5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 8 that are used by IBM DB2 QMF for Workstation. These issues were disclosed as part of the IBM Java SDK updates in July 2015.
CVEID: CVE-2015-2613 DESCRIPTION: An unspecified vulnerability and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2601 DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2625 DESCRIPTION: An unspecified vulnerability related to the JSSE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104743 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Product
| VR|Remediation/First Fix
—|—|—
DB2 QMF for Workstation for z/OS| _11.1 _| Java JRE 8.0 SR1 FP10 from IBM Fix Central
DB2 QMF for Workstation Enterprise Edition| 11.1| Java JRE 8.0 SR1 FP10 from IBM Fix Central
DB2 QMF for Workstation Enterprise Edition| 10.1| Java JRE 6.0 SR16 FP7 from IBM Fix Central
None
CPE | Name | Operator | Version |
---|---|---|---|
db2 query management facility | eq | 10.1 | |
db2 query management facility | eq | 11.1 |