Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server that ships with WebSphere Enterprise Service Bus (CVE-2015-4872,CVE-2015-4734, CVE-2015-5006 )

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server that ships with WebSphere Enterprise Service Bus.

Vulnerability Details

CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-4734**
DESCRIPTION:** An unspecified vulnerability related to the JGSS component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107356 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-5006**
DESCRIPTION:** IBM Java Security Components could allow an attacker with physical access to the system to obtain sensitive information from the Kerberos Credential Cache.
CVSS Base Score: 4.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106309 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

WebSphere Enterprise Service Bus 6.2
WebSphere Enterprise Service Bus 7.0
WebSphere Enterprise Service Bus 7.5

Remediation/Fixes

Please consult the security bulletin http://www-01.ibm.com/support/docview.wss?uid=swg21969620 for vulnerability details and information about fixes.