVEID: CVE-2017-3511**
DESCRIPTION:** An unspecified vulnerability related to the Java SE JCE component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 7.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/124890 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
IBM License Metric Tool v9 - application version < 9.2.8
IBM BigFix Inventory v9 - application version < 9.2.8
Upgrade LMT or BFI Server component to version 9.2.8 or later using the following procedure:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm license metric tool | eq | 9.2 |
3.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
7.7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
43.1%