Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM b-type SAN Network Advisor (CVE-2016-0483, CVE-2016-0466, CVE-2016-0475)

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Network Advisor. These issues were disclosed as part of the IBM Java SDK updates in January 2016.

Vulnerability Details

CVEID: CVE-2016-0483

DESCRIPTION: An unspecified vulnerability related to the AWT component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109945 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0466

DESCRIPTION: An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.

CVSS Base Score: 5

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109948 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2016-0475

DESCRIPTION: An unspecified vulnerability related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5.8

CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109946 for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM Network Advisor prior to Release 14.0.2

Remediation/Fixes

Fixes are in IBM Network Advisor Release 14.0.2
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1009621

Workarounds and Mitigations

None