Lucene search

IBM858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE

HistoryFeb 11, 2020 - 9:31 p.m.

Security Bulletin: A security vulnerability has been identified in multiple products that ship with IBM Predictive Customer Intelligence (CVE-2014-3566)

2020-02-1121:31:00

www.ibm.com

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Cognos Business Intelligence, IBM Infosphere Integration Bus, IBM WebSphere MQ, IBM DB2 Enterprise Server, IBM HTTP Server and IBM SPSS Modeler are shipped as components of IBM Predictive Customer Intelligence. Information about security vulnerabilities affecting IBM Cognos Business Intelligence, IBM Infosphere Integration Bus, IBM WebSphere MQ, IBM DB2 Enterprise Server, IBM HTTP Server and IBM SPSS Modeler has been published in the following security bulletins.

Vulnerability Details

Please consult the security bulletin Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568) for vulnerability details and information about fixes.

Please consult the security bulletin Security Bulletin: TLS padding vulnerability affects IBM® DB2® LUW (CVE-2014-8730) for vulnerability details and information about fixes.

Please consult the security bulletin Security Bulletin: Vulnerability in SSLv3 affects IBM SPSS Modeler (CVE-2014-3566) for vulnerability details and information about fixes.

Please consult the security bulletin Security Bulletin: TLS padding vulnerability affects IBM HTTP Server (CVE-2014-8730) for vulnerability details and information about fixes.

Please consult the security bulletin Security Bulletin : IBM WebSphere Message Broker and IBM Integration Bus are affected by SSLv3 Vulnerability (CVE-2014-3566 and CVE-ID: CVE-2014-3568) for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)

| Affected Supporting Product and Version
—|—
IBM Predictive Customer Intelligence 1.0| IBM Infosphere Integration Bus 9.0.0.1;
IBM WebSphere MQ v 7.5.0.2;
IBM DB2 Enterprise Server Edition V10.1.0.3;
IBM SPSS Modeler Server Premium 16;
IBM Cognos Business Intelligence 10.2.1;
IBM Predictive Customer Intelligence 1.0.1| IBM Infosphere Integration Bus 9.0.0.1;
IBM WebSphere MQ v 7.5.0.2;
IBM DB2 Enterprise Server Edition V10.1.0.3;
IBM SPSS Modeler Server Premium 16;
IBM Cognos Business Intelligence 10.2.1;

CPENameOperatorVersion
predictive customer intelligenceeq1.0
predictive customer intelligenceeq1.0.1

CPE	Name	Operator	Version
	predictive customer intelligence	eq	1.0
	predictive customer intelligence	eq	1.0.1

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for 858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE