9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
There are multiple vulnerabilities related to IBM® Runtime Environment Java™ Technology Edition which is used and shipped by different versions of IBM License Key Server Administration and Reporting Tool (ART) and Agent.
CVEID:CVE-2019-2933
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169238> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID:CVE-2019-2945
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.1
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169250> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-2958
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.9
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169264> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID:CVE-2019-2964
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169270> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169295> for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
CVEID:CVE-2019-17631
**DESCRIPTION:**Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to performs an authorization check when an actor attempts to access a resource or perform an action. An attacker could exploit this vulnerability to gain access to diagnostic operations such as causing a GC or creating a diagnostic file.
CVSS Base score: 8.4
CVSS Temporal Score: See: <https://exchange.xforce.ibmcloud.com/vulnerabilities/169513> for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM LKS Administration and Reporting Tool version 8.1.5
IBM LKS Administration and Reporting Tool version 8.1.5.1
IBM LKS Administration and Reporting Tool version 8.1.5.2
IBM LKS Administration and Reporting Tool version 8.1.5.3
IBM LKS Administration and Reporting Tool version 8.1.5.4
IBM LKS Administration and Reporting Tool version 8.1.5.5
IBM LKS Administration and Reporting Tool version 8.1.5.6
IBM LKS Administration and Reporting Tool version 8.1.6
IBM LKS Administration and Reporting Tool version 8.1.6.1
IBM LKS Administration and Reporting Tool version 8.1.6.2
IBM LKS Administration and Reporting Agent version 8.1.5
IBM LKS Administration and Reporting Agent version 8.1.5.1
IBM LKS Administration and Reporting Agent version 8.1.5.2
IBM LKS Administration and Reporting Agent version 8.1.5.3
IBM LKS Administration and Reporting Agent version 8.1.5.4
IBM LKS Administration and Reporting Agent version 8.1.5.5
IBM LKS Administration and Reporting Agent version 8.1.5.6
IBM LKS Administration and Reporting Agent version 8.1.6
IBM LKS Administration and Reporting Agent version 8.1.6.1
IBM LKS Administration and Reporting Agent version 8.1.6.2
Upgrade to the version 8.1.6.2 for both IBM License Key Server Administration and Reporting Tool (ART) and Agent. Refer to the Release Notes for download and upgrade instructions.
None
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P