There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 Service Refresh 6 Fix Pack 16 and earlier releases used by IBM Spectrum Symphony. IBM Spectrum Symphony has addressed the applicable CVEs.
CVEID:CVE-2020-14781
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-14803
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190121 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
CVEID:CVE-2020-27221
**DESCRIPTION:**Eclipse OpenJ9 is vulnerable to a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195353 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-2773
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179673 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Symphony | 7.3.1 |
IBM Spectrum Symphony | 7.3.0.1 |
IBM Spectrum Symphony | 7.3 |
IBM Spectrum Symphony| 7.2.1
IBM Spectrum Symphony| 7.2.0.2
Products | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Spectrum Symphony | 7.3.1 | P104161 | sym-7.3.1-build600324 |
IBM Spectrum Symphony | 7.3.0.1 | ||
P104160 | sym-7.3.0.1-build600323 | ||
IBM Spectrum Symphony | 7.3 | P104159 | sym-7.3-build600322 |
IBM Spectrum Symphony | 7.2.1 | P104158 | sym-7.2.1-build600321 |
IBM Spectrum Symphony | 7.2.0.2 | P104157 | sym-7.2.0.2-build600320 |
None