4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
Security vulnerability exists in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Community Edition 3.0.0.4.
CVE ID: CVE-2014-0411
DESCRIPTION: The vulnerability can be exploited over the ‘SSL/TLS’ protocol. This issue affects the ‘JSSE’ sub-component.
CVSS:
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357> for the current score
CVSS Environmental Score:* Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)
WebSphere Application Server Community Edition 3.0.0.4
Upgrade your SDK to an interim fix level as determined below:
IBM SDK 6.0:
Please upgrade your SDK to IBM SDK 6 SR15-FP1 or IBM SDK 6.0.1 SR7-FP1
IBM SDK 7.0:
Please upgrade your SDK to IBM SDK 7 SR6-FP1 or IBM SDK 7R1.
Kindly remind the client who uses Oracle SDK.
Oracle SDK 1.6:
Please upgrade your SDK to Oracle SDK 1.6.0_71.
Oracle SDK 1.7:
Please upgrade your SDK to Oracle SDK 1.7.0_51.
CPE | Name | Operator | Version |
---|---|---|---|
websphere application server community edition | eq | 3.0.0.4 |