Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5B217885499AAC546E6A53F4B00F12183C8D124873A651C8331A3C6390E1B879
HistoryDec 22, 2020 - 5:41 p.m.

Security Bulletin: Unspecified Vulnerabilities in Rational Synergy (CVE-2012-0502,CVE-2012-0503,CVE-2012-0506,CVE-2012-0507,CVE-2011-3563,CVE-2012-0500,CVE-2012-0497,CVE-2012-0498,CVE-2012-0499,CVE-2012-0500,CVE-2012-0501,CVE-2012-0505,CVE-2011-5035)

2020-12-2217:41:28
www.ibm.com
13

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

Vulnerabilities in the Java Runtime Environment (JRE) 6 update 32 and earlier component shipped with IBM Rational Synergy may affect the security of the product.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    —|—

CVE ID:CVE-2012-0502

**Description:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT.

CVSS Base Score: 6.4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73193&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0503

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to I18n.

CVSS Base Score: 7.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73191&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0506

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to CORBA.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73196&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0507

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72513&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2011-3563

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound.

CVSS Base Score: 6.4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73194&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0500

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73188&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0497

DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D**.**

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73185&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0498

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73186&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

**CVE ID:**CVE-2012-0499

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73187&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0501

**DESCRIPTION:**Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote attackers to affect availability via unknown vectors.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73195&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2012-0505** **

DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment (JRE) component in JRE 6 Update 30 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.

CVSS Base Score: 7.5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/73192&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVE ID:CVE-2011-5035** **

**DESCRIPTION:**Rational Synergy computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/72015&gt; for the current score *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

Affected Products and Versions

Rational Synergy 7.2, 7.2.0.1, 7.2.0.2

Rational Synergy 7.1, 7.1.0.1, 7.1.0.2, 7.1.0.3, 7.1.0.4, 7.1.0.5

Remediation/Fixes

Rational Synergy 7.2: upgrade to Rational Synergy 7.2.0.3
Rational Synergy 7.1: upgrade to Rational Synergy 7.1.0.6

Workarounds and Mitigations

None

Related

veracode 10
nessus 37
suse 7
openvas 60
redhat 7
ibm 2
ubuntu 2
osv 1
oraclelinux 2
debian 1
centos 1
amazon 1
fedora 10
threatpost 2
securityvulns 2
seebug 4
prion 5
ubuntucve 8
cisa 1
debiancve 1
cve 10
zdi 1
checkpoint_advisories 6
packetstorm 2
saint 8
thn 3
cisa_kev 1
exploitpack 1
metasploit 2
canvas 1
veracode
veracode
Memory Corruption
2019-05-02 04:41:04
Memory Corruption
2019-05-02 04:41:05
Memory Corruption
2019-05-02 04:41:05
nessus
nessus
SuSE 10 Security Update : IBM Java 1.6.0 (ZYPP Patch Number 8094)
2012-05-10 00:00:00
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2012:0514)
2012-04-25 00:00:00
SuSE 11.1 Security Update : IBM Java 1.6.0 (SAT Patch Number 6225)
2013-01-25 00:00:00
suse
suse
Security update for IBM Java 1.6.0 (important)
2012-05-09 21:08:17
Security update for Java 1.6.0 (important)
2012-02-27 21:08:20
Security update for java-1_4_2-ibm-sap (important)
2012-08-21 19:08:40
openvas
openvas
Java Runtime Environment Multiple Vulnerabilities - Mac OS X
2012-04-09 00:00:00
Java Runtime Environment Multiple Vulnerabilities (MAC OS X)
2012-04-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0603-1)
2021-06-09 00:00:00
redhat
redhat
(RHSA-2012:0514) Critical: java-1.6.0-ibm security update
2012-04-24 00:00:00
(RHSA-2012:0139) Critical: java-1.6.0-sun security update
2012-02-16 00:00:00
(RHSA-2012:0135) Critical: java-1.6.0-openjdk security update
2012-02-14 00:00:00
ibm
ibm
Potential Security Vulnerabilities With JavaTM SDKs
2018-06-17 14:05:25
Security Bulletin: Tivoli Storage Productivity Center - Oracle CPU February 2012, June 2012
2022-08-19 18:23:31
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2012-02-24 00:00:00
OpenJDK 6 (ARM) vulnerabilities
2012-03-01 00:00:00
osv
osv
openjdk-6 - several
2012-02-28 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2012-02-15 00:00:00
java-1.6.0-openjdk security update
2012-02-28 00:00:00
debian
debian
[SECURITY] [DSA 2420-1] openjdk-6 security update
2012-02-28 20:11:47
centos
centos
java security update
2012-02-15 10:26:37
amazon
amazon
Critical: java-1.6.0-openjdk
2012-02-15 17:12:00
fedora
fedora
[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.3-2.1.fc17
2012-02-28 10:45:39
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
2012-09-19 03:03:35
[SECURITY] Fedora 16 Update: java-1.6.0-openjdk-1.6.0.0-68.1.11.5.fc16
2012-10-18 00:30:15
threatpost
threatpost
Mozilla Adds Older Java Versions to Firefox Blocklist
2012-04-03 13:25:06
Nepalese Government Sites Hacked, Serving Zegost Malware
2012-08-08 20:16:56
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2012-08-20 00:00:00
TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
2012-02-15 00:00:00
seebug
seebug
IBM Rational AppScan 8.x/7.x 多个安全漏洞
2012-06-16 00:00:00
Java Web Start Double Quote Injection Remote Code Execution
2014-07-01 00:00:00
Java AtomicReferenceArray Type Violation Vulnerability
2014-07-01 00:00:00
prion
prion
Design/Logic Flaw
2012-02-15 22:55:00
Buffer overflow
2011-12-30 01:55:00
Design/Logic Flaw
2012-02-15 22:55:00
ubuntucve
ubuntucve
CVE-2012-0498
2012-02-15 00:00:00
CVE-2011-5035
2011-12-29 00:00:00
CVE-2012-0500
2012-02-15 00:00:00
cisa
cisa
Apple Update for Java for OS X Lion and Mac OS X
2012-04-04 00:00:00
debiancve
debiancve
CVE-2011-5035
2011-12-30 01:55:00
cve
cve
CVE-2012-0498
2012-02-15 22:55:00
CVE-2012-5035
2022-08-04 13:01:49
CVE-2012-0499
2012-02-15 22:55:00
zdi
zdi
Oracle Java Runtime readMabCurveData nTblSize Remote Code Execution Vulnerability
2012-04-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Web Start Command Argument Injection Remote Code Execution (CVE-2012-0500)
2012-04-30 00:00:00
Oracle Java zip_util readCEN Stack Overflow (CVE-2012-0501)
2012-05-14 00:00:00
Oracle Java AtomicReferenceArray Sandbox Breach Code Execution - Ver2 (CVE-2012-0507)
2014-12-28 00:00:00
packetstorm
packetstorm
Sun Java Web Start Plugin Command Line Argument Injection (2012)
2012-02-24 00:00:00
Java AtomicReferenceArray Type Violation
2012-03-30 00:00:00
saint
saint
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
Java Web Start initial heap size command injection
2012-03-02 00:00:00
Java SE AtomicReferenceArray Unsafe Security Bypass
2012-03-30 00:00:00
thn
thn
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 14:48:00
New Java Exploits boosts BlackHole exploit kit
2012-04-01 19:36:00
New Mac Malware 'Dockster' Found on Dalai Lama site
2012-12-05 03:48:00
cisa_kev
cisa_kev
Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability
2022-03-03 00:00:00
exploitpack
exploitpack
Java - Web Start Double Quote Injection Remote Code Execution (Metasploit)
2013-06-11 00:00:00
metasploit
metasploit
Sun Java Web Start Double Quote Injection
2013-06-12 19:40:53
Java AtomicReferenceArray Type Violation Vulnerability
2012-03-29 15:31:14
canvas
canvas
Immunity Canvas: JAVA_ATOMICREFERENCEARRAY
2012-06-07 22:55:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 5B217885499AAC546E6A53F4B00F12183C8D124873A651C8331A3C6390E1B879
veracode10nessus37suse7openvas60redhat7ibm2ubuntu2osv1oraclelinux2debian1centos1amazon1fedora10threatpost2securityvulns2seebug4prion5ubuntucve8cisa1debiancve1cve10zdi1checkpoint_advisories6packetstorm2saint8thn3cisa_kev1exploitpack1metasploit2canvas1