Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7BD5D8AD45685C7DD9745B369C05A089158DF8BF053C64EBF13DC20661E41FDD
HistoryJun 01, 2022 - 1:05 p.m.

Security Bulletin: Vulnerability in IBM Java SDK affects IMS™ Enterprise Suite: Explorer for Development (CVE-2019-2426)

2022-06-0113:05:44
www.ibm.com
7
ibm java sdk
ims enterprise suite
explorer for development
cve-2019-2426
ntlm authentication
java.net.httpurlconnection
javax.net.ssl.httpsurlconnection
jre upgrade

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.01

Percentile

83.4%

JSON

Summary

There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.25 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in January 2019.

Vulnerability Details

CVE-2019-2426 (CVSS 3.7)

Description

The transparent NTLM authentication implementation in java.net.HttpURLConnection exposes the user’s NTLM credentials to any server that requests them.

The fix disables transparent NTLM authentication by default. A new system property (jdk.http.ntlm.transparentAuth) allows the user to enable transparent NTLM authentication for all hosts or trusted hosts only.

Product Applicability

This issue applies to products or applications that use java.net.HttpURLConnection or javax.net.ssl.HttpsURLConnection.

Mitigation

The only solution is to upgrade the JRE.

Affected Products and Versions

Explorer for Development of the IMS™ Enterprise Suite Versions 3.3.1 and earlier.

Remediation/Fixes

Product

|

VRMF

|

APAR

|

Download URL

—|—|—|—

IMS Enterprise Suite Explorer for Development V3.3

|

3.3.1.14

|

N/A

|

_https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/_

Affected configurations

Vulners
Node
ibmims_enterprise_suiteMatch3.3.1
VendorProductVersionCPE
ibmims_enterprise_suite3.3.1cpe:2.3:a:ibm:ims_enterprise_suite:3.3.1:*:*:*:*:*:*:*

Related

prion 1
ubuntucve 1
debiancve 1
nvd 1
alpinelinux 1
cvelist 1
f5 1
cve 1
redhatcve 1
ibm 109
openvas 9
nessus 15
suse 3
kaspersky 1
mageia 1
aix 1
gentoo 1
photon 7
osv 4
oracle 1
prion
prion
Design/Logic Flaw
2019-01-16 19:30:00
ubuntucve
ubuntucve
CVE-2019-2426
2019-01-16 00:00:00
debiancve
debiancve
CVE-2019-2426
2019-01-16 19:30:31
nvd
nvd
CVE-2019-2426
2019-01-16 19:30:31
alpinelinux
alpinelinux
CVE-2019-2426
2019-01-16 19:30:31
cvelist
cvelist
CVE-2019-2426
2019-01-16 19:00:00
f5
f5
K04154823 : Oracle Java SE vulnerability CVE-2019-2426
2019-02-08 00:00:00
cve
cve
CVE-2019-2426
2019-01-16 19:30:31
redhatcve
redhatcve
CVE-2019-2426
2019-01-15 22:21:21
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software
2019-06-05 12:40:01
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Enterprise Single Sign-On
2019-04-01 03:30:01
Security Bulletin: Multiple vulnerabilities in current releases of the IBM® SDK, Java™ Technology Edition affect IBM Tivoli Netcool Configuration Manager (CVE-2018-1890, CVE-2019-2426)
2019-07-16 05:10:02
openvas
openvas
openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2019:0161-1)
2019-02-13 00:00:00
Oracle Java SE Multiple Vulnerabilities (cpujan2019) - Linux
2019-01-16 00:00:00
Oracle Java SE Multiple Vulnerabilities (cpujan2019) - Windows
2019-01-16 00:00:00
nessus
nessus
openSUSE Security Update : java-11-openjdk (openSUSE-2019-161)
2019-02-13 00:00:00
SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2019:0221-1)
2019-02-04 00:00:00
Photon OS 3.0: Openjdk8 PHSA-2019-3.0-0002
2024-07-24 00:00:00
suse
suse
Security update for java-11-openjdk (important)
2019-02-12 00:00:00
Security update for java-1_7_0-openjdk (moderate)
2019-06-03 00:00:00
Security update for java-1_8_0-openjdk (important)
2019-05-23 00:00:00
kaspersky
kaspersky
KLA11403 Multiple vulnerabilities in Oracle Java SE
2019-01-15 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2019-02-13 14:08:25
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-04-16 10:52:12
gentoo
gentoo
Oracle JDK/JRE: Multiple vulnerabilities
2019-03-14 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2019-0205
2019-02-04 00:00:00
Critical Photon OS Security Update - PHSA-2019-0002
2019-02-26 00:00:00
Critical Photon OS Security Update - PHSA-2019-0159
2019-05-10 00:00:00
osv
osv
java-15-openjdk-15.0.4.0-2.1 on GA media
2024-06-15 00:00:00
java-11-openjdk-11.0.12.0-3.1 on GA media
2024-06-15 00:00:00
java-13-openjdk-13.0.8.0-3.1 on GA media
2024-06-15 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS

0.01

Percentile

83.4%

JSON
Related for 7BD5D8AD45685C7DD9745B369C05A089158DF8BF053C64EBF13DC20661E41FDD
prion1ubuntucve1debiancve1nvd1alpinelinux1cvelist1f51cve1redhatcve1ibm109openvas9nessus15suse3kaspersky1mageia1aix1gentoo1photon7osv4oracle1