9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Multiple vulnerabilities may affect IBM® SDK Java™ Technology Edition Version 6, 7, and IBM® Runtime Environment Java™ Version 6, 7 in IBM FileNet Content Manager, and IBM Content Foundation.
Resolved by using the IBM Runtime Environment Java October 2016 Critical Patch Update.
CVEID: CVE-2016-5582**
DESCRIPTION:** An unspecified vulnerability in Java SE and Java SE Embedded related to the Hotspot component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118069 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5568**
DESCRIPTION:** An unspecified vulnerability in Java SE related to the AWT component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118068 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5556**
DESCRIPTION:** An unspecified vulnerability in Java SE related to the 2D component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118067 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5573**
DESCRIPTION:** An unspecified vulnerability in Java SE and Java SE Embedded related to the Hotspot component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118070 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVEID: CVE-2016-5597**
DESCRIPTION:** An unspecified vulnerability in Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-5554**
DESCRIPTION:** An unspecified vulnerability in Java SE and Java SE Embedded related to the JMX component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118072 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVEID: CVE-2016-5542**
DESCRIPTION:** An unspecified vulnerability in Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)
FileNet Content Manager 5.1.0, 5.2.0, 5.2.1
IBM Content Foundation 5.2.0, 5.2.1
To address this vulnerability install one of the fixes listed below to upgrade the IBM Java JRE.
The fixes supply the proper Java JRE for the various release levels of the affected products. Depending upon the product and release level, these fixes will upgrade the Java JRE (October 2016) to one of the following:
5.2.1| PJ44487
PJ44488
PJ44486
PJ44489
PJ44486
PJ44489| 5.0.0.10-P8PE-FP010 - 8/11/2017
5.1.0.0-P8CSS-IF017 - 8/11/2017
5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/16/2016
5.2.1.6-P8CSS-FP006 - 12/16/2016
IBM Content Foundation| 5.2.0
5.2.1| PJ44486
PJ44489
PJ44486
PJ44489| 5.2.0.5-P8CPE-IF002 - 1/19/2017
5.2.0.5-P8CSS-IF001 - 1/19/2017
5.2.1.6-P8CPE-FP006 - 12/16/2016
5.2.1.6-P8CSS-FP006 - 12/16/2016
In the above table, the APAR links will provide more information about the fix.
None
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C