5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
81.3%
Multiple vulnerabilities exisit in the IBM JRE used by System Storage DS8000. These were disclosed as part of the IBM Java SDK updates - July 2015
This release also enforces the removal of RC4 in IBM JAVA (CVE-2015-2808) also known as BarMitzva to ensure that no present or future releases can enable ciphers which use RC4. This is an additional safeguard.
CVEID: CVE-2015-2613**
DESCRIPTION:** An unspecified vulnerability and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2601**
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2625**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-1931**
DESCRIPTION:** IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/102967 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2808**
DESCRIPTION:** The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to remotely expose account credentials without requiring an active man-in-the-middle session. Successful exploitation could allow an attacker to retrieve credit card data or other sensitive information. This vulnerability is commonly referred to as “Bar Mitzvah Attack”.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/101851 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
DS8870, DS8800, DS87000 are all impacted by these vulnerabilities.
The patch release can be applied to the following minimum versions:
Customers with versions at levels below the the above minimum levels are advised to upgrade.
The following releases contain the remediation for the vulnerabilities.
Product | VRMF | APAR | Remediation/Fix |
---|---|---|---|
DS8870 | 87.51.23.0 (R7.5 SP2) | ||
11/9/2015 | |||
DS8870 | 87.41.42.0 (R7.4 SP4) | ||
11/9/2015 | |||
DS8800 | 86.31.184.0 | ||
11/9/2015 | |||
DS8700 | 76.31.159.0 | ||
11/9/2015 | |||
DS8700/8800/8870 | See above | CVE_4Q2015_v1.0 | 11/9/2015 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm ds8800 | eq | any | |
disk systems->ds8870 | eq | any | |
disk systems->ds8700 | eq | any | |
ibm ds8800 | eq | any |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.008 Low
EPSS
Percentile
81.3%