Lucene search

K
ibmIBM53BCED365DBEB703C2EFA096921C6D5C691C8BAAB477F9F6CC2E22BBE5BE60BF
HistoryJul 24, 2020 - 10:49 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Sterling Connect:Direct FTP+ (CVE-2015-4872)

2020-07-2422:49:37
www.ibm.com
16

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 7.0.5.0 and 6.0.14.0, that are used by Sterling Connect:Direct FTP+. These issues were disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

CVEID: CVE-2015-4872** **
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107361&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

IBM Sterling Connect:Direct FTP+ 1.3.0

Remediation/Fixes

V.R.M

| APAR|Remediation
—|—|—
1.3.0| IT14195

IT14554| For all platforms except for HP-UX on Itanium, apply 1.3.0 Fix002, available on Fix Central.

For HP-UX on Itanium, apply 1.3.0 Fix003, available on Fix Central.

Workarounds and Mitigations

None

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N