5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There are multiple vulnerabilities in IBMョ Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console (DSWC). These issues were disclosed as part of the IBM Java SDK updates in January 2015.
CVE-ID:CVE-2014-6593
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE ID: CVE-2015-0410
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM Data Studio Web Console versions 3.1, 3.1.1, 3.2, 4.1 and 4.1.1**.**
The fix for this vulnerability requires the upgrade of the IBM Java Runtime that is installed with DSWC. Install one of the following IBM Java Runtime versions:
Detailed instructions are provided in the tech-note “Updating the IBM Runtime Environment, Java Technology Edition for IBM Data Studio web console”.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm data studio | eq | 3.1 | |
ibm data studio | eq | 3.1.1 | |
ibm data studio | eq | 3.2 | |
ibm data studio | eq | 4.1 | |
ibm data studio | eq | 4.1.0.1 | |
ibm data studio | eq | 4.1.1.0 |