Security Bulletin: SmartCloud Orchestrator - Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition (CVE-2013-5802, CVE-2013-5772, CVE-2014-0411)

2018-06-1722:30:49

www.ibm.com

EPSS

0.1

Percentile

94.9%

JSON

Summary

IBM SmartCloud Orchestrator is shipped with an IBM SDK that is based on Oracle JDK. Oracle released October 2013 and January 2014 critical patch updates (CPU), which contain security vulnerability fixes. IBM SDK, Java™ Technology Edition, has been updated to include those fixes. The IBM SDK has also been updated to fix security vulnerabilities that are specific to the IBM SDK.

Vulnerability Details

CVEID: CVE-2013-5802
DESCRIPTION: An unspecified vulnerability in the Oracle Java SE, which is related to the JAXP component, has a partial confidentiality impact, partial integrity impact, and partial availability impact.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/87982> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/L:Au/N:C/P:I/P:A/P)

CVEID: CVE-2013-5772
DESCRIPTION**:*An unspecified vulnerability in the Oracle Java SE, which is related to the jhat component, has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 2.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/88007> for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/N:I/P:A/N)

CVEID: CVE-2014-0411
DESCRIPTION: An unspecified vulnerability in the Oracle Java SE, which is related to the JSSE component, has a partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/90357>_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV/N:AC/H:Au/N:C/P:I/P:A/N)