Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM70B7739033C3AECE16A69259B7099A51CDE995000F025772BE88BAEF50611598
HistoryApr 29, 2019 - 4:00 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect TPF Toolkit

2019-04-2916:00:02
www.ibm.com
26

EPSS

0.016

Percentile

87.3%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition and IBM® Runtime Environment Java™ used by TPF Toolkit. TPF Toolkit has addressed the applicable CVEs.

Vulnerability Details

If you run your own Java code using the IBM Java Runtime delivered with this product, evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the link for “IBM Java SDK Security Bulletin” located in the “References” section.

CVEID: CVE-2018-3180 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-12547 DESCRIPTION: Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

TPF Toolkit 4.2 and 4.6

Remediation/Fixes

Product

| VRMF |APAR|Remediation/First Fix
—|—|—|—
TPF Toolkit | 4.2 | JR60953 |

  1. Install the latest version of IBM Installation Manager.
  2. Apply Interim Fix 4.2.15 by using IBM Installation Manager.
  3. Update the Java installation on your z/OS or Linux on z Systems (or both) systems that the TPF Toolkit connects to. Download the latest version of Java from http://www.ibm.com/developerworks/java/jdk/
    TPF Toolkit | 4.6 | None |

Apply the appropriate fix from Fix Central for your platform:

Workarounds and Mitigations

None

Related

ibm 167
redhatcve 2
cve 2
prion 2
veracode 2
osv 1
nvd 2
cvelist 2
debiancve 1
f5 1
alpinelinux 1
ubuntucve 1
nessus 8
redhat 4
openvas 3
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Insight (CVE-2018-3180, CVE-2018-12547)
2019-04-19 01:35:01
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547)
2019-04-19 01:15:01
redhatcve
redhatcve
CVE-2018-12547
2020-01-03 15:30:50
CVE-2018-3180
2020-11-29 07:58:07
cve
cve
CVE-2018-12547
2019-02-11 15:29:00
CVE-2018-3180
2018-10-17 01:31:20
prion
prion
Code injection
2019-02-11 15:29:00
Design/Logic Flaw
2018-10-17 01:31:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:57:00
Denial Of Service (DoS)
2019-05-16 03:19:25
osv
osv
CVE-2018-12547
2019-02-11 15:29:00
nvd
nvd
CVE-2018-12547
2019-02-11 15:29:00
CVE-2018-3180
2018-10-17 01:31:20
cvelist
cvelist
CVE-2018-12547
2019-02-11 15:00:00
CVE-2018-3180
2018-10-17 01:00:00
debiancve
debiancve
CVE-2018-3180
2018-10-17 01:31:20
f5
f5
K30503705 : Java SE vulnerability CVE-2018-3180
2019-01-07 00:00:00
alpinelinux
alpinelinux
CVE-2018-3180
2018-10-17 01:31:20
ubuntucve
ubuntucve
CVE-2018-3180
2018-10-16 00:00:00
nessus
nessus
RHEL 7 : java-1.7.1-ibm (RHSA-2019:0473)
2019-03-08 00:00:00
RHEL 6 : java-1.7.1-ibm (RHSA-2019:0474)
2019-03-08 00:00:00
EulerOS 2.0 SP5 : java-1.7.0-openjdk (EulerOS-SA-2019-2200)
2019-11-08 00:00:00
redhat
redhat
(RHSA-2019:0474) Critical: java-1.7.1-ibm security update
2019-03-07 15:44:12
(RHSA-2019:0473) Critical: java-1.7.1-ibm security update
2019-03-05 12:42:15
(RHSA-2019:0469) Critical: java-1.8.0-ibm security update
2019-03-06 21:43:02
openvas
openvas
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2019-2200)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2019-2460)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2020-1394)
2020-04-16 00:00:00

EPSS

0.016

Percentile

87.3%

JSON
Related for 70B7739033C3AECE16A69259B7099A51CDE995000F025772BE88BAEF50611598
ibm167redhatcve2cve2prion2veracode2osv1nvd2cvelist2debiancve1f51alpinelinux1ubuntucve1nessus8redhat4openvas3