Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM88DB109D85DEEA4A0B517A3CABF8FBBAC181B5D301BBCBD0EA7DB86C6BAE85C5
HistoryApr 29, 2019 - 6:05 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Service Tester

2019-04-2918:05:01
www.ibm.com
23

0.008 Low

EPSS

Percentile

82.0%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 and IBM® Runtime Environment Java™ Version 8 used by Rational Performance Tester. Rational Performance Tester has addressed the applicable CVEs.

Vulnerability Details

CVEID: CVE-2019-2426 DESCRIPTION: An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.7
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/155744 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/152081 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)

CVEID: CVE-2018-3180 DESCRIPTION: An unspecified vulnerability related to the Java SE JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-3139 DESCRIPTION: An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151455&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)

Affected Products and Versions

Rational Service Tester versions 8.6, 8.7, 9.0, 9.1, 9.2 and 9.5.

Remediation/Fixes

Upgrading to version 9.5 iFix 1 is strongly recommended.

Product VRMF APAR Remediation/First Fix
RPT 9.2 None Download
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&amp;fixids=Rational-RST-JavaPatch-Java8SR5FP30&amp;source=SAR
RPT 9.1 None Download
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&amp;fixids=Rational-RST-JavaPatch-Java8SR5FP30&amp;source=SAR
RPT 9.0 None Download
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&amp;fixids=Rational-RST-JavaPatch-Java8SR5FP30&amp;source=SAR
RPT 8.7 None Download
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&amp;fixids=Rational-RST-JavaPatch-Java8SR5FP30&amp;source=SAR
RPT 8.6 None Download
http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Service+Tester+for+SOA+Quality&amp;fixids=Rational-RST-JavaPatch-Java8SR5FP30&amp;source=SAR

Workarounds and Mitigations

None.

Related

ibm 134
redhatcve 4
attackerkb 1
nessus 15
prion 4
nvd 4
veracode 2
cve 4
debiancve 3
cvelist 4
openvas 5
f5 3
ubuntucve 3
alpinelinux 3
ubuntu 1
amazon 2
oraclelinux 2
centos 2
redhat 2
aix 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA
2019-04-30 04:15:01
Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Performance Tester
2019-04-29 18:20:01
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Build Forge (CVE-2018-1890;CVE-2019-2426;CVE-2018-3139;CVE-2018-3180;CVE-2018-12547)
2019-04-23 17:45:01
redhatcve
redhatcve
CVE-2018-1890
2019-03-05 22:20:43
CVE-2018-3139
2019-10-24 00:28:29
CVE-2018-3180
2020-11-29 07:58:07
attackerkb
attackerkb
CVE-2018-1890
2019-03-11 00:00:00
nessus
nessus
IBM Java 8.0 < 8.0.5.30
2022-04-29 00:00:00
Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)
2018-11-16 00:00:00
Scientific Linux Security Update : java-1.7.0-openjdk on SL6.x i386/x86_64 (20181031)
2018-11-01 00:00:00
prion
prion
Code injection
2019-03-11 22:29:00
Design/Logic Flaw
2018-10-17 01:31:00
Design/Logic Flaw
2019-01-16 19:30:00
nvd
nvd
CVE-2018-1890
2019-03-11 22:29:00
CVE-2018-3139
2018-10-17 01:31:16
CVE-2019-2426
2019-01-16 19:30:31
veracode
veracode
Information Disclosure
2019-05-16 03:19:25
Denial Of Service (DoS)
2019-05-16 03:19:25
cve
cve
CVE-2018-3139
2018-10-17 01:31:16
CVE-2018-1890
2019-03-11 22:29:00
CVE-2018-3180
2018-10-17 01:31:20
debiancve
debiancve
CVE-2018-3139
2018-10-17 01:31:16
CVE-2019-2426
2019-01-16 19:30:31
CVE-2018-3180
2018-10-17 01:31:20
cvelist
cvelist
CVE-2018-3139
2018-10-17 01:00:00
CVE-2018-1890
2019-03-01 00:00:00
CVE-2019-2426
2019-01-16 19:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-3824-1)
2018-11-16 00:00:00
Oracle Java SE Security Updates-03 (cpuoct2018) - Windows
2018-10-17 00:00:00
CentOS Update for java CESA-2018:3350 centos7
2018-12-18 00:00:00
f5
f5
K65481741 : Java SE vulnerability CVE-2018-3139
2019-01-07 00:00:00
K30503705 : Java SE vulnerability CVE-2018-3180
2019-01-07 00:00:00
K04154823 : Oracle Java SE vulnerability CVE-2019-2426
2019-02-08 00:00:00
ubuntucve
ubuntucve
CVE-2018-3139
2018-10-16 00:00:00
CVE-2019-2426
2019-01-16 00:00:00
CVE-2018-3180
2018-10-16 00:00:00
alpinelinux
alpinelinux
CVE-2019-2426
2019-01-16 19:30:31
CVE-2018-3139
2018-10-17 01:31:16
CVE-2018-3180
2018-10-17 01:31:20
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2018-11-16 00:00:00
amazon
amazon
Critical: java-1.7.0-openjdk
2018-12-06 00:28:00
Critical: java-1.7.0-openjdk
2018-12-06 20:23:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2018-10-30 00:00:00
java-1.7.0-openjdk security update
2018-11-07 00:00:00
centos
centos
java security update
2018-11-20 15:18:46
java security update
2018-11-20 23:42:18
redhat
redhat
(RHSA-2018:3350) Important: java-1.7.0-openjdk security update
2018-10-30 07:49:06
(RHSA-2018:3409) Important: java-1.7.0-openjdk security update
2018-10-30 14:57:03
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-04-16 10:52:12

0.008 Low

EPSS

Percentile

82.0%

JSON
Related for 88DB109D85DEEA4A0B517A3CABF8FBBAC181B5D301BBCBD0EA7DB86C6BAE85C5
ibm134redhatcve4attackerkb1nessus15prion4nvd4veracode2cve4debiancve3cvelist4openvas5f53ubuntucve3alpinelinux3ubuntu1amazon2oraclelinux2centos2redhat2aix1