6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
The following security vulnerabilities have been identified in versions of IBM OpenPages with Application Server. See Vulnerability Details for CVE IDs.
Customers who have IBM OpenPages with Application Server are potentially impacted by the following vulnerabilities:
CVE ID | DESCRIPTION |
---|---|
CVE-2014-2480 | |
CVSS Base Score: 6.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94543> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the unspecified component has partial confidentiality impact, partial integrity impact, and partial availability impact |
CVE-2014-4255 | |
CVSS Base Score: 6.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94544> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Security and Policy component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
CVE-2014-2481 | |
CVSS Base Score: 6.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94542> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the unspecified component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
CVE-2014-4254 | |
CVSS Base Score: 6.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94545> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
CVE-2014-2479 | |
CVSS Base Score: 6.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94546> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
CVE-2014-4267 | |
CVSS Base Score: 6.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94547> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS Core Components component has partial confidentiality impact, partial integrity impact, and partial availability impact. |
CVE-2014-4256 | |
CVSS Base Score: 5.8 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94549> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Deployment component has partial confidentiality impact, partial integrity impact, and no availability impact. |
CVE-2014-4201 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94552> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to cause a denial of service. |
CVE-2014-4202 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94553> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to cause a denial of service. |
CVE-2014-4210 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94554> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component could allow a remote attacker to obtain sensitive information. |
CVE-2014-4253 | |
CVSS Base Score: 5 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94555> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) | An unspecified vulnerability in Oracle WebLogic Server related to the WebLogic Server JVM component could allow a remote attacker to cause a denial of service. |
CVE-2014-4217 | |
CVSS Base Score: 4.3 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94558> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has no confidentiality impact, partial integrity impact, and no availability impact. |
CVE-2014-4241 | |
CVSS Base Score: 4.3 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94559> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the WLS - Web Services component has no confidentiality impact, partial integrity impact, and no availability impact. |
CVE-2014-4242 | |
CVSS Base Score: 4.3 | |
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94557> for the current score | |
CVSS Environmental Score*: Undefined | |
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) | An unspecified vulnerability in Oracle WebLogic Server related to the Console component has no confidentiality impact, partial integrity impact, and no availability impact. |
IBM OpenPages with Application Server 6.2 through 7.0.
A fix has been created that can remediate all affected versions of the named product. Download and install the fix as soon as practical. The fix and installation instructions are available at the URL listed below:
Patch | Download URL |
---|---|
IBM OpenPages with Application Server IF 2 | <http://www.ibm.com/support/docview.wss?uid=swg24039136> |
No known workaround, please apply fix.
CPE | Name | Operator | Version |
---|---|---|---|
ibm openpages with watson | eq | 7.0 | |
ibm openpages with watson | eq | 6.2.1 | |
ibm openpages with watson | eq | 6.2 |