Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM5E3F2AA797C0DBBFE4FB4AD1FF5D8903589E4BB7DE390B11EEA3B7C52A0130F6
HistoryJun 17, 2018 - 3:15 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)

2018-06-1715:15:50
www.ibm.com
22

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in October 2015.

Vulnerability Details

CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-4734 DESCRIPTION: An unspecified vulnerability related to the JGSS component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-5006 DESCRIPTION: IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106309 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Tivoli Netcool/OMNIbus 7.3.0
Tivoli Netcool/OMNIbus 7.3.1
Tivoli Netcool/OMNIbus 7.4.0
Tivoli Netcool/OMNIbus 8.1.0

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
OMNIbus | 7.3.0.16| IV78816| <http://www-01.ibm.com/support/docview.wss?uid=swg24039352&gt;
OMNIbus| 7.3.1.15| IV78816| <http://www-01.ibm.com/support/docview.wss?uid=swg24041381&gt;
OMNIbus| 7.4.0.9| IV78816| <http://www-01.ibm.com/support/docview.wss?uid=swg24041382&gt;
OMNIbus | 8.1.0.6| IV78816| <http://www-01.ibm.com/support/docview.wss?uid=swg24041385&gt;

Workarounds and Mitigations

None

Related

ibm 104
prion 3
cve 3
veracode 3
debiancve 2
ubuntucve 2
f5 2
redhat 7
nessus 32
openvas 24
suse 7
aix 1
ubuntu 1
oraclelinux 2
centos 3
debian 1
amazon 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Functional Tester (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)
2018-09-29 20:06:32
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server that ships with WebSphere Enterprise Service Bus (CVE-2015-4872,CVE-2015-4734, CVE-2015-5006 )
2018-06-15 07:04:16
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server and Tivoli Netcool Performance Manager October 2015 CPU (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)
2018-06-17 15:13:58
prion
prion
Design/Logic Flaw
2015-12-07 20:59:00
Design/Logic Flaw
2015-10-21 23:59:00
Buffer overflow
2015-10-21 21:59:00
cve
cve
CVE-2015-5006
2015-12-07 20:59:00
CVE-2015-4872
2015-10-21 23:59:00
CVE-2015-4734
2015-10-21 21:59:00
veracode
veracode
Information Disclosure
2019-01-15 09:08:10
Information Disclosure
2019-05-02 05:19:47
Unspecified Vulnerability
2019-05-02 05:19:47
debiancve
debiancve
CVE-2015-4734
2015-10-21 21:59:00
CVE-2015-4872
2015-10-21 23:59:00
ubuntucve
ubuntucve
CVE-2015-4734
2015-10-21 00:00:00
CVE-2015-4872
2015-10-21 00:00:00
f5
f5
K93203055 : Java vulnerability CVE-2015-4872
2015-11-20 00:00:00
SOL93203055 - Java vulnerability CVE-2015-4872
2015-11-20 00:00:00
redhat
redhat
(RHSA-2015:2508) Critical: java-1.6.0-ibm security update
2015-11-23 00:00:00
(RHSA-2015:2506) Critical: java-1.7.1-ibm security update
2015-11-23 00:00:00
(RHSA-2015:2509) Critical: java-1.8.0-ibm security update
2015-11-23 12:28:59
nessus
nessus
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2015:2508)
2015-11-24 00:00:00
RHEL 5 : java-1.7.0-ibm (RHSA-2015:2507)
2015-11-24 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2015:2509)
2015-11-24 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:2268-1)
2021-04-19 00:00:00
RedHat Update for java-1.6.0-openjdk RHSA-2015:2086-01
2015-11-19 00:00:00
CentOS: Security Advisory for java (CESA-2015:2086)
2021-04-21 00:00:00
suse
suse
Security update for java-1_8_0-ibm (important)
2015-12-14 17:10:33
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:48
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:34:56
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2015-11-18 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-11-18 19:46:16
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:24:30
debian
debian
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
amazon
amazon
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON
Related for 5E3F2AA797C0DBBFE4FB4AD1FF5D8903589E4BB7DE390B11EEA3B7C52A0130F6
ibm104prion3cve3veracode3debiancve2ubuntucve2f52redhat7nessus32openvas24suse7aix1ubuntu1oraclelinux2centos3debian1amazon2