There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 5 and 6, and in IBM® Runtime Environment Java™ Technology Edition, Version 5 that is used by affect IBM Tivoli Security Policy Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015.
CVEID: CVE-2015-0410 **
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID: CVE-2015-0400 **
DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100149 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-6593 **
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
· IBM Tivoli Security Policy Manager versions 7.0 and 7.1
IBM Tivoli Security Policy Manager (TSPM) is affected through IBM WebSphere Application Server. If you are running TSPM with one of the affected versions of WebSphere, update your IBM WebSphere Application Server SDK with the appropriate Interim Fix based on information in the WebSphere security bulletin (Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU).
Product Version | WebSphere version |
---|---|
TSPM 7.1 | WAS 6.1 |
WAS 7.0 | |
WAS 8.0 | |
TSPM 7.0 | WAS 6.1 |
WAS 7.0 |
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli security policy manager | eq | 7.0 | |
tivoli security policy manager | eq | 7.1 |