IBM84A94BE304846AEE39BE41ECC9CD93CE498CCDE620677470F14A00F848C825B5Security Bulletin: IBM i2 Intelligent Analyis Platform is affected by multiple vulnerabilities
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
Summary
There are multiple vulnerabilities in IBM® Java SE distribution that are fixed in the October release. IBM i2 Enterprise Insight Analysis 2.1.8 and 2.2.0 are impacted by these Java Vulnerabilities. This security bulletin explains the issue and how to remediate it. In summary download the new IBM Java JDK and apply it to your system.
Vulnerability Details
CVEID: CVE-2018-3139
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)
CVEID: CVE-2018-3214
DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit Sound component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151530> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
IBM i2 Enterprise Insight Analysis 2.2.0
Remediation/Fixes
For remediation you must obtain the latest version of the IBM Java JDK, (8.0.5.25 or later) and follow the instructions below to modify your deployment.
To obtain an newer version of the IBM Java JDK please contact technical support and quote this bulletin.
1. Replace the jdk.zip file in “toolkit/bin/java/<Operating System>/” with the new zip file. (You might need to rename the new zip file to match jdk.zip.)
2. Unpack the zip file and replace the java folder in the “toolkit/tools” directory with the equivalent from the unpacked zip file.
3. Run the deploy toolkit command. Navigate to the “toolkit/scripts” directory, and run “setup -t deploy”.
4. Start Enterprise Insight Analysis. In the “toolkit/scripts” directory, run “setup -t start”.
Note: Your system is offline whilst Enterprise Insight Analysis is deployed and before you restart it.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm i2 enterprise insight analysis | eq | 2.1.8 | |
| ibm i2 enterprise insight analysis | eq | 2.2.0 |
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P