Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM59CF8A5EB8751881BDA21BCDFDB3B5D62845FD7742EDB97A7E0AAFDDC98C603F
HistoryFeb 26, 2020 - 6:33 p.m.

Security Bulletin: IBM Sterling Connect:Direct Browser affected by a vulnerability in IBM Runtime Environment, Java™ Technology Edition (CVE-2014-0411)

2020-02-2618:33:49
www.ibm.com
20

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

Summary

IBM Sterling Connect:Direct Browser is shipped with IBM Runtime Environment, Java™ Technology Edition (the “IBM RE”), that is based on an Oracle Java Runtime Environment (JRE). Oracle has released the January 2014 critical patch updates (CPU) that contain security vulnerability fixes for the JRE. The IBM RE has been updated to incorporate these fixes and security fixes that are specific to the IBM RE. IBM Sterling Connect:Direct Browser is affected by one of the vulnerabilities in the CPU, and the IBM RE shipped with IBM Sterling Connect:Direct Browser has been updated to remediate the vulnerability.

Vulnerability Details

CVE ID: CVE-2014-0411

DESCRIPTION:
An unspecified vulnerability in Oracle Java SE related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4.0
CVSS Temporal Score: See xfdb/http://xforce.iss.net/xforce/90357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N))

Affected Products and Versions

IBM Sterling Connect:Direct browser 1.5.0 through 1.5.0.2 iFix05
IBM Sterling Connect:Direct browser 1.4.0 through 1.4.11 iFix03

Remediation/Fixes

The recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available.

_Fix_* VRMF APAR How to acquire fix
iFix 6 1.5.0.2 N/A http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Connect+Direct+Browser&release=1.5.0.2&platform=All&function=all
iFix4 1.4.11 N/A https://www14.software.ibm.com/webapp/iwm/web/reg/signup.do?source=swg-SterlngLegacyreq&lang=en_US

Workarounds and Mitigations

None

Related

prion 1
ibm 51
f5 4
ubuntucve 1
cve 1
veracode 13
redhat 10
nessus 39
openvas 37
amazon 2
ubuntu 3
oraclelinux 3
centos 3
mageia 1
suse 5
aix 1
kaspersky 1
securityvulns 1
oracle 1
gentoo 1
prion
prion
Design/Logic Flaw
2014-01-15 16:08:00
ibm
ibm
Security Bulletin: Java vulnerability on IBM Storage DS8870 (CVE-2014-0411)
2018-06-18 00:08:25
Security Bulletin: Rational Developer for System z is affected due to vulnerabilities in IBM Java IBM SDK, Java Technology Edition - Jan 2014
2020-10-27 15:51:50
Security Bulletin: Java vulnerability on IBM FlashSystem V840 product model number AC0 node (CVE-2014-0411)
2018-06-18 00:08:26
f5
f5
SOL02004209 - Oracle Java vulnerability CVE-2014-0411
2015-12-30 00:00:00
K02004209 : Oracle Java vulnerability CVE-2014-0411
2015-12-30 00:00:00
K53146535 : Multiple Sun Java vulnerabilities
2015-12-31 00:00:00
ubuntucve
ubuntucve
CVE-2014-0411
2014-01-15 00:00:00
cve
cve
CVE-2014-0411
2014-01-15 16:08:00
veracode
veracode
Cryptography Key Leakage
2019-05-02 04:56:14
Sandbox Restrictions Bypass
2019-05-02 05:01:07
Sandbox Restrictions Bypass
2019-05-02 05:01:06
redhat
redhat
(RHSA-2014:0136) Important: java-1.5.0-ibm security update
2014-02-04 00:00:00
(RHSA-2014:0097) Important: java-1.6.0-openjdk security update
2014-01-27 00:00:00
(RHSA-2014:0026) Critical: java-1.7.0-openjdk security update
2014-01-15 00:00:00
nessus
nessus
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:0136)
2014-02-05 00:00:00
Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2124-1)
2014-02-28 00:00:00
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2014-283)
2014-02-05 00:00:00
openvas
openvas
CentOS Update for java CESA-2014:0097 centos5
2014-01-30 00:00:00
CentOS Update for java CESA-2014:0097 centos6
2014-01-30 00:00:00
Oracle: Security Advisory (ELSA-2014-0097)
2015-10-06 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2014-02-03 15:27:00
Critical: java-1.7.0-openjdk
2014-01-15 10:28:00
ubuntu
ubuntu
OpenJDK 6 regression
2014-04-08 00:00:00
OpenJDK 6 vulnerabilities
2014-02-27 00:00:00
OpenJDK 7 vulnerabilities
2014-01-23 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2014-01-27 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
java-1.7.0-openjdk security update
2014-01-14 00:00:00
centos
centos
java security update
2014-01-15 11:04:23
java security update
2014-01-15 11:16:34
java security update
2014-01-27 22:53:27
mageia
mageia
Updated java-1.7.0-openjdk package fixes multiple security vulnerabilities
2014-01-21 20:22:18
suse
suse
Security update for IBM Java 6 (important)
2014-03-26 18:04:12
Security update for IBM Java 6 (important)
2014-02-24 22:04:17
Security update for IBM Java 6 (important)
2014-02-20 20:04:38
aix
aix
AIX Java Multiple Vulnerabilities (Oracle Java 2014 CPU)
2014-03-06 13:24:59
kaspersky
kaspersky
KLA10511 Multiple vulnerabilities in Oracle products
2014-01-15 00:00:00
securityvulns
securityvulns
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
2014-05-05 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2014
2014-01-14 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON
Related for 59CF8A5EB8751881BDA21BCDFDB3B5D62845FD7742EDB97A7E0AAFDDC98C603F
prion1ibm51f54ubuntucve1cve1veracode13redhat10nessus39openvas37amazon2ubuntu3oraclelinux3centos3mageia1suse5aix1kaspersky1securityvulns1oracle1gentoo1