Lucene search

IBM4BDD04259F9C817EF33E7639EDCC30564F0ABAA50D4ED30F0FA95C97C713937C

HistoryAug 19, 2022 - 11:26 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM License Metric Tool v9, IBM Endpoint Manager for Software Use Analysis v2.2 and IBM BigFix Inventory v9 (CVE-2015-4872)

2022-08-1923:26:06

www.ibm.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and 8 that are used in IBM License Metric Tool v9, IBM Endpoint Manager for Software Use Analysis v2.2 and IBM BigFix Inventory v9. These issues were disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM License Metric Tool v9
IBM Endpoint Manager for Software Use Analysis v2.2

IBM BigFix Inventory v9

Remediation/Fixes

IBM License Metric Tool v9 and IBM BigFix Inventory v9:

Upgrade to v9.2.3.0 or later, manually or with a fixlet.

IBM Endpoint Manager for Software Use Analysis v2.2:

Verify that your IBM Software Invntory site is at least version 69.
Run fixlet “Java update (1.6 SR16 FP15)” against machine hosting your IBM Endpoint Manager for Software Use Analysis v2.2 server.

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmlicense_metric_toolMatch9.0

ibmlicense_metric_toolMatch9.0.1

ibmlicense_metric_toolMatch9.1

ibmlicense_metric_toolMatch9.2

CPENameOperatorVersion
ibm license metric tooleq9.0
ibm license metric tooleq9.0.1
ibm license metric tooleq9.1
ibm license metric tooleq9.2

Name	Operator	Version
ibm license metric tool	eq	9.0
ibm license metric tool	eq	9.0.1
ibm license metric tool	eq	9.1
ibm license metric tool	eq	9.2

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for 4BDD04259F9C817EF33E7639EDCC30564F0ABAA50D4ED30F0FA95C97C713937C