Lucene search

K
ibmIBM758B7885C4546A819DA2ED0A4B24907EC9FC839D6B58E3B0E48C50FA44C37345
HistoryFeb 20, 2019 - 3:25 p.m.

Security Bulletin: Vulnerabilities in WAS traditional and liberty

2019-02-2015:25:01
www.ibm.com
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

There are vulnerabilities in WAS traditional and liberty used by IBM Streams. IBM Streams has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2014-7810 DESCRIPTION: Apache Tomcat could allow a remote attacker to bypass security restrictions, caused by the use of expression language. An attacker could exploit this vulnerability to bypass the protections of a Security Manager.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/103155&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Affected InfoSphere Streams Affected Versions
InfoSphere Streams 4.0.1.6 and earlier
InfoSphere Streams 3.2.1.6 and earlier
IBM Streams 4.1.1.7 and earlier
IBM Streams 4.2.1.5 and earlier
IBM Streams 4.3.0.0

Remediation/Fixes

NOTE: Fix Packs are available on IBM Fix Central.

To remediate/fix this issue, follow the instructions below:

Version 4.3.x: Apply 4.3.0 Fix Pack 1 (4.3.0.1) or higher .
Version 4.2.x: Apply 4.2.1 Fix Pack 4 (4.2.1.6) or higher .
Version 4.1.x: Apply 4.1.1 Fix Pack 6 (4.1.1.8) or higher .
Version 4.0.x: Apply 4.0.1 Fix Pack 6 (4.0.1.6) or higher .
Versions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm streamseqany

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N