DATABASE RESOURCES PRICING ABOUT US

{"id": "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities", "description": "## Summary\n\nIBM Security Privileged Identity Manager has addressed the following security vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2012-6708](<https://vulners.com/cve/CVE-2012-6708>) \n**DESCRIPTION:** jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery(strInput) function. A remote attacker could exploit this vulnerability using the to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138055> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2014-6071](<https://vulners.com/cve/CVE-2014-6071>) \n**DESCRIPTION:** jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the index.php script. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95670> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-9251](<https://vulners.com/cve/CVE-2015-9251>) \n**DESCRIPTION:** jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138029> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2016-10707](<https://vulners.com/cve/CVE-2016-10707>) \n**DESCRIPTION:** jQuery is vulnerable to a denial of service, caused by removing a logic that lowercased attribute names. By using a mixed-cased name for boolean attributes, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138030> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2014-3577](<https://vulners.com/cve/CVE-2014-3577>) \n**DESCRIPTION:** Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject's Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95327> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2012-5783](<https://vulners.com/cve/CVE-2012-5783>) \n**DESCRIPTION:** Apache Commons HttpClient, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/79984> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2015-5262](<https://vulners.com/cve/CVE-2015-5262>) \n**DESCRIPTION:** Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/106932> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>) \n**DESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-1000031](<https://vulners.com/cve/CVE-2016-1000031>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/117957> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>) \n**DESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>) \n**DESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P)\n\n**CVEID:** [CVE-2015-7501](<https://vulners.com/cve/CVE-2015-7501>) \n**DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107918> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2017-15708](<https://vulners.com/cve/CVE-2017-15708>) \n**DESCRIPTION:** Apache Synapse could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Apache Commons Collections. By injecting specially-crafted serialized objects, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136262> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2015-6420](<https://vulners.com/cve/CVE-2015-6420>) \n**DESCRIPTION:** Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107918> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2013-7285](<https://vulners.com/cve/CVE-2013-7285>) \n**DESCRIPTION:** XStream could allow a remote attacker to execute arbitrary code on the system, caused by an error in the XMLGenerator API. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 6.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90229> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)\n\n**CVEID:** [CVE-2017-7957](<https://vulners.com/cve/CVE-2017-7957>) \n**DESCRIPTION:** XStream is vulnerable to a denial of service, caused by the improper handling of attempts to create an instance of the primitive type 'void' during unmarshalling. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/125800> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2016-3674](<https://vulners.com/cve/CVE-2016-3674>) \n**DESCRIPTION:** XStream could allow a remote attacker to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111806> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0732](<https://vulners.com/cve/CVE-2018-0732>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0737](<https://vulners.com/cve/CVE-2018-0737>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0495](<https://vulners.com/cve/CVE-2018-0495>) \n**DESCRIPTION:** GnuPG Libgcrypt could allow a local attacker to obtain sensitive information, caused by a memory-cache side-channel attack on ECDSA signatures in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c. An attacker could exploit this vulnerability to recover ECDSA or DSA private keys. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144828> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-18311](<https://vulners.com/cve/CVE-2018-18311>) \n**DESCRIPTION:** Perl is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the Perl_my_setenv function. By sending a specially-crafted request, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/153586> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2015-8830](<https://vulners.com/cve/CVE-2015-8830>) \n**DESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the AIO interface. By applying to certain filesystems, socket or device types, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111186> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-1000026](<https://vulners.com/cve/CVE-2018-1000026>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper validation of user-supplied input by the bnx2x network card driver. By sending specially crafted GSO packets, a remote attacker could exploit this vulnerability to cause an assertion and take the card off-line. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/138955> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-14633](<https://vulners.com/cve/CVE-2018-14633>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the chap_server_compute_md5() function. If the iSCSI target to be enabled on the victim host, an attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. \nCVSS Base Score: 7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150238> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H)\n\n**CVEID:** [CVE-2018-18559](<https://vulners.com/cve/CVE-2018-18559>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a use-after-free when there is an incomplete fix for a race condition between fanout_add from setsockopt and bind on an AF_PACKET socket. By sending a specially crafted packet, a remote attacker could exploit this vulnerability to achieve Program Counter control and cause the kernel to crash. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151816> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-10245](<https://vulners.com/cve/CVE-2019-10245>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a method past the end of bytecode array by the Java bytecode verifier. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160010> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2602](<https://vulners.com/cve/CVE-2019-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159698> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2684](<https://vulners.com/cve/CVE-2019-2684>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-4046](<https://vulners.com/cve/CVE-2019-4046>) \n**DESCRIPTION:** IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156242> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-6454](<https://vulners.com/cve/CVE-2019-6454>) \n**DESCRIPTION:** systemd is vulnerable to a denial of service, caused by a flaw in the bus_process_object function in bus-objects.c. By sending a specially-crafted DBUS nessage, a local authenticated attacker could exploit this vulnerability to crash PID 1 and result in a subsequent kernel panic. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157193> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162665> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162664> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Security Privileged Identity Manager (ISPIM) 2.1.1\n\n## Remediation/Fixes\n\n**Product** | **VRMF** | **Remediation** \n---|---|--- \nIBM Security Privileged Identity Manager | 2.1.1 | [_2.1.1-ISS-ISPIM-VA-FP0003_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Privileged+Identity+Manager&release=2.1.1&platform=Linux&function=fixId&fixids=2.1.1-ISS-ISPIM-VA-FP0003&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp>) \n \n## ", "published": "2019-08-19T20:44:10", "modified": "2019-08-19T20:44:10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/967469", "reporter": "IBM", "references": [], "cvelist": ["CVE-2012-5783", "CVE-2012-6708", "CVE-2013-0248", "CVE-2013-7285", "CVE-2014-0050", "CVE-2014-3577", "CVE-2014-6071", "CVE-2015-5262", "CVE-2015-6420", "CVE-2015-7501", "CVE-2015-8830", "CVE-2015-9251", "CVE-2016-1000031", "CVE-2016-10707", "CVE-2016-3092", "CVE-2016-3674", "CVE-2017-15708", "CVE-2017-3735", "CVE-2017-7957", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000026", "CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-14633", "CVE-2018-18311", "CVE-2018-18559", "CVE-2018-1890", "CVE-2019-10245", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-4046", "CVE-2019-6454"], "immutableFields": [], "lastseen": "2023-02-23T21:44:40", "viewCount": 15, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2019_ADVISORY.ASC", "JAVA_JAN2019_ADVISORY.ASC", "OPENSSL_ADVISORY24.ASC", "OPENSSL_ADVISORY26.ASC", "OPENSSL_ADVISORY27.ASC", "OPENSSL_ADVISORY28.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:4670", "ALSA-2020:4847"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2012-6708", "ALPINE:CVE-2015-9251"]}, {"type": "altlinux", "idList": ["DA7EB86A979E50AA3788F1F41AC8607F"]}, {"type": "amazon", "idList": ["ALAS-2013-169", "ALAS-2014-312", "ALAS-2014-344", "ALAS-2014-410", "ALAS-2015-618", "ALAS-2016-736", "ALAS-2018-1000", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-1086", "ALAS-2018-1098", "ALAS-2018-1102", "ALAS-2019-1177", "ALAS-2019-1180", "ALAS-2019-1222", "ALAS-2019-1266", "ALAS-2019-1286", "ALAS-2020-1355", "ALAS-2020-1422", "ALAS2-2018-1004", "ALAS2-2018-1086", "ALAS2-2018-1102", "ALAS2-2019-1164", "ALAS2-2019-1166", "ALAS2-2019-1177", "ALAS2-2019-1198", "ALAS2-2019-1209", "ALAS2-2019-1222", "ALAS2-2019-1228", "ALAS2-2019-1269", "ALAS2-2019-1305", "ALAS2-2019-1350", "ALAS2-2020-1519", "ALAS2-2021-1643"]}, {"type": "androidsecurity", "idList": ["ANDROID:2020-03-01"]}, {"type": "apple", "idList": ["APPLE:7AC1206D64FFADF7D373D56EED86A4D6", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331", "APPLE:HT209600"]}, {"type": "archlinux", "idList": ["ASA-201711-14", "ASA-201711-15", "ASA-201712-11", "ASA-201712-9", "ASA-201804-2", "ASA-201806-10", "ASA-201902-24", "ASA-201906-12", "ASA-201906-13", "ASA-201906-14", "ASA-201906-15", "ASA-201910-4", "ASA-201910-5"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-8977", "ATLASSIAN:CONF-32557", "ATLASSIAN:CONFSERVER-32557", "ATLASSIAN:CRUC-8382", "ATLASSIAN:CRUC-8411", "ATLASSIAN:CWD-4355", "ATLASSIAN:FE-7164", "ATLASSIAN:FE-7200", "ATLASSIAN:FE-7345", "ATLASSIAN:JRA-61885", "ATLASSIAN:JRASERVER-43422", "ATLASSIAN:JRASERVER-61885", "ATLASSIAN:JRASERVER-70929", "CONFSERVER-32557", "CRUC-8382", "CRUC-8411", "CWD-4355", "CWD-5683", "FE-7164", "FE-7200", "FE-7345", "JRASERVER-61885"]}, {"type": "attackerkb", "idList": ["AKB:38474044-13DA-4165-A8D4-86867CA68D83", "AKB:4A2FD572-63FD-426B-8D34-A9914260EF72", "AKB:B358B251-7E9D-453E-8802-E59A3DE72FAA", "AKB:CA3F16E5-5B43-471E-A678-F1231559A5F1"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "broadcom", "idList": ["BSA-2022-627"]}, {"type": "canvas", "idList": ["JBOSS6_JMXINVOKERSERVLET_DESERIALIZE", "WEBLOGIC_T3_DESERIALIZATION"]}, {"type": "centos", "idList": ["CESA-2013:0270", "CESA-2014:0429", "CESA-2014:0865", "CESA-2014:1146", "CESA-2014:1166", "CESA-2015:2521", "CESA-2015:2522", "CESA-2015:2671", "CESA-2016:2599", "CESA-2018:1854", "CESA-2018:3083", "CESA-2018:3090", "CESA-2018:3221", "CESA-2018:3651", "CESA-2019:0109", "CESA-2019:0163", "CESA-2019:0368", "CESA-2019:0416", "CESA-2019:0436", "CESA-2019:0462", "CESA-2019:0464", "CESA-2019:0774", "CESA-2019:0775", "CESA-2019:0778", "CESA-2019:0790", "CESA-2019:0791", "CESA-2019:1481", "CESA-2019:1488", "CESA-2019:2052", "CESA-2019:2237", "CESA-2020:3936"]}, {"type": "cert", "idList": ["VU:576313", "VU:581311", "VU:905115"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1094", "CPAI-2015-1313", "CPAI-2016-0684", "CPAI-2017-0740", "CPAI-2018-1066", "CPAI-2019-0232", "CPAI-2019-0250", "CPAI-2019-1309"]}, {"type": "checkpoint_security", "idList": ["CPS:SK156192"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisco", "idList": ["CISCO-SA-20151209-JAVA-DESERIALIZATION"]}, {"type": "citrix", "idList": ["CTX256725", "CTX256918"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1DFE9585B9C1AAABE38F2402F4352EFD", "CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9", "CFOUNDRY:3F54C95B87B9551DBB314C8164D88E3A", "CFOUNDRY:4B9A3BCF243ED381ED0645E905D1D406", "CFOUNDRY:5A3C09BA00E9C5521BF90BC72D1721B3", "CFOUNDRY:5F7B0715477A47782120872F352D59E0", "CFOUNDRY:6483ABFDCD6E9A898D675CD1BD295062", "CFOUNDRY:68D76A0378A3607BE24DDA5057C65012", "CFOUNDRY:719A6ED27AEEE51AFE1A714D83BE8E73", "CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4", "CFOUNDRY:871AE561BA64280CEEDB0200B9838843", "CFOUNDRY:894C76C0EB39D03A818F5E3BFAA0E55A", "CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739", "CFOUNDRY:B1BFB1BD3BA9A90D6CA66F05AB2DCBAE", "CFOUNDRY:BDB6F8275A06CC11A9EB2C43CBB82E42", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2012-5783", "CVE-2012-6153", "CVE-2012-6708", "CVE-2013-0248", "CVE-2013-7285", "CVE-2014-0050", "CVE-2014-3577", "CVE-2014-6071", "CVE-2015-5262", "CVE-2015-6420", "CVE-2015-7501", "CVE-2015-8830", "CVE-2015-9251", "CVE-2016-1000031", "CVE-2016-10707", "CVE-2016-3092", "CVE-2016-3674", "CVE-2017-1000394", "CVE-2017-15708", "CVE-2017-16011", "CVE-2017-16012", "CVE-2017-3735", "CVE-2017-7957", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-1000026", "CVE-2018-1000872", "CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-14633", "CVE-2018-18311", "CVE-2018-18559", "CVE-2018-1890", "CVE-2019-10173", "CVE-2019-10245", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-4046", "CVE-2019-6454", "CVE-2020-13946"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1157-1:16CF2", "DEBIAN:DLA-1157-1:FA549", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DLA-1405-1:4C0C5", "DEBIAN:DLA-1405-1:D76AF", "DEBIAN:DLA-1449-1:6B9AF", "DEBIAN:DLA-1449-1:EF247", "DEBIAN:DLA-1531-1:834CC", "DEBIAN:DLA-1601-1:10688", "DEBIAN:DLA-1601-1:D459B", "DEBIAN:DLA-1638-1:1D6E7", "DEBIAN:DLA-1638-1:87B2B", "DEBIAN:DLA-1684-1:394E8", "DEBIAN:DLA-1684-1:C97A5", "DEBIAN:DLA-1732-1:9BAF4", "DEBIAN:DLA-1732-1:C44A4", "DEBIAN:DLA-1771-1:3CE68", "DEBIAN:DLA-1782-1:CAC81", "DEBIAN:DLA-1782-1:EE207", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1862-1:8E150", "DEBIAN:DLA-222-1:38FAF", "DEBIAN:DLA-322-1:7D682", "DEBIAN:DLA-322-1:AED75", "DEBIAN:DLA-504-1:21FF9", "DEBIAN:DLA-504-1:37F35", "DEBIAN:DLA-528-1:BE307", "DEBIAN:DLA-528-1:C8771", "DEBIAN:DLA-529-1:758C3", "DEBIAN:DLA-529-1:DC84D", "DEBIAN:DLA-930-1:3C143", "DEBIAN:DSA-2856-1:D2DA2", "DEBIAN:DSA-2897-1:13B38", "DEBIAN:DSA-3503-1:23448", "DEBIAN:DSA-3503-1:9DDFA", "DEBIAN:DSA-3575-1:A3240", "DEBIAN:DSA-3609-1:174EB", "DEBIAN:DSA-3611-1:6D627", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:2E149", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-3841-1:B278A", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4017-1:AEF53", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4018-1:DD3DF", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4157-1:D7BEA", "DEBIAN:DSA-4158-1:43C61", "DEBIAN:DSA-4158-1:561AF", "DEBIAN:DSA-4231-1:6B2CC", "DEBIAN:DSA-4231-1:9B244", "DEBIAN:DSA-4308-1:A5A75", "DEBIAN:DSA-4308-1:D561A", "DEBIAN:DSA-4347-1:8489B", "DEBIAN:DSA-4347-1:FEAD3", "DEBIAN:DSA-4348-1:05673", "DEBIAN:DSA-4355-1:1415E", "DEBIAN:DSA-4393-1:1615F", "DEBIAN:DSA-4393-1:211D1", "DEBIAN:DSA-4410-1:29584", "DEBIAN:DSA-4453-1:C46EE", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4465-1:DDE47", "DEBIAN:DSA-4484-1:6701B", "DEBIAN:DSA-4484-1:9995E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-5783", "DEBIANCVE:CVE-2012-6153", "DEBIANCVE:CVE-2012-6708", "DEBIANCVE:CVE-2013-0248", "DEBIANCVE:CVE-2013-7285", "DEBIANCVE:CVE-2014-0050", "DEBIANCVE:CVE-2014-3577", "DEBIANCVE:CVE-2014-6071", "DEBIANCVE:CVE-2015-5262", "DEBIANCVE:CVE-2015-7501", "DEBIANCVE:CVE-2015-8830", "DEBIANCVE:CVE-2015-9251", "DEBIANCVE:CVE-2016-1000031", "DEBIANCVE:CVE-2016-10707", "DEBIANCVE:CVE-2016-3092", "DEBIANCVE:CVE-2016-3674", "DEBIANCVE:CVE-2017-3735", "DEBIANCVE:CVE-2017-7957", "DEBIANCVE:CVE-2018-0495", "DEBIANCVE:CVE-2018-0732", "DEBIANCVE:CVE-2018-0737", "DEBIANCVE:CVE-2018-0739", "DEBIANCVE:CVE-2018-1000026", "DEBIANCVE:CVE-2018-1000872", "DEBIANCVE:CVE-2018-11212", "DEBIANCVE:CVE-2018-14633", "DEBIANCVE:CVE-2018-18311", "DEBIANCVE:CVE-2018-18559", "DEBIANCVE:CVE-2019-10173", "DEBIANCVE:CVE-2019-11477", "DEBIANCVE:CVE-2019-11478", "DEBIANCVE:CVE-2019-11479", "DEBIANCVE:CVE-2019-2422", "DEBIANCVE:CVE-2019-2426", "DEBIANCVE:CVE-2019-2449", "DEBIANCVE:CVE-2019-2602", "DEBIANCVE:CVE-2019-2684", "DEBIANCVE:CVE-2019-6454"]}, {"type": "exploitdb", "idList": ["EDB-ID:31615", "EDB-ID:39193", "EDB-ID:49708"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:868FED2D5F6215B2F39518F65E3C1404", "EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0"]}, {"type": "f5", "idList": ["F5:K04154823", "F5:K04734219", "F5:K07519400", "F5:K08044291", "F5:K11175903", "F5:K11330713", "F5:K15189", "F5:K15364328", "F5:K17848347", "F5:K20001553", "F5:K21462542", "F5:K21665601", "F5:K25206238", "F5:K25225860", "F5:K26618426", "F5:K28241423", "F5:K29562170", "F5:K35421172", "F5:K35504111", "F5:K36212405", "F5:K39178480", "F5:K43429502", "F5:K61420264", "F5:K62532311", "F5:K63404203", "F5:K73540515", "F5:K75521003", "F5:K78234183", "F5:K82392041", "SOL15189", "SOL15364328", "SOL15737", "SOL15741", "SOL82392041"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:041196190421", "FEDORA:04868606351B", "FEDORA:04A5C23F7A", "FEDORA:07B5A6CB4421", "FEDORA:08AC0606CFA2", "FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:1BD5B6389B47", "FEDORA:1CAC0608E6F2", "FEDORA:1EFAB60ACFB0", "FEDORA:250CB6087A80", "FEDORA:258716069A4C", "FEDORA:25A9A23A22", "FEDORA:25BDD6190ECF", "FEDORA:25F4A2151F", "FEDORA:277CC60874DE", "FEDORA:2836F613193B", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:2D794604948D", "FEDORA:3266960F0E44", "FEDORA:3403F601DEC5", "FEDORA:344346042F3E", "FEDORA:38DE2220D8", "FEDORA:3A3766C5B5A2", "FEDORA:3A69E60B3E88", "FEDORA:3ED26601CEE3", "FEDORA:4002B609954A", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:44AA5603A529", "FEDORA:45DAE6062BE2", "FEDORA:4832F6079717", "FEDORA:48EB163233DC", "FEDORA:4CEF5610D7CA", "FEDORA:4D56F604EC0E", "FEDORA:4D5AD601FDAC", "FEDORA:505E26069A42", "FEDORA:50E6E6087656", "FEDORA:511986124F82", "FEDORA:511A7608E6E1", "FEDORA:58AC321FC4", "FEDORA:59E3F606D998", "FEDORA:5A4D662AE22C", "FEDORA:5B904214E6", "FEDORA:5BC786077CC2", "FEDORA:5D10B2170F", "FEDORA:5D742610B071", "FEDORA:5DB9C604622A", "FEDORA:5E4536182D79", "FEDORA:60E4D618B8A2", "FEDORA:648496077DD1", "FEDORA:65B57634CA63", "FEDORA:67D5B602F037", "FEDORA:68D44601BD0C", "FEDORA:6B66A6047312", "FEDORA:6E67663233DB", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:6F712609154B", "FEDORA:74245604D4DA", "FEDORA:74907604973F", "FEDORA:754F860A98ED", "FEDORA:7640C641CB61", "FEDORA:77E4F6087EA4", "FEDORA:7809D6CB440C", "FEDORA:7B564604AACC", "FEDORA:80260604817C", "FEDORA:8387C60468C7", "FEDORA:87BD56087904", "FEDORA:8B3DA601B251", "FEDORA:8D9BA60468B9", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:95A686085F81", "FEDORA:9801060D30FA", "FEDORA:98315602F10D", "FEDORA:9E3D9606D195", "FEDORA:A486D601BFF8", "FEDORA:AB52460321C9", "FEDORA:ACC466324C7C", "FEDORA:AEECE6075DBF", "FEDORA:AFDBD60E76E0", "FEDORA:B395E6087A9D", "FEDORA:B4E3C6062CB4", "FEDORA:B54D264CBCAC", "FEDORA:B56AC605DCD2", "FEDORA:B5C736087A8D", "FEDORA:B76DE6348980", "FEDORA:B803860875BB", "FEDORA:B87B460876BA", "FEDORA:B98866076020", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:BDAF321057", "FEDORA:BF5EC607125E", "FEDORA:BFACF60A35B3", "FEDORA:C1EA6603ECEC", "FEDORA:C49D061F375F", "FEDORA:C4D496071279", "FEDORA:C5613607A3CF", "FEDORA:C63656040AE1", "FEDORA:C63E3604CD70", "FEDORA:C64AE6007F37", "FEDORA:C7391611860D", "FEDORA:CB0956087865", "FEDORA:CB46E23C05", "FEDORA:CF0AC608B5E3", "FEDORA:D013361742CE", "FEDORA:D3523607924A", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DEA206060997", "FEDORA:DF5176048167", "FEDORA:E37FD60924F1", "FEDORA:E4F5E6062E28", "FEDORA:E66CE6076F5E", "FEDORA:E6F08605DCE7", "FEDORA:E93AE6077DCD", "FEDORA:EA6192175F", "FEDORA:EE17520E26", "FEDORA:EFABA604D0DC", "FEDORA:EFE7B60E36E5"]}, {"type": "fortinet", "idList": ["FG-IR-18-013", "FG-IR-19-180"]}, {"type": "freebsd", "idList": ["0904E81F-A89D-11E8-AFBB-BC5FF4F77B71", "3E0507C6-9614-11E3-B3A5-00E0814CAB4E", "416CA0F4-3FE0-11E9-BBDD-6805CA0B3D42", "53CAF29B-9180-11ED-ACBE-B42E991FC52E", "61B8C359-4AAB-11E6-A7BD-14DAE9D210B8", "8F353420-4197-11E8-8777-B499BAEBFEAF", "909BE51B-9B3B-11E8-ADD2-B499BAEBFEAF", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9B5162DE-6F39-11E8-818E-E8E0B747A45A", "9BAD457E-B396-4452-8773-15BEC67E1CEB", "AC18046C-9B08-11E6-8011-005056925DB4", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF", "C1265E85-7C95-11E7-93AF-005056925DB4", "C82ECAC5-6E3F-11E8-8777-B499BAEBFEAF", "CBCEEB49-3BC7-11E6-8E82-002590263BF5", "D70C9E18-F340-11E8-BE46-0019DBB15B3F", "ED8D5535-CA78-11E9-980B-999FF59C22EA", "F40F07AA-C00F-11E7-AC58-B499BAEBFEAF"]}, {"type": "freebsd_advisory", "idList": ["FREEBSD_ADVISORY:FREEBSD-SA-17:11.OPENSSL"]}, {"type": "gentoo", "idList": ["GLSA-201412-29", "GLSA-201612-35", "GLSA-201705-09", "GLSA-201712-03", "GLSA-201811-03", "GLSA-201811-21", "GLSA-201903-07", "GLSA-201903-14", "GLSA-201908-10", "GLSA-201909-01", "GLSA-202007-53", "GLSA-202107-37", "GLSA-202107-39"]}, {"type": "github", "idList": ["GHSA-24WW-MC5X-XC43", "GHSA-2PQJ-H3VJ-PQGW", "GHSA-2X83-R56G-CV47", "GHSA-3832-9276-X7GF", "GHSA-4CCH-WXPW-8P28", "GHSA-6HGM-866R-3CJV", "GHSA-7HWC-46RM-65JH", "GHSA-7X9J-7223-RG5M", "GHSA-CFH5-3GHH-WFJX", "GHSA-F554-X222-WGF7", "GHSA-F7F6-XRWC-9C57", "GHSA-FJQ5-5J5F-MVXH", "GHSA-FMJ5-WV96-R2CH", "GHSA-FVM3-CFVJ-GXQQ", "GHSA-GFV6-CJ92-G3HX", "GHSA-HF23-9PF7-388P", "GHSA-JFVX-7WRX-43FH", "GHSA-MHPP-875W-9CPV", "GHSA-MW36-7C6C-Q4Q2", "GHSA-P694-23Q3-RVRC", "GHSA-RGH3-987H-WPMW", "GHSA-RMXG-73GG-4P98", "GHSA-VM69-474V-7Q2W", "GHSA-XX68-JFCG-XMMF"]}, {"type": "githubexploit", "idList": ["F67B1561-9F99-5BDE-8EDF-EA45E59D6039"]}, {"type": "hackerone", "idList": ["H1:364964", "H1:424447", "H1:519061", "H1:676976", "H1:874427"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20140707-01-STRUTS2", "HUAWEI-SA-20180613-01-OPENSSL", "HUAWEI-SA-20181212-01-CACHE", "HUAWEI-SA-20191225-01-KERNEL"]}, {"type": "ibm", "idList": ["003EEAA01459A306AB68412FF8934C8FB098CB79B53C2EA9F30A19A01EC737CA", "005C6D395AA8716F1312AF9365F6C7581DE1A44756D16DDF39FA96712476AD24", "006EE570D3F681FA7DBA656B3895F5BF85796CA7046E1C3B6DBBB95DB526E5F3", "011D1A91543956B15602627C23565DD5280CC571F3E0762403E60D8ED5CD78AA", "017704F263DE498C81E38DCD35C1B649CAC8F2B6DA67887C1DC1F132F6BB1B85", "01CFF49A8E945385D7DAF195723AF2400A442375CCE77F93B4CF72774A757E1D", "01E57EA4FD7356FB5E72935EEB154521615A9345224BEDE9B60CA47FD8E5D4E3", "025F46D70BF12E5E7A17B0B9163D46438945859C3636C38FE34BA49936F47B5C", "026861C8F37CB442AEB06F08CB67784AB6226E1C2C5830E2D4227D71E9453C5B", "027E5478A26C8AE814D366BCF7E00B0A415810B1BB3DB8B0FE38BF967C56F05E", "0284A9C9E051B4865405E64F5A3763DE5BDDD913D368CA68D8232FD8BADE82FC", "031AB80137983FA206B8FD452A65FA0ADD155D250DA679ADC4DC628C2E106C7E", "0391128544BC08A8BFA5BCF564C64E0E60C634860AF1C67A9777755E26FF4A78", "0475DEEBB77189C21055166CFDD5589F547B6604BF7328440BD344FF27889BB6", "048A51BC0625371C3FE182B38DCA012E93A3FE564EFF85A50D7F489B21007780", "0587C3ACAB30BC359B7B8C39862E13C4D8B029D3FDCCF48276CCCC0642A5A049", "05C104BA76BFD322A9C799D3F854EC1683B0012AD783525169B647CBA5185922", "05CE8A7D703F0A528D48CF44B8B2786830185B7EF11859E8BACEF198312F6634", "06409D16EC8F4BD816A8BBD1FE8C8AD118CCACF9B37F73C1BC2C7794B32167B9", "06852EEA8CD7CA7F8840D2FC93096A4DD156B248C6D17CEEEBA4095B19D215B6", "068D3BEDC275091943A2CBB4D9128A4E35803B760B72FCDAD37A77630B721D46", "06C8D02C038247F15E4D79EC7F9664B27635450E908F240B3E0213DF1114F10D", "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "085407593BFF655B8CF0F258DA6D221463AFFEFCE666127D14D44514702EBC3E", "08749D2CCAC89E6680D2F11C9FEB7B907DF0DBFC357218F10F3FAC8D1786C159", "08A796B56816877B1DE3F80DA6978CA3EB12D42B92A32C7002707F7FA5227E24", "08C191B7490E3B88A42E68EBB45DD7D862280ECF30D4F91E23AF0EF71301D319", "0960290DF2FC619258731B7569ADA60DF596825AA7CBEE2BCC35BBF743BA7F06", "09B89CC8D25586C368092FB677B5A30D9BB75439C83AC02E0B400F381CCB8955", "09C0C603EECE682CFFD6D5C27B3EAA66D128B79E9D89A33E4AF2314E9BF9995F", "09C3CD9A603BBCA07E7C38D8E8F2C12C8D70F4E6D1C69AEFC2384E5E0868F9D7", "0A251B57941452CDFD64C031582A8D13D6719AEDB99EBF965740CC5E04A717D6", "0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0ACDC7CDDEE06F34F2256DD048A556D53156ACF793ADBE3C9ED53FEEE712EF49", "0B7021DC2B460EC71A8A2A775509CF9903FDCDBE922E19FC8A42EA636775A967", "0BC9F9D433BBEB01C1CFD30CBA3FD722FFBD42C655BE49FAC178989AE036D49E", "0BE7C49B1C87D6738799B354F83EFE4BB8218E50E01DD5D29962ECEB31137434", "0BFA95615C47A8731EA2BE8892AD132D9865D65EF45F22364FDFDE9DF1A13C48", "0C2BB43DF89AB651EB4868C14225E174A83EBF22C74E30A0801125F7BAB5FEA4", "0CD3C55D23EF6A3854413D6B77B0308F73405F8CB242F8337158678FAB58DBC5", "0D4811CF16080329FAED2F0F50384DF021CD54EDE21A91677DCCA510ADF9344B", "0D6741D3E748A958EDB23F61FCE87910BAE0A43DDF4467209940DCC757354B1D", "0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "0E5A6BE90EB1C51CBD7F557C2B9FE0B0F3AF1139A9F3F928CEBDA2FFC0517AB3", "0E9A4AA745E8DA99E68988A52A69F5E79367E37CC08A08A6C2BB73B338AFB4AD", "0F01B0FA5BFC28F59C1651DBF18B013A204673B0F09C3BD91DFC41E7F520CA31", "0F0A825C07A03880DD39EA5C5014BCE8191E8BEC536CC2446F889DF92FF626E7", "0F8C9B43069C04EF8D42F75FA8D42A5837D2A01F1B45F132DD6CE116C7562B83", "1029DD6F473AD662889F3629D432E043E9F3053CFAFEA7698ACCBEF97F9ED67E", "103C758A0AF08F52D0B766AA2EB175A0225BD4AC6597C302813DA1D178204068", "106D0E0242F9F11C43519DD328F67C92614CE10FA2393899EC0A8E42714BA834", "1071929E319DA2301B42C192AD319E3B6E2E74FD95170F6C359D22224A6C2385", "10770D12191A8AE9369E34D348349D2BA4155BE98B552E072EF5E6E20AD6C297", "10929AB87458FCEF9CDEDD7580735107912DC7DD78D849F8EA412C07CBA1FB2D", "10A1C628C399C86E24C9D6A9B3952A5B25FBBB7072A52C80458F472DD864A956", "121AD16C8E6DC137F59BC7099DCBB94073B1DAF243EA01F065B73DC33C59F7CD", "12277D33F023D49A4635EDECB39A0984615C187AFB27843CEEABF15CDF9E0E02", "12EFB707E056F27AA11980D2F9CC90B6739FAC22EC63709581DBBBA13033E1C9", "136DDBB187CA30DA1F912D98168C94224C5097A9B2069F211A06D131A899737E", "137F20E36BABED1CA779D62543F1C11224CBD75D5BFD57AD80F1AFCBB1F98334", "14B45CE958F99B93156873D6975DBFB3B70D3F58837AC0781D687F5A60FDE9BF", "154959AD312743D0405AEAA761D472891EC4AB0DB42D62DF98414A64862177AA", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "15B7946476C14969EFBB158D48A2E631603F1323E17E2D4BDC13FB3B86B3B63B", "16DB31010331CDA102555C2016C4A080DD57DFC6949CFC06DB82104E0598F7E9", "172E8A857C199BCE10B08A718612B7B83ED02952ADF1DE693EE2C676DADD4B46", "179FD3D99FEB156E9BE800C71A01BE253FA92ED40794718E11C002132C6604BE", "17AD7BAA4B4B92B376991EA6E2FDE807376B44743890E9D9B34CC80855CC7FB1", "17D7D828B3E6A9F1E9C0A8E814E614CE20018EC729DD0927FA998FB80F5932E6", "18102A0616E0FDF878EE89E1BBB742C44546A28D538EB5D60946E785BD5A4E6E", "18CF8F0579774C83A0D6E6D4B5456431AD2CF024AF0BD0A465437DE7A74A73F9", "1987DCC23F9B672A1DF519282E5DB34EC4C916811C90F48C25760BA1A5817290", "1989BAC9A13E5810D01857F15117C91D64E6FBCC682878B71C8C21C6F19CBFF5", "1ABBAA04810BD97A9274DB3A56A68939BB813D603996C5750E37B3607BBB1B5A", "1AE3C39E2B04171FD23F21949F6202B367042F6DC07FB81BDC1E886F25C20936", "1BE567D30B40C09F851767F2902931CDC848386675672977840134ABB6E72939", "1D7A9620014C4105B221C6CDF92C1FEE1B525AEE56A16CA716E6FAE637E873E0", "1DBB84B31D8520BDA21FAB49DCBBC65BDA4B25DC581755F0005F890A0D31D1F8", "1DBFD228505C895FCD00B5A4C0098A75498E20A899AB72564803F87E9233B517", "1DEC7FD30C92434624557BDD1128B37921411BD17E6CDC7FBA2302EF3CDB8DDF", "1EBC77DA43FD0C2AC1B3FBFCD06096623AB926F98B7AC6367589E5222F2115BC", "1EC9D814A44355A00FF42F8C8587C9E7C452415354E28A889935185CB4613BD7", "1F0E769E02EDA03664C1D0694AF70B26BFB7E4DBC4D96E353B0F8FCBDA767545", "1F7A45CD4D73686FA6C9591207830D1B405EB9704E1C5F2BE5F439A0FE018D74", "1F863286DD7FDBF9A1F133C4CED54660AC1B8499A8E4E8339F0D5E9F6DCCC391", "20246C71413D377B874441ECE1E99415826F2FD43DE24D58ADDBA450CAF4115D", "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "205D8E291F00D69928AE2777BC3A52CC5094D59B30AB5BF479F77703C17C0EBE", "2074430FA94A5CD554B789382CC458C8EDA728B391338CD7068EE4857C3E9CBE", "20895B7F4EE20D27BA455BF8CEEBC16A47A46F3AE7F323DD812A3BEECC1B20E8", "20E3B1F87F3897C5097B81356FCE11464CD877269B9F4957C06C086D1328FAE8", "2195054B582A785F1EB4D6B3E03B9AD2CD787A36C0FC023C1BF547E66A51A87B", "219CFAA78EC834FD6E9BB3252A14246E1D6A997716D8947B05407F1CCA7D283B", "229A4B43FE77515F8665EB39BE40365AEA78A7E6905A77143AA0029AE91AE79C", "22AD9780FBE31F0C3A8538A94435CC685BD218FD5CD12785CA0C0F3D4BD6466A", "22C6665D00A9702426CEE593F4765FD3CD4EE170F8AA7F50D0505C6B2799BC21", "22FE69B31A10A2D1A4C8753B638EBDDDA55E81977EC4563B990767DDEB64861F", "23B6C35F572AC440CAFC5CF53BB293A090178B0C282D83BCED13D656D611C862", "23D4DB5EE482EFB3D4E2CD933874D7EBEB993F69441F05476DBAE323FC777D27", "245FEAF3E7F9444B5958781DC69E3F6A353E5088DBEDBC2BC099CD2EDEC0625E", "2537F49BC389A32095FFD04DD90ABD8C245F9F959B3040D4B3B584792F460CCA", "256D69C6A8C49FA921BFF6BD50DAECC1F4BFD09962DC3AA698602171A4AF9305", "266AF5CCE2935A1632FAEA2AD2ADEC7D3B1EF6585030A41069E05308C44DE9B2", "269ED09DF8DEC59D6D5C76BBBEC1A3E9EB81FC2A6B977AF71E1341BCCE84CE32", "26A21EAB6D48BC0B0FBDEF4FB41A1271DC59BE46C75B209EB208E73B5D34D08B", "27B8E9FC98BA91ABC2C10006CF43B0739BDA7A3213E6F5DEF3851A7D59959B97", "28CBA14F2DF9254C1445C1338480DCFC0CE9E7605EA9BC20FEE2942EF21E34C9", "2938738DF3DDBB63A043DF986F34D6A71B49D913722E7B5256E7CB282FB094AD", "2941D52E6F881D5993E9C3236CA0451D0293C5A3807E5ADDCD4325AE37D01131", "2955FD677307C59BC4E381D8CA0275D629803259C2176CE4E845D6B42BA2E178", "298D694E8B6EFBF03FA97A7FCDBF327EA4FEEDD97CA520790177E2DF3923F9E1", "298FC7A9CD0C962952C04E8876B0F7152C3FB08D06D1E4BF31EC2BCD983215BA", "2A0289568A16E75438F062DD5447BEE8F462BCBB11E9154045B8CB577F2DD29B", "2AA3185EBA84E6CBC03538E7B412231A35154B6FDF60A284141EB61E9ADC17E1", "2AEFA99E16A640771ACFAC4BB5BE4B3421B9E6BBED3EEDAC07FCB8592B8E67CD", "2B583BAC13559207D6199DBF313322FD679D7CAC25583ADB0D482CC288326F6B", "2B9354341DE762610317643C7D0CD46292B876EA0495F199C8D716C899A81F01", "2BA364CD4D41CC4BFDFFB60060C41147EE41D3222E8E78760211D69A8CF5E1C9", "2BEBB38964CEA4B62F9F2515093252761533127501B62DEFAAC8D801CC37ED8F", "2C76F647969200030AA7BF35E0072712C6C19D62E94F2CA421C7D881264D16F1", "2C89CFD58F3D4EE971D17C1294FCDAF90987B18CD1793833204AB66E2BE29729", "2C8AC5B006429736039334AE81FEBEB33B177D66F06E2FCA009B44325938A335", "2DD592B07C3627E32B8E319401A338F7D61CECCBE3FA489F9E7FBA0B36C03E0E", "2E67736AE19900172DBE3724DB2CDFD54B958DE3E4094BA66B18D0C8284F5069", "2F04ECFAA998A1546F1869C5B12B60478AD49E765F4F5D22896BEBB4FDAB1DB4", "2F2870140B0737FB39893C470F866E8554F49AC854EF2A7BAA01B6A724196989", "2F56561079E67B55F3A367BA0BCE3ED5A5C9952A67209F84A3DABB0FCE15DFB8", "2F6DCE2C99CCDBE682ED08A9421CED8979F6A988BEE9A17025F9CD412547C8CE", "2FAF7A6D577E5A551B34815E630008C9F60A86F3050B6EA1FDE834ECDAD3CDBD", "2FE62C1E3A24A2A73592656FDD830196398708E9C059617692732BA9EA6EE79C", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "3029F9535BE20D2A199498B065F599F47A44CCD33B224D2192F5AE06C62BEDAF", "3099AF409810F61F136C1B25F2D414D364787DE5E6A6D82C98F2717B27280F03", "30F126C0FEE1D6C0436DFF1A6751EE8FDE2C7921F8AC99F5FF4DF624573C80E8", "31163EC63EEB5A0179912A0BC305EF5FCEB5F7D34DA7DEBB412A6F63DD9E8667", "31ADB6C8E8FF600D11DB6D7A8786A3E889599DA69349D9CD7C480130A5790D3C", "329954F801ACFEDDDB7B41015C6222E792A3D6CA56B25E2074EEFEC3AF0BEBE0", "32EB8BE682985EED6CDB1D2FE6AAA4C3E1F475A6C6763236F416CF5D1908DDD8", "332EB7C24BEDDB6A08EB1D2E56168DBF8FB7B8EE1E89939D477827DEB2BC62FA", "33514D86EC3E53CD716A10BAE90D85505C35246CE910C3A4201123115A84E6E7", "33FF9BBFA013E40A06E5B0AB55B876DFB2EA6711862322A00D2EC4A4BC79A5F7", "3455F9B6677D4CDB85C45911391DBACC95DE32B20B4F8DD9279827628378CB4D", "345F51EBDC4B614107E623B2D5435B6EE46DAFBE316CB6F79143A9BB38DCD9B2", "3495F9B812339D5B1BD78637C1F420145AAD93AFB44B6E35782DE0160CF7211B", "34BE1F5D90EBA86497E03267BFF29F5BD0C962B83596A2F57ED9D34F82159799", "3530DF8DA972875E9B1FD6F767CF9BCE12DD28AEEAAF4F127105D1281DCB6CC5", "35774A12657731256610BEB1ACB2AE99C105060354AA560F82DED28AE65A8B24", "35CE36470C6858208CBE35C645C86A8D11D93A44B60AA51330017D13664912F6", "362CA001FD00553BE7174C03BCCCBF89F5AB1348C42B438F71C6E4CFB81D7E56", "363661231CDCF5535EBC32F147EBEEC8D838F947C18CFF4C8F592EC472A3B7D6", "366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "36A44675340ABBBF38BBC61D576C235ADEFEC3786FBEAA3BDC6EA681F5DFF2F1", "36B9584E17AA5AF2507B4055D315F6471C0FAEB4DA5E11B3981F0D14B6267101", "37249F2CB82266F83D2BD38F77D3F4E383A6FFF8A62E52B41EAAE04D0CE04DA4", "379B42127397DA22B3063ACB9080CA1CDC4DD16E46385EB5871C4E7B8795DE59", "37A865B8A16F0A6EAC8B82722E64A2EAC9B4AB1D6FE4CBA00F40A43E0855F3B9", "37B1C13D57560AD2D5EFC78D9765E406257D9DEC561AC751A89056CBB0B78CDF", "37E84D76257762D12F144C420A6FA36A16C6055B49D7AE073144BE16FFF7F0A0", "38CCAB39CAFB6C2CE3724A92B67DF0EB31883A90C9A3CCC11561802DAE51A944", "38D9A93F57E99FC43E62E2E28DD6CA1B368B4FC1A373ECE7E9C403AB9D7C5DDE", "3A1BC1457116E48466FBE21DB096C6074F7E3864DD6D6D827772D229180E6497", "3B2B60EA90ACD3DE28D05828ED17EAA30888A25BE1EDABEE82A059D32EE8FF68", "3B659ECA0A3490E43A993E28F17C28259C30674E3C1D43656C4A5B37F135FF29", "3BD924AB1914D06D60F032CE4061B3FB0D5473ECAA7B3D99C2DF77F4E5E7546B", "3C65676BB318E7F626C40886AE1DA0CDBF3A57C601ABE8A15883EA7D4C7A0F96", "3C7DE12F3ADB738F29CE1DC06708D70E1686E950583A6962E31CCD68BABA41BC", "3D06AFAAD22542FA483AAC68D77E91B7A2B272972D4F386444B504CB4050B732", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "3D8540513E9389E52505EF4CCF99C1FC5DC8928BFA49128170D48087D1264725", "3D9D5C7B09E22D87A8FE0FE187F0AF4F7F297ED37E3326CEFC50EC5D149D3374", "3DAB255772B5C0465CD2A50FC27BF93D482025FE8D7247F3C147E19AC9F9AFD2", "3DFE6203DB59955492FEFDC3D6D48EBB07936D0F880BA3893D07DEEAC6EC7CD2", "3E3976C00F23983C030EBF334D5517C5C7930F74F42B8BA9438D5087530DE99C", "3F50B90AA067D7B221DE01833CF094A0A4B8DFCEFA2F20192B47FCC636918D02", "3F517C6EB3F580D15A8688927C2FEDE369F340156A939E9A19A6F6469765380E", "3F709EA726EB2BD99A9BF0A52B5FBF758B042727BAB188CBB7DC446E3FE28E4C", "3F717878AA040EDAD8CB844C86E752D8C4D36133520C6E446279F923E229DE73", "3F9F8F4832E2C9540EEE2DE7A8990AC60FA7592E705F735C05D36CB15E03989D", "3FC88BA235037C4668E92B0B1C0CAE40595218F8E66AF4506958D1E6F0B1D777", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "40143F0DA50617F5EA31C30CAE6F6341059E3F031BCE0BC7DBD9F120A3C1F432", "404E2D0E1B17160094AB135E0E50428683CA61B4BCEC0A2A54D173AA285C8666", "4072C39942198FA288CA301A6C2F9213A715552B7A9DD1177F87322136D13270", "40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB", "40E849000289F14BA4EAA8A0BFBD0324AC59A18BA17D9C7411EF7F2C82E2F403", "40E960C4B69B3BC0992DCA14B0685310C0D6431B403E0338B65A7084D0D82E69", "414AA62F2132B26533B2AF5C16D43749413F0250F9334FA46E8FC116E27628C1", "414CD2ED8A4DB39966322AAA5EC3E25F6665F6B43B7145FD3AAB4B99AEF6A15C", "4151943AAADA6150C5AFAE2BBD8A2D632F5103C8F0241C45300A9B5E66533036", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "41AAC16DD55649610A7533A1CCFF752B9439D695AF4B531F93AD71CE90511A9B", "41D74490768E1FEA65BA04768E1BBABF9B0B30814EAF5BAAE6962979F0600776", "41DDC82A157023E312F96344BBA7783A54EA393826891156E038C3C2F4900D76", "41E52F75A6D7D5643A154BDF7E47439DD72AD5A21A6077C530F676B951CB6EAA", "41FAE77A90CAEF9D3514EE486ABE07AEEEA0702625DAC5B28FF14166ACE71BCE", "426DC9FAD64F716E8463EF1B0FFD5E38D7ADE11BB58C57E0667356ABA3124D6E", "42895EF72F8D31969AA8FD1B68534DD1DC4F388BDFD1173220519EBFF117D396", "42B553A5257DBCE0553E09359217D9B58850595C4F83DD12BEB3762A7D09FF2D", "431382DB113A5AA827C6DF689025451816886598A8DBE3FF020843B5C1B983BE", "43279616015818523A0E30FF30F46717DF108D49FD2FFFF9A3666AEF42EDABB3", "437063148C0599A3C3F1CECB075FB83EAFC46606410F01E39088624674767E08", "43DA4697F34CF5D5A6799540E74541895D58CA735AF6018C2189B56DA5C5FD59", "43EA7D9D017D774D32A0D197F345A2CCB9AC632F5A3F17E7D34A94C65782172D", "43F6E0B56F7C1F7E66F047DCB4B7E6C4F21A0C543921FDA2575BB9020F92BFC7", "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "442C87761311C31D585A27325AC5DDA28E7FA2C4BF9A5D6F3BFCA0011CEF2CD3", "444F37A66B1439774408C55A7653314698A2FD83CFE39018661304845BACFC46", "448B36431D70C2FF876FBEC8D7CD3B51B5042A64B4AF7EEA7903D392CD01A757", "44D4BE9C6B3A5CA2D7E393A0C6B1DE6752C9B6BDF8F6BC23CA690D4063D3152B", "45EE862A886525741A09CA53CB36F782AC0F17020C63C71E3DF1B5FD95DE8F34", "4613957D820DCAFBB74BE1CB304042BC2F40D11AC7189E7AD20080A2A94DA39A", "46655D215605654C233A0192D520520517C2577FCBAFD46B6A2A95C51164157C", "46AE505CC3FFFE54F60711D6C34756B62528AF027F7D19286D37E230DA146730", "474B001918E3BB67F19CDAEC32E64680E9B10E26675494527CA8E89563FC463A", "4777F5C1553B23793B9C264645B77DC8564BD5ADDE40E26C0417DA938016C274", "47B8DD30E1DAA082C05A1D60F4C6C018A4FE6741AFA0C39A3672352DDBEBEC9F", "47D25A9CCF0D2814C969F367761F24BD96489AD3394A3B36640A52F7D3604F95", "47E4120B9285789AC2F5A2D577CA4BE3452EDD04208DFB9AE539ADF65FAE5391", "4829928E4C7715561CB19AF103394931A0114E34E269A614FDFFC77D2F61D9C7", "488FCEF71EF7DA59C44B85E01B61C9E6F64222BB3CB2279E3106224EAB4D58C5", "4923D07E52C885F6C3F3907B3EA91BCD53A6E0CDEB066EB9B1FC0E8A7B534189", "494EAC6DED2AE35E21EE2CDDCCEF3D9DC2E0A6224046209E48AE5CA445191511", "49E638EA8DC763C4A720AC82A063EC2AAD306BBC9896E4498C4A75F086639A96", "4A7967242C08B755CAC42817C5DE1D6873E083E250B638848D5A13A44961714B", "4A982423D13FD3C4884D3A9B9F8115B736B4D438E6122A9F2535242FA3EDFAE8", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4BBE38BD4C14663137CB5AC368F3844C03C1649121351CF9395210280F00AC37", "4BD0A578AC85BE4A404D10EC419136C4CE32988E7B285336E8F81B41BC84892B", "4BD525650ACDA69E5A72CD1CF82ABA591CB8C348C2EB3003E0E6F4F148199C9E", "4BDE70E43A19F50FF60A2F5CB6ED1C095A92727557F41F17F3F3059A4D00A95B", "4C024257AD7E9C83441C93605D5C5B18187F8CC456447E80E7EB40E8D951306D", "4C0DBF63A15F96E4F2164C15299BAC4C8BB35F5DA0A29941D47EAB5DD8E7F12A", "4C3B655997B1B90D55D74A5668CC31D928F2F462E891BF5BEB27CAD7295489D4", "4C85D2930346AD967159AF4455A7D0489E2962948B89964DEEB838E940D0D79F", "4D1E458B98BF60900F9A3740ED6C159561584781B6E9CD058D547A2D459767CD", "4D8DDFDCF2A9E08D22DE6980DCAE258956930E2ED23CDC0D9AF47F75D6F30683", "4E0CF71A698515A29D0ACA1BB71EC6A8B109B50F539EF3517671ABF65450A55C", "4E20FF6980EF77F8F7C53E254EBEB9AF129EF6EDA938A5BDE9CFA46C95393000", "4E9AD838365F2BB0F258C33EC7CFCC4BF6D5D2E850D198E6C26739712A30BEE6", "4EF2DC28258F6F8C814863116E6E89CA3C802A0E623177CD45C03F72ED60E5F5", "4F1727D0F1DD2ADAEB554D913D5719061DA9BD03BA5120EAE78DDBF9E09483AB", "4FDDAEF0B75E77A06B8D7597974820AA398F5338DCF044E51EA0222441200F4A", "50125E27447170BE98036399FE253A8FC89AB90C88039855C5EB3DF65F56614B", "5049E0390F7FB17FC4FB6FCDA949E23241366872E7987B7D22194E73DA48367A", "519FC45136B546F07851768C8E91945B467263AB1181050DB68A2C1829DD655A", "5286AF354DA84BB562B116A3416B9C765F3ED708765C101691CABFF974122A28", "52B201EAD7D8FBAAE3AB5280B9E773559F7305E89BBE33D8F5F38C7C4DE82834", "52B4D9D8F0C35A8ED4BF1E8C6B7007F0F22DE6776296FCD8048C0DB7F18162CD", "5309EC5EFB560C0EDAE9A1301EB479F223E61CEBC27B18D2F0F892C7B4171037", "539FD5A344951CB3146EC1C6256AC3A91344217924BD86DB5242BF2BD9D82C91", "54C6E83D4BDF6E6ADF5B194C223DC376C2D47C0CBD58899CB58072104014F60E", "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "55B312F2DF953395E8F31E665185E8F229A2FB4AA7956F73AA21C6BE4D286CF0", "55C6EB16408836E84C4255320770BC4F60934779CE325008D25B4951C20115C1", "55C908DF6E384DFF738E33489ABAD7D21E826199E00E40089C3D64248B3A4B8D", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "56B463EC4FC94CB9A95C1EB04ED52F5CA8929494B73B33C9BD5491390EF61E39", "56CC78C35775BE01C4C9BADAFDF799B350E98CF75CB5957993A02F3027111383", "5706CC11750D98BE595A7F6CA314649BB233FE88A86F8B5875FCB5DDDBCE13C5", "570D942341E636224024F162B408ADE5540957CFF853D3E54F4B451033753823", "57AE760DFB50538BE1F8A0AE6498718A547B70C0FEC4480282AF8A01140729ED", "57B60FE6E8B4A75432EC09823C2F040BFD2AC478472F30FCF04BABA8AA967C56", "57E5F9D7FCA3812DCFFBEF340646ABED73C847E4FAD84FC0672C9546CFFC3BE4", "587A321966FF09AC7C78097FDCE004811F71AD2FE0599A2E3FEAE29C23E1F6D8", "5902A41E6B193100253C43987CCC82D3DCB47681EEACDC1CD8E3887329ED5E19", "59EFD9B0F6483735AC8C124350E200E8EE1BB690D52F27E6921C30E5C4951633", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "5B64BCE3EE0E68F7C1E61B0134954FDB115D5AD76AD549C8F967018D7BA777A6", "5C0CB43BFD3EEE4DEDC0140098671ABC3AFF58071417714A283DF7BC26F07825", "5C2AA669FC4216D735AA72EC2C962FA6293CCE722B37D72F1BC2F78867DC8F7F", "5C2C022A36BF4D39A392DF7316D1681BAABF11A9ABC32DAE467DB316B3FD1A3B", "5C4C546238F2F066CCF4512373ED100B1789D0E3262D3D3FFC08EB28290965D0", "5CDE51E9038A7320F550F59F557C4D755BE640ECE8BC9A5CC7CD6D480E6FB084", "5D4F062A535B083DCAFE40C555463FDC20B044731A77B663E5157BF58509D9D9", "5D6BF22AFBD779DA01DD7F214B64D4BDDD4C8B32A409BE60EB058DE2F7AE710A", "5DAC43403A6D99FD575B46543303C4AE9DDB38B3F55FBF172BDEA1936A1DF2A2", "5DC1D4450F2C10180A54188407BC570F1264B8BCF3369F25AFDDF5EC5E93DA09", "5E0E32B39EEDE0FD2DF597014A313B4760C8CCD85774132829C4BB7B6A2ECEEF", "5E963A16D56492D265E3AD4BB10050F73E3DA9DE70902074CA74AFF7B978ADBF", "5EE17E6FA7B2E867293769D2B457CC1C902CEA1D9C6F97B78C2166BEB5DBD8E2", "5F0A459E7C55630FE8B65EAE2894E2115CDC425C3D1639EDACE33CFA2D3E5E1F", "5F3E26ED26EA2394AEF8CFD57D8113E0E0F4266C1E583DF03C0980A9BE5A932E", "5FF2FB9820AC50D7E06EDBD91F0C4BDEA0193A87B7F933264FD1C8778B603274", "6090C932221E51ADB229897A416B6CCCF4B92380897751F9E9E7D222C5B6F5AC", "6097D8015AFBEEA139CD04B0695213519AE407C70058F9CA2120CAD2E9367C6A", "6109AF1F8D1815678E61E353B816288D20DB8DD1D5C49536DF782435D85C01D2", "6155DCB197E0C8F981A0079215EC9D72376C81F0D5C98B713195392A9699AA19", "618977912AAF0DCA5FBB71864A1A9D187CC967B0E0C5867770412440259ACE09", "61CBED1DD723F40330ED88729C22DA31975AA613B69AB206CEBFF70154901E8D", "620AAAA8D7D0FE3187CDBB17E96CCB75AD90A06BB0CEC0A6F43E8E2CA7E9893F", "6227E56DAD73769F0362D834B90EB9B1D9A60C3227B1A4516F314052662E33C8", "6230D3333146C413BF31F6BD1F5D5D2C29CC03D912507845E6E89B48C08D07B3", "623954A70FECE1147032EEFB914DE7513BD7CFBBF3613D72AE3ADEDF6131D88C", "62439DA1685C8834EE8D742776B2A816E2F759488A37A2E67FAF819FB474771F", "62BF20415032048E6358E10F7500CC25CA658350C9D410F8FC1F0BE959CE97F8", "62E7A719C331FCAB47075BA0B9A2AFE666ABEF25DA19EDB1572CD3B9D2B9095E", "63C0560C61FE9A9777F6402C4988E794A31F66C8118AFA944D2596065F5D0454", "647605E80A79478E49959EEDCFFA36CA78059EB1E9A5F9990B2D4BCD8088A02F", "64ECB4FB68430500A5FFE653B8CBB353CA9114C8ECB0447BF8332C9EFC07F7A7", "654F3603785F612FCB89C4655C367EC60F72994A083FCDAAF1A7F63C68137F21", "65C6CEE2220BD8F2BF06A7DA52FAE31B05C72037D4DF4346A594A14F3DBA2AF1", "65F813DC5834BD7231C1E9BF8B4FA806B1F0B3DE4A4DE502EFD79E3DF631B9B4", "66085D7F9CED2307611DE0A2C699D11FC2C6F022E835E9DA63DBB97E0B78CA23", "6725498E60BAE87422EAF3456CE0CDB09BA37F2486FF5387F29D50C5D6450CFE", "6736B0754DF51D862A1D7BF099B989B186FC01D8A01EF0A67D8C36D1207CD38F", "681418AA2780D10FE3FE75923CF33BFCB1F9F3C8FD6FEF47FC5127CBC92BB2A5", "686AD7036FA377627F6CA627114C927BB78511D77E8CFBBBE65CCD394A5B7311", "6877B6BEB4849B4B82607B4EC0EE3C311BDAE55AF75B3A502A0407F3A6306AB9", "68E9FEEEEB96BA0F8037B1564D93E28E348E226B909FBE8C258655BA9F62FC84", "68FE27A404603F6BC15C9A946BBD279E122CB2A228269BA4C8E5830431C8A565", "69B7C0620CADC704D7AD182503FC0F94251EA42B617ABA4F86BB06A1DFE4EEF7", "69C4BA7EBA2FBED8F26777795FD33E6380CFCB2F86DF70D928F147B0F1622932", "6AFE0225FF449F7A6AD90F9665790E82664E148663D54920693EFD869839FCE0", "6BACF988DEEE7F5AC9B358EA6F20E74143E11CC3DFD708CA91BCC62BEC175C08", "6BC9040B51F3B0282E132873A0D807E58D8450D20237A38329B62B37AB7F1BD6", "6BD0F7CBF52B7A4162592630AFEE35125FA1167D864D7AAAE4BB2433659BC75B", "6BD6355030BE86F4E188BDB745E0B585AE117958CAAE5235F8A7ACA01F38955D", "6BD8A28B17576E05E0B974C262EB42ADF09E98ACEB21D1D8CF08B3D64F137C36", "6BFA62BC112FABFA05C6C5C47562FC2C7D3EECB9F385BFCD8A861FE181F02933", "6BFD16D63442859392E4F0B2D9FB127917A0595E1BD96F1625C66401F72732D9", "6C7EF094F5ADC8D9F28ABF3F2EB18A600C9A1FFD5B394603509AB166F1A6FEE3", "6C936525CC05B74329AB8247175C9D1ED80298555690B448306C6F657CE244B2", "6CA024A9F2CDCCE74CF938895AEB6EF4585CD5981045B8153F1F14C10368A3D8", "6CE7D70853B5BA8A7DC514288FCB381FD331F076A7273FC4FAEBCA19251B77B1", "6CEF08A1A5A2589C6B108019F507F85264A6994B29790BC8B95F25B7959C7A69", "6D062760B2650822C4E28EA28A083EC7EC2FC2B7C6C2FB6C3A85490F951F93AD", "6D2A7BF91105C3150A5999A30FFE8E728AE32963CC4A6DEF6FEC3E8B49DD8796", "6DC9908A2BA9AE31D55D0175A923886E277978E74AAF349BFE61B221B1874064", "6EB0DF5B8D2A9CE0A54E20B9831C291C9DF55686C969612BB8B51326B44694DA", "6F6768C352D35E635941DEB363A246932AED6F313203D35ADA25B85FA350C55A", "6F75059EBDF719D84C8DC0CA4BAADF9428544BDAFCEEAE62F4225A55CA1E8AF0", "6F903D72C7CBCD5D406DC92D148B58251120496230055F5D81B146CA9D266CAE", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "6FF75962CB7DDD7579E6FD1A7074307D64F2739B039FDA656F0F483D64BA1F23", "70A3DA093ABDE18F72C315FEE3BB4BF5BC15B78D8580EF9CAE5E47A72E111EE0", "70B7739033C3AECE16A69259B7099A51CDE995000F025772BE88BAEF50611598", "70C73AD4566FDFC858E6E0D83ECBDBBA43987B0C7357F0DD02F6739B83B765E1", "70D8566E5246B3550B562DC69BD9E44914B7C5D0DCD3C21264DA9CD5683C56E6", "70F7C16B884F3CA0489B9235F3CDA3FE2C0B53C46BD3767440928787F2FADAF1", "71D1807B19167758BE5AEE6CF1BD9917FB67F89489B8B7A910AE0C4CE3ABE368", "72F388362AF41C5685D24932E9104E4D10F2F34B4CB1D6A825C5735F1D4D2178", "732500E18BE7C9ED830D9D2C86A1F758E95A1A12A09BE8FE102B75F50E6A1E5B", "73F295E4CA98A62DC32C3F4805623BBE6C4CCCD3F58645888D4CF9A556BEE309", "747FEECC07DAC55AFB648FD70182F8973D8D7E1568BF68438A356BA5AD3C9D80", "752F56653A30601AAD912D99EBCD8F1E125790C8A5391A97B727DA9FF98902D0", "75D402B2CEA61D69C553141E08DFD9743DA1DE8E0FE50384A99E9AD4F4E5B618", "761B3F2157156B455D862DB41A0DB938E62346DEF24B625DB3075EC98C612C7C", "7623EF01FDC9829334B2D3D28DD6B6F03B2A42D3B32CC0CE319C386E91549037", "76322F4FDE913CCFF696E95021198B9D1B68711EA0FBA9EE3CF9E433336206FD", "765EE754DDB2AFC25A4F81B453619E8DE782835F4B2ACED4DF8CE43B5D4C10B8", "7673ECA7C26C82F326589C66582D68F7F87357B4FB250AD73DE7E7F5EC924344", "7683273D853201795DC98B316DD2C8B7DB84C63DD2868C0F87D00A09760EDC9B", "76FA12A14D94277858DB1075CD6A9F1E4AAF161AEC3B71FC67679D638C279BD5", "77352C82A30EA733694B5D88C0D7D12ED4F6B39811776EF99E8E73A7C6CD693F", "774CD0CC266135AB1675926645BDE7EC4B8D9325050C2B4CC8CDB5B064BC5431", "777D61447AE03D73FD2D97CF0983536D23398FC4A6A49F4C26347ACD7EB94921", "78CFFC4D2D270C24EEDC9DA3C157BE051A6915432AF4FACB8946F44274B08376", "795D3F68D07925B1C9C765AAF8DA73C30C8A6490AD9D7941029C418A30C9FF2C", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "7AF8ADC014267E16D5CE056D42D89957E2224A37E2F35D176E3856B598EB636A", "7B4429F647B4E5812F01EFE2FF32AC0811DF06F051368E6FDD869E0177CC2C34", "7B6A0EC4B0BDE7D3CCC734AA346757CF04E0ACCB853B4076CEA5505A64B850B6", "7BD5D8AD45685C7DD9745B369C05A089158DF8BF053C64EBF13DC20661E41FDD", "7C2A05057946026DBC9006EF1252457CB65C377AFE4304087DA2D09DDCE779B9", "7C2E3EBD59844B33604F823D03303C3D61BA5B706D9B3DBCB94DE8170A315138", "7C9157E346AC79316DDB98434F0E33C3519FE79C9DBB12AEF05930DBF715E4B4", "7CB83B36707C65E12319F21FCCA0331FC7E7DB8440CE02E4269ED8930A8079D6", "7CF53FE09C7D25161BFAD59060E2F4269BC90C0B892337805721A0FE0A9BDA22", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E1CB2FDA212C7A8FC0CCD8803720285F00C1F62F3E2628C7217A85BFA5FFBC8", "7E2F62106B895325A750D4AC20BF018E0EF2AE3D85B9685ADBC3048C8D7487CA", "7EF8DDB7CAAEBD201C1D2FDDA71AC7E536E9EE67A57D2214B6438EF600106496", "7EFB522319684542D37BC81717D35991CE91F1752F5381EA6BFA2B84165FC89C", "807F02BF5D04D1D709B1D383A56D073A3E2ABB5E058B819FF145C9C80E083AF4", "8155B091E8A9E365D7BF4DC2FC7DA1113C991153BF54EDFFC2BCC3322D0D6281", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "820519DA7F55AF0F23990F5D92BEBB0BF9D96D4C9F7B72B705FA2CA81BD28509", "8211994399E04C789FC76AB9DC595C5EF96DE232487BC65F21231E5D2A2FF50A", "824ADAF8E5DE88375EFC5412C86554019A1D20AE993BF46D6E6A634FA7987D24", "8266F57C4A12B4B9692DFB92C41F49CF6DE8E2E5BD9F25FF1F6B695E33A27F2B", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "82D72845B48E29F382E3CB32198A7458539BFAEC832BAC6D7B23609003A86C76", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "83ACE9827AAA221AAEBB8FF39A79EDF0106D1E765567F4841188EA8392A197BB", "83DE818C5932FD800E5449ABA82FA7FDCAC7A0E2B41C5C07CC9E5CC56A3B9296", "8491CF1F3DD8116411BD720BFCBC2272BEB04446394152CADFC6BA73F4D21149", "84BB486A16164E9E9FFD8E6D5DA45CDDD2999475349031D618B321E598A27C51", "84EE0B6B65D7981E610CE1341D669611BC09147C2C970E1916EE8AF8E9888A55", "85068BA05AFB9468D768F124D70E29FEAA718CF85C40196DF1FFB790C80EABFF", "8536D8B63174615B39C6AF8F68F74A50B7964CDD4E6D798DA69521E1FA81F86C", "8549BEFE35A1E8E9752F83A04F4768B5247E84BA31BACE43EA96DA8C255B1940", "8559AFB5B70626BA83EF4CFDD13AF5B36D27E7D26B5B6ED77C1CE18900064B36", "858896131EA815FB74E9BDD335996EEADB31086755EBD223F4051866A0275C41", "859E9503503A634C300E460C2F12FCA56E167B475CCBFA01CFD35167C415E188", "85A9CCC329280354A0F8271CF2AC6C4D6A82AF417642C72236CF8B3B9902B024", "85D372E46896156C65E15078249B18926E1B272D22567993CCC7FED3DB2CBF6A", "86393B1DF408A01F0A72EDDEBE617D0919B0C0D387A5ABD73B17879CE450CC18", "868FA6DB6C0D6319E1B3081CCB6B4C3817A1853F87C138E75E8C43A455725423", "86B993D6503E34FB9416A4008E2B835C55F8299FC3EA8C2C75569BF05DE5B981", "86C605E3543D3B83BA0A25B4F9686B938438FDAB955B33BD0721D21AA9B6A946", "86FDA29703FF35A4305664C83850C30892B9B61C669F608409B4DD6B42852AE2", "86FEF5081D62A9128F5FB12EF899306F75982B448B891B793DCEFF1C2AE1C3BA", "872BD873063FFAF2EF7288B9566A9CA58451B802A0465ADE67F67B5E43921382", "873027C90666B31B2B861C12FBC21902D0603FDFA39159346F0392F7B92BC8EA", "8780BC9CE2BB0677F47E2C4863425F9482973B47E148C25125FC42E69011487A", "8857F05BB1AEC4114159FCD9C6C498B4EFC19623C98F261F15E377281493E3E1", "8860D61812BA2746CDC66A20C94871C7EB5DE58C44F69D4B1B75B29F8862A05B", "886FADBF12E5D255DA0F738559659C57F2FF4189798EA7267513A7ED50B1F227", "88DB109D85DEEA4A0B517A3CABF8FBBAC181B5D301BBCBD0EA7DB86C6BAE85C5", "88F727F191CFFC37044A03CB83B1BC4AD832285EA66FE76EABF1CD38612CA6F6", "89D009E3524C1B9AD87ACA19EAA960BC3BB181F3123552424DF4436450F0C39A", "8A2F935DC3D0F2E173B8E4E2D35A15ED0CF4A2296381FDAEDD880D3DF62A3B87", "8A4B8F016E20BE062D275D1D7DA531E398846FA5F653F9077E943F8758AD58E1", "8AD3371B44D7ADBB4D07C11C71F4D7936BA847B275560A957AE1E42342ED2618", "8C18F8030274549454D17409D64C54EA8977ABB97F47F0C1BDD38AD8DF66DD50", "8CB9D0387141654C3CF6D4DE9206C4786C02BFC2860F29D379CC3D78BAF86A49", "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "8D8DE9B4F85BA9F45057F1A525F6F8147F1DD957EF9B30EE496884A69A033E8C", "8D964A6D85AB92A093A54D98B52835DA52D646F29F4FB8F77B0F37827E6FEFB1", "8DC903A346E8471DF3913A1DE175732295280CEB7BC6847373CE4F7856276E98", "8DE0038FF2F16FF69EA217DB21E96D31C2E06C56B40260327D9BA6E17D3A6984", "8E0AAF010EBF37D1F163FC08D65BD399EDDBF518CA20FD163ECA87BBC1970535", "8F42B1EECF982913B8608A5CFBA9BAC45C8FBE09DA56D904DDD3116F3FD9BC4A", "8F4911EABEFDF8CF9A9176648EB0D7C955E99A7E5AE82EFA08192793C3A75B6D", "8F7E9BC38CC1D5886DD8998C93E683C9367649830B463A9A5032011B60846A4C", "902F933C4DFF8102BC3633D1A9D4AAC351B61B86D6D317A3B467D1C143F66A01", "9048D1265FCD20DB01272D53629B56D7B2E47B7B133E02F4073FBE5ED768CC8F", "910790AFE2AD27449B2A620E21CA673A2E81BED5524BCB4B402935560E52D421", "916289CD5D9C8E5E33D7DE91CC4F8F7F5D561CF5D9EE0270AA10F98B4F8E11B1", "91A09BEF644BBEBF5DD286339A6FD55D9C9F00D45A2B3B6CD9E6CAEAA453EC30", "9304092E63FBA16253D493D2E1E4C422EF1498D05C9ADDCBBA838C3C29B1EF87", "930FC3DBD61B7E8555AF191AB7E1E95834FBDFDFC85B66000C95954661FFE18D", "93412E9C4F588B3648BA0C87C261B49B4B30EE62ABE0C050B7D0A4AF89AE9561", "93A2C56B0AB96E65E4360EC6548816D3C33DE282AFCF4BF7B723C6CAF3370854", "93AF3A0CB685837B7C985687A86604D2436D2B5919B3C105E801C3ADABAF8404", "93CD6CE7B822D8320F36E0BED4714E45BDF7930B4449FEC974E5D042D77FB9D2", "943BF9D2E4D1B3709AC9A19E368E6286D762065BA4DCADE553B25A806D935C27", "94B3EC63956148268E5D16E07FE76E71DA01EB7625BA7498384CCAD5794DE007", "95A89096D6A3775522F71BC5811D2B9C48B5E4C0D9092D7AC3FA13E24E89C85F", "95CD62FEDAEA72A3108F90B80812DA1D38B9D58498C1F872BB283E27B2E4A609", "967AF0313531BD8CF81DC92E2E738F2495CD203B6C45CECCE9EA3C65C8D50675", "9689CC781FFB77A68D0808F73F4652707DF84089948BC46748A94D94E9B86E90", "96AA6E96C459B552487D37879C1210BD7926BC641E7FD69543382941733FFB5F", "96B854658FB25B1C41C7953D07DFA40702863F7DF3DA2149F3BC57ED6B4B5CAA", "972701C7DC1452FBCF01B7BFE4A7289076C9DC38C28E80665321248205EAAF12", "9740C6D788C18AEDC395271BE7D8BC1250A1DFEC3E97EA850467EC7128330AFB", "978DB6EAC57C34FE713942896851877CCA664AC56B061164D57844C796AD9F31", "97BD6DE446514B1E9FE357A4E4FA984C0332A7850297BB639A700B30A873803D", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "980C17AFA89872C74755CDA953866616DAF86CE3D3D34780383D289340B988F0", "987312D6FC46CA3F269FCE6582D23DFEE688D79E6FE8D1293ED88A90F27657C7", "9885EF692D10F55B10165D028D563DA2E874C62358D512573E854BC6EF0EF9FE", "98A9F18DEF2C36019FA92A3DF2AB4C97E8389BD94BA30BC33E5ED93DC9968E12", "997FE97A9402E21A1AEB24DC72948345A78B9DEA937A0707F5075C73CCE629EE", "99E8EFD982702D0DA3B71A579F8DE7ED0EE792CBC5A6CC73A7B091F68F5F71F4", "9A11E9C1788C35B823E5B21CF64FA97CE70F198AB080F85388D146AECE6FA763", "9A19B1A61B0A4ADFDBA9E428552BF21656703586B14AC314FFC9B663C7D9BDEB", "9AEA0427FF2CD82F2B2209106517091DB3152CD2629B4BE8F83D8DC005BD43D1", "9B3B55B32968C55E20626DD8C4FD2B5C8B0E847DE167EFDC40A0B80D7134DDEA", "9B5204365F2C3C8BCBCB964C048C0B1A4DBF8ED42C55CE24C37598E67E13E3C1", "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "9C14329016F5418723129DEF900843F6DADE916AF1558462C16C6E034CB381D5", "9C9974897D9032CCE40784D8D39546999D4563EDB691A9F8F85E7C125665ACFD", "9CEA17D0A16727D2EE44536DDAF14F3810C225EF86FC8DD292A99EDC5262A025", "9CEBA1B39CCB6811A505F9227D3A8589890E3374E0755D8A3C0854B9E7E74B4F", "9D7005B758961DB83E562429E679C1FF93E8A3CBFDA5A6EEC3C6B52C734D2869", "9D892AD714895E9B8DA3E59547784D03B32EADD3AC421AB0003E3191C1AE27AD", "9D9A01E02514803E9E0E5DD88830752E1595E1F1CC50F35B26CA6DC44AE2E184", "9D9F8496AA1AAAE7CF135E4A6F86B7D8F86173A0E558AD93AA10046F0ACAAE6D", "9DBEC753D4731F3169755A2E0DB634ADE1D525F4BB9B04BCA0E5932356CCCB75", "9EAED1F5FB3762874ED935AF686A504F1630ADB20AA5EBFAE97EAEEEA4C0DAF8", "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "9F275D1C6B6D7ADCEEF9475F96D51D98632969BB1186F0D404ACCFB8AAA6C601", "9FCF866B3295B1EA63234C5D0D7F353C37F5EDF0268FCABC82880AB4BBDA9ACA", "A0E132541F97F127BF3DABB601EC05883771B88A1D5AF81623DA70B88A6C446C", "A0ECE071B650D8F5EC02E601175D0E3683680641E4438CAB1D935DEB21EBDD49", "A1505EC526BF4AE7C991E809C78BD6AF7B015DA2253B7D01ED1FAB8B0C204745", "A20DD20D95C60578C655644D1A8A4C9E587B5A7916261AE7A525E0C7B766C3AC", "A2517EC145D95278A8866855009EC2BCF9A702C6A9E1E46B6A3EC8B8660ED5CE", "A290A7C69D7232EA246ADCBF64B457E5C7E4E9545FC929444708AF14B14C9929", "A2986B3F1E7D262A7D84A42B3E6305CB140E7761D5A0E56DB1A501FFE61D4E56", "A35FCEEFC209DE6C3EDDE258BE5C9CE624D0CFCFC07CFBDD282C8402A63B2BC3", "A380C4CD3FFEF0D1AD28C9019320AF0085267A1FC55FD33D40E61A6A71DFDFF1", "A446AEABA3B847589A637F0E1DEC9B9F269264B81B83E391C6B544BDC3D1AF42", "A4546309800BAB5D9165D01BD2DE818A415744A283A8CAF26FF5FFFB7FAD3368", "A4829964562D4DA75AC835389538AF91BE820F503BFE614BB74E402BC80BACA1", "A491BD6DC6AF5A623AEDFEDF7E779F24335832EEADC2D8516572D7CD002EA565", "A4EB252B4F9B1D9E6B670EA990F738AB583192588E1566F20330B6E3CFCB3AA1", "A55D0DFA2F18D4384151EBFB9D93643CE9659FA87A9690125C9A72535F9F0428", "A57F3A7940F46175C99894ED2C93689EF39B4560C00608B974928F1A38BBE1CD", "A6001F6CB3771825DE3D57F508457CE779561EA49A592B0FA1556E246BA8A449", "A682D52911757859F2392DED7E2466B55F87A60A76B5E4202287D05A71AEB367", "A72E5564BDFAD9E449BF73E363352CDC6113E85F5F2C1391EEAD6F21F5ACB1C1", "A8A1B567F944BADF2C3904883B086755440DF569158EEB6B0C8C2202276A6F6E", "A8A6B57EE1BC9F1473354B832D22D004059F832458042AA25CC089DAF316B910", "A8C4FAE86EAE65D0C1F3A30200BC3B099B396436A3DF948A48B8B78AEF01300E", "A9009CEB9D4FC84627E2BFDF271867AA607266C77D477DE0CDF5AFA70E88A42C", "A95F0D6B3CF9A29C76ACC731709CAFC7669E8751464745D7E07486663A6EE993", "A9B608450EE2B2505174F8F497D891A822A15EB84A1C302BA28DE13FA45B34D4", "AA02BE79DCD02EDB1B362BC22E1303156066D6065A6A81B509F48BDDA3058239", "AA5F99D750188AE88EE9147F456EC2318ACAD6E09B523FD4A05096391875525A", "AAC158C4ED098E034BD45D199313205C348D72E4DF76A281B5156B82FF8740EA", "AAFF9E87667B35D62A52D77B8E5C3A000AE2419974F7C14545C23704BDDC171B", "ABA41AE1F52FE9086854B7B45A180CE144818A74F905110B30E795B2686AF00C", "AC328B0BD7747247509DF824A76882A7ABF67BDC8C756027B0F8E60F14B5C2DD", "AC7306C1C0F06231B28DD00D6E02A58F2D47A5420FA03F87BDA9AF08480C3B55", "ACE26206FFB4E9BFC947C91835F27A6EA2B5E8DF0FF6B0C69F358731D4D9C900", "AEC0722767EA21CDE0F10129C001F976425E48E7F302D7C24108AFF251D12D6D", "AF3CBD718F3297D87FDA4616011F4CD425D9EBE3BB2880108811A5CAEF018EB6", "AFE19A054333AA295FD3827F2033517CC7AEB5612BF8DB73D513BF11446C18D6", "B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC", "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "B079FBEBDB7E08BC0797399E951FEDE5C6E9602C2C19C47FC9BB79E90C6A80A4", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B0FB4CCA6C2AAF4AE7DFA7516AE94640B71BE0BE346F669F7A4393C673251F3D", "B15718AA4B8105564F039DDD186FC17074EAEE24D837EA5B1A7E296502934D28", "B1EE6762D8CA97073B01F6DB0A792F8F3F34B9F5EC96BE6D83DAFE3049D11046", "B24C2BD35069EEC81825786166AC7CFD96209B63CC462140B43428F031CB25A2", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B30027B67E0900B9C9192B0EB28EA6D42DDFB696208646582631F912C14CE66F", "B314C20BF91C600149F279A906C6EBEE84E73ADFE2036985C9D6023680EB2CA8", "B34195110077034574536A55FA352B5BF90728605D4A2BB88F8E3C60A9F0BAC4", "B41E400D6CB06F16F486E14BA627A63F5A14FAC2BD1E27A85775A6764B2BB2A2", "B4816627A76C3594EEA5390203C84A31076F0205605E2CAECFCE5886E6D51EE4", "B4ACC50FB3EFBFCDCC381ED7E344E2F40C781747A414909444C31FECCA264613", "B54C23AB6C2F4099543B14F5900252BB82DD7A923744D25CBFCED8DB2A18B38B", "B5C9681415A04F960FAB1C0F3F82C959A9D3D2742DA358703CC0F0FFCE28C903", "B5EA75DA45428FA9458348C3D472584E5E61BCCBF9FBE5657A2F537F17C008DD", "B62A0DF1BA325616E310706F59A3DD07DD7DC7356D343963E6F99C6D89411ED3", "B64C5AEFB23816BB6B78045BFB1186C9C02B8A6CA2CFF257712C70D2CE3F865E", "B657C82FF782BA1258367C6D684FC8D8FB770735CAEAFECE9AC1D670085E21DD", "B667E3D9390E85C117F5CC01B897A666F73B53F1B38A735C2523D3F70CB052A6", "B6D98686FB4CE3794F12AA810C56116765161F3CB64E9212B301423AF70BBA48", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B93CBD995960C74072CEEF36E0F5A0227F680BEF8318CC7D97C9863BCE03826F", "B98D1715B7B18F21FE72FFA91660367BB12E153F503B7ED4D216AEE465E8F453", "B9CFAFA13F67CEE973D4C3F427732BA9AFE07D6BC2C69AAF63E0ED627FA0A0F9", "B9E9CED15D52245923C5C522920522901C04440B4FB14B24474C1033AA731D66", "BA224C929D509ADDCB0F46007C0E0FACD292F79987D47E9F02DEFD7F67D0990C", "BA26481027AF6429B5D0591E1B64697FA26DACFE8B5A520E01934500A36BAFAE", "BA623255812F5894326A7A04E7565E7B402C3E556C22462052D019D08EA0871E", "BA641051633E4D947A94268037F8B8865B6EE865868B44CAAC2ACF192C454E89", "BA7DDF52CA98D664390133915CDD092BBB639AEA4E911EB487134FB1F8A967A9", "BA84392D3F11FD2DE3FE0A8FC9E00B1D08953778839774F716912228DD61BCC2", "BABF5F87446773F486C4241A55805D7AF675A10E3D8F7FB739A641C0B3FD8389", "BAC0ECD094048AB5764245E3813A4B3FD7B15C38CF78917E44082B74A378C2E8", "BAFE1432B61D78F2B29438C3606D2D46643F4DA3DFC6DD0FB0C4962ECD44C150", "BBD5B0FD70EBB30911257F316A998DBE75E6806613D1530261A9CC6A7DDB88E1", "BC2283C42C5754BA56D4B137D9299A766BC1E54917CDB4BD5C57BE600AAD1E60", "BC4CE6FA6231522277B8CDD6EBE913273E804C9EC6F8EA56F64C54D931A5F0A3", "BD6AE1C01578D2358D9720998260BF5FCA8B53021F548065995F3783AB704E64", "BD707B9A2C920399BE57A503E0CC1633CB723C90A936D7A2E92891D912259987", "BDADF9A01D9660DA0A520C62C15482DDAD45F4B68F6316BC4F17A7356B308B0E", "BDCE7C9CFA9684E952C1FF403595755387D0CADAED67C6B806E31D295F5B32FA", "BE40ACF27D8AE17579CFB2450280D344E32F14B5AFCC639EDB71C9D294778D10", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BEDC9913819E5766C014E39550533E553290EAA7198BCFCD5865A144C8460A20", "C09F3B9F4DBF9D0B77B16FD94B3CE34CB06275924A75E85EBBA3F1FD3FFBD2BC", "C1882EF0507C13F3B13D2F71439616E5B927333FFAF7FDCB93F807BC6BCDB22E", "C1DB4935C2F09FB7696CBAC483D55FF0C7BF88D253A43A15E46B05879CB82555", "C1F769D030FC2C40F30870B89602B6E37C63D9738974975088F5749826F8EED3", "C210DB4F68E45B14B945F03E927903ECBDD3FE9752D07BE050AA1247BFD07911", "C222A8A891F504F40C914F8F66ABB73F5EF9BD26F781A02F39DE0DB06449374A", "C31436DA6C1FDD78E2ECB68688AFD20C432119CDF718A53729D0F429AE0174AA", "C33A3EA0A894FC142F79013DE2B47A32ABDD698A23D88250CBA254A8EE181DAC", "C3B567818F0068A4E76BF412FA5CD0354D004804480FA49A2095407B12E1C65E", "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "C48B8A24BEA3D79BEA32D69CB925440D9078E9C37A37DBDEB8805808860199D3", "C493462547813E2D896F759039078514A13F0934C26044CBC7F658187CF3E4C0", "C4FF390904EA96B41C5DB7FFC9A3965E3300C99C7013D162C854AD0CAE44CD18", "C52476BB3C40EAD807A597C63DAC77AEDF4B8D108B3A4ED764609E659AEABB11", "C5A6B12415F7D7018CAA8E68DF67EEF75A5DB28BC4B70E92EA47A86C05657F8D", "C5C7D84C444F9CFB8E5CCE24264C09F1C183065FCCD248E0A1BBAD57CCD8C3D6", "C5DFD6DDF0D044C736F3F1427CBB14FC5CF33A1F5084FA65609536B85A5FB9AF", "C697408BFF50B0037FDBA174DD0026EF434F896498D825B3EBBA4A668B2DD106", "C726F40862B4C7F10ACCA65E33228688F1F53978CAB90244118ADE14DC095828", "C7D5275CE22EF1E77C2DE0FC048F002DC6C6C43730D8E85E12B6D4635562E537", "C8205FB95C2ED4DB838682591C292536A747C0745D002F607FDB822EC4BB12AC", "C84CBEF45E7C55B768FF70F0726C557D5B2B1BA13E601F6D2893838D10B3E0F1", "C85AE805DAE4BFB886E620D203691B28A85BA2DC3F369FF95D93339B02E74573", "C88FD4D469A35327F18A441E0F6F16137E5E2FA23925AE0EC11E2F76B3D0967E", "C8B10EBB1C04E885A0F46598D7359140F659737A3C1249FEE363B6A29D7355AA", "C97A3E95675449D0B4FB3B9F03BC3D1C54EEFCAFE80A94AF2A2CBFD8347169AE", "C9B215C2E990733679984F0C6E86DB20EA1ED143683D79CFE88293360577ED49", "C9E756FDC2D170A759D074368FA581B4BDE59726C48E93D77387BFF9A0BD269B", "CA49B7C63554D1CAFF30E7D6E04025376352C07DA4ECB985E5EC9931DC2968BF", "CAFB095B3406AF2192C514E1DCBD9BDB8E1617F8C1D2D8B7AF74C17E99F59356", "CBA598237EC6F84B53BABD94A4C1A8896539FE5863458FA4408BD6DB2D7A57BB", "CBAD9A5D72D7476363185541BD693344F4EEB28C6708F8A48B2849B3FD618351", "CC5089F9744A6B5AF776C8A1234A9BCA32E0798D396B5C631C8D215B02EA08AB", "CC522CEFDA1CDA2D6A41F4CEB23188FCDCB5B9C7684188F7ACD43070E2E91B27", "CC7F2C7FBABBEF125BC9CDD07AF840C1709E9984DB5D8952CB809E4D9B63520F", "CC90511999CDCFF078D628EABBA53FB2DAD95FDB412A61D2D60AF25820C65A9B", "CCE8671153F728CAB0724783796D490FA3C198DC9AAF1E254ACD2D021433E8D7", "CD821E5B00971E948195C8290C76A4A4F4AFF0BC8D61619DABD25B3A4F31E428", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CD97A128A9AE077D44AF9E9B42CD245B0F22FFF6FFA6DCD3C8F11FB01E29E289", "CDE6875133587A5E5E6ED5F01AB9C60FC14D6A03BA892EF38B70353468007DF8", "CEA3FA772944A41A4608EB7032786CB59A727BBEA181140305376E07EF399A7D", "CF40E075F0CA8C41C3924D8CAD12B7A9304B4AB57BABA03002EF8225FEFC457E", "D006FC5774ADF4AA80F3952715EDDA472FE39E68ACF3E0BE82C85E08EB7037BF", "D015FB335633AA0A9857CF83DDC5AD690EAA21C693FBA031341795B25DFFD6B6", "D073E08AD140CB6620590BE3498F8D2736D636AB608813B1FECA6FBC21280451", "D0B716391F80030BF988E290540B0ACE770BD27D3F36F2C823E1D371D32CEC50", "D0F90FC02DF0C56E6BD132E8B2615B5F33AB5CF670A65189CA520A94D2F35C9A", "D25D4F6DAF80FD271F7B02A13F15D2F025F032FA59ED15DD52D530E23F68B96E", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "D27D3969EE4BA0A1A5AA1BA800846A07534DF3DA291CD53AF39E4E1841E9F2CA", "D2A4235941FA71594358F79BC77601069C86AFC4F24476135F4E7D5EDF01745E", "D2C2FAA59189FC355096429F31F4AD0BE546851207D1F9D74226059031643143", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D320768EDA0A256974922526FBD9B0D787A99E5EB5A51830D413ECE091D3B830", "D339AF4F92E6BDA2B14C46B53EEC584B9068C60D095CA91F8D91E775B6991D1D", "D33BBD3C5F74DBFB7700F90DA29C0A0F17319D5EFCD29BE614C5EEA53697BBA1", "D372E96E670BB4F77813955B6066A57B559DAC9AE4607C58BBF631BD89D05A8E", "D3A343FAC7222190AB1488998CB4525C3B9661F21F96632EE555BC7763F8FC8C", "D3D8ED435C4CA8FB6EA23CBC3BCF5FD0E06943495EAB6C2245DEA41607A4EC6A", "D4211B02FBAB148D2434B40D5A6AB3817B90113685B8EB84B8D8021D3D23E01C", "D44CA6EF8BD7019FA550CA0950704781857304C8E0CD782812D3165AFD1C6B39", "D519EDF621C43AA30CAE493215E1F07C4C139FE3A02526AFB3F745E25DECEA7B", "D5934C683F70DCBE4AED04C1CC98975A5321914D3F2282A47A2535F0FC4F1834", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D5EE3EC14E7ED1E552E08E1001CECA43D603E6701AEAE8DAC86B2CBB34B5F3BF", "D5FAA4D531F2C77FCA796CDBE24E353B88AF07EF4901D113FCF9A8A7AA86B84A", "D63678498B94CE4636F5CEB8FAB7C8F6F571F578E6D0EF1B23F011C3A5778E9E", "D66B903250F05C7E6F628063E46BB788B758ACF5470BDBDCE9A7DDCF98ED3362", "D69CAB0B695FDB3F4A13D03095C9000050A31CA1EEA0F9ED3CBD01DC6FA43F1A", "D6F03E0612A845167F666CCA1A7409D6B9CBC3342DE65CEA3FBEC5E9C8EB6C09", "D6F0E984E380123D9BBF2B62BF44722BDB509A9B9B33AE7275CD298D194F5B74", "D81266EEF9A30224B03C1D4084FE2FB22F1A32AE3AEF1D43DC3CA53C8F5BCAA6", "D9698EB2CF81825958A16C40C281E4200E50280EC0B7C07E689F7539BB227DB6", "DAB88099018B311F83DAFDB9431625A326A00FF72BE126856DCECA1262D7C308", "DAFB6976639A3A0CD92E6E7C328A7D79DE7ABB5427325AE9867BF17CA6FD2D68", "DB55EB9809DA866C169E6FEE85A9FD38B2A9F16DCB1BBC5987E40D60559EE662", "DB68C8666C18AFC83A85EECDD8ABEF0A5F62BEEA4C9766E31EBEA828ED452BB7", "DB77FA682E1C424D5DC75EF1D7E867B818764A3DCA318FD78F7BB076B3F08B21", "DB866DC8DC23646847AE5E9E25C02B2DF2A195A414B2734DCAA102E637957BAF", "DB94999C91E041072E07E35C6AAF225FC95ED5B505AD09EAC92A1A39A3F67998", "DB9BA664C2EE59C14E1191FFD838450DDE2DF9BD6C7445462750416D1A593B97", "DBEEBEA67BF53D06F2B67D1EC250BC6DC481E7E1D95538F33DA149848FB8D480", "DBF3688DBA798444F3C298FA2AC7CFA893F49EE4F4F4469F192EA874C9A777D6", "DBFDA759395DD0AC7E179D05997E87AB15AB4D48C40F4A4663CE4C860E9BCA2B", "DC3AF6BC1F25ACFCE5025C6EBCDDF8639AE9C29FC2AD2069B5ADB56738E565BE", "DCDFF4028B590CE35AE76FD00F521AA76FBFDA50DB667396A9C77E1E602D9DF8", "DD5BF5116E5741EB672335643731F4B54ACDBD92F34C019A128C14DD0EF87E44", "DDAE44367545E909F1C5E82BA6B48DEA1D51F717CEAE6CED7805AFEA883D85F1", "DDC49E8C9A1C02DE0AB2D28C6910AD22A8D928D52149CC1F537F988C27BE1A38", "DE6FC785FAEA5CDC22FA3DD95C1113BD7CE8E4668A2B0686DFF968822706AA72", "DEAFA2DB54593AA80919E191E6F6089E8FC07DD6414224DF7420DF6F55DF4BC8", "DF83E2DA048D336A74145087134620101507F66C769120624B2E032C06FCE1A2", "DFB4A89370117A0C76AEBA610891449C199F7498B60521F9612F1A48A7736A6B", "E089CD8F4E1283BE8ED3A30F96421499F2E0C3F867875E0345CFFE45A636E65E", "E0CAD87D2D58A2FEE5B2191470CEB1BAD189DB6A091A60BC28E6B8904753BA45", "E12AC4164A95297C0432973D30F603FA386B4210C32C90DA21EC4D23B1C17983", "E143583639D054AA8FE69FA00A9B2C711903F95581EE6F26FFBD1FCD98532960", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E1CD32BD9F91BBD42336CF9972C1DF18FC5977D57499520A6A97DE2B4C471DCE", "E27CF59C9E2E6C51C822E91F4392208E7D3759A654890A485CF9095C81FD8C05", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E3696C30595FA8B573F57C370CA6AA8A4AB34D6431DC89342FD2F6ED3D647148", "E37B13187C746EEBCC0B857D3868C8E72F2399FE2B28D9279D836D25E821DE38", "E41DB3BE42FBB098E24A8665578CAC1A1B7E8557F404FB6F24D4B6F961A9D4B3", "E45B3F5997DB35E1A997FB0E28FA8ADCFF49A6C82C7F855C8050301889C23F79", "E4F82B1EF36905183E848EAEFF844914F58061E9D484E205B7784B8B5BE99E13", "E56D6671818C95A5F19AEF15A7AD87A26C3C7AC0AC041B6BA86DC7AE5D43AB6F", "E5AA4437698BDBBD4703580CD49CD069316A3B73AF868788EF8EE6FBDC54800C", "E5F6CA4E9846520FFBE611036320AF23A481268C0C6F8DE632C6CEE7B97E65F5", "E600E0C30FA57438BAA328F6729F104613C088264EDBAF41A037C964282DC8A6", "E6075AA4421CDE4C93FB6FE776168FD888F3E662A7F0CD9B705035929B13694E", "E6493D9BE057225FBCB94A6768DAF2C56601206D489452D9D4D2033C399018B1", "E709674FBABF3ACF153296465B387FAF06F18F887BD2A7754503B905294A1BED", "E78F8769E3C6FC94835A03FDC3E9DB0C47396C80E02CF8741F425B3CD4CCF404", "E79BC6C34DAD829FAB4182BB79212B7400A2BCB673A1FFCDE7E446FA6EFAF11B", "E8502415402D8DEE3757A91FDF5FC83A369265B0F5E2AE2A7246A3FC800EEE8B", "E8A476F8B21445DB976F281B14CC4A36CA281A99A57E1FD912A5D9C24CFD5081", "E8EEB32757FCFDA746B60EBA71D8922DF48CC00375BF0160ABE189EB75238BD7", "E95C513C81DFA803C5A853C9D2DFFDF741B2BF08BBE6DAABA2EE0C2BDE4DDDC2", "E9808A15687AF20D79A62EA874C01D3604932EA3D7A28423BA6E7D72E608071B", "E991079260D3E97942B215D527B13A7F49183AB777929F50A2170FBDE684C807", "E9CDC7558DA989941146B3A84A11854BD9E2194AC94082893AAD204FB055A96A", "EA5DF78A0F6ECD7BA750EAE5BED652CEC4B72A44416CE1B2165E131F2261F3C3", "EADF48443A8E20D8DFEA75EDA107D3C3565C36446AE7381C757F06368F975A13", "EB5D8C6E2448BC74380F4101662EE13D053367E89D5119DB578AEA896E494A4C", "EBAE8A338E4C3BC0B76E371B33FC5C8FBDBB13AABDCB226379C80DDB6E29CF21", "EC68A07B2C3DAE1C815890F259C28E42A77D5A3444423C6A6324A3D881B16265", "EDCF2E68ACD973727361751379D03614E328717BE15786687654550AC960EF96", "EE990E2E33EA6D732776EBA6886616740517F07048E1DC3EEC6AC2E97F7B2855", "EF8BCCAA9DAA84FFDF67B2B605E8F5219EBA4E7EDAA69B40EA2B0BCFC1D1C708", "EFAFEB4BBDCD09CB8092BF34BF1DF6E8940256BA8189C4734656E48E9BEAB09A", "EFC446973169CE75A82B0414B6EEF35DEF3A2D4A3904DF4C568A776C1F269E2C", "F04464E7DB4FD4328624BFF3373CD456256ED939904587DF26664C07E0FBFECB", "F06557E676BEE33840ABDCBC8B63800AEF257D21E96813D19608264A0DF5ED04", "F0724B3A07EDFBE8BF858B3835F24951F3E2D45ED803AC17753BAF29F3496A76", "F081AA9E389DA8704A0ED815A4AEB867FF005489C1596C9B9CD8696FCA6AB63C", "F0D697BCEF4A8A1CF04A7209C24CFB2E3B80AA3B9D8BB629D8DCBD87B58FB387", "F10B278BFBFA868C361722B3DE18CDFFBEA415174A88751DEB4AB93FA4D5705C", "F15BA9EC0C1FC4624C7DDC90D046A7A3558B86CF13B121A8778B5BA8562491DC", "F1EC5D4551244A16FA4089F1A2978123216790C3873FA1FE248F1579895E1483", "F25C666AE48D116DD1D8D1489B3995218833EF54F1026C5DFD308D6F6327D931", "F293446F75F021489126D60AE731B014159645F8958814B4AE0BC8129DFFFB9F", "F2B5FC4B16B8B1778857D12D13BA11D80A90DA135717E43F7D2D3D2937CD8DCB", "F2BA717220AF86DFDA34E3C889BE92B672CF072FD97A6D1C67429E982D684361", "F34BA5EF66F896A8B578D07B5D4033AC7C037D5A0CAA94F8B75F28F292C77369", "F43AC4AD74C202F4FEB76EA0BC3429642A773A92CA519668F55C67ABFA59AEB0", "F46CADA935BAB7CB2109AA0785089017604AD7EAC5A1D830D4321BAF92856A7C", "F4B9D71D3FABEC6658928AA2A337B66B863636EDAA889DCF19CDC196449826D5", "F589C8EE8B85031A0437FA4B9B5223B171B8C93F2A8436F0B7911CEA6E3E4207", "F5F92012EC197E41A09FA1E29EFD40206F5120FD7D233E54F0AB69B55B9D3DDF", "F5FE69C711C352F19B25282CC284084A78FE3478FA6E88CE4A5FADA3AE8C466F", "F62105F81141CDEB3DFFD1F9477D41B2397FCACB19F1417F54D9BA82EB281648", "F6932FFA729B316CDBF1B06D2938B9D53FBCB3E73735DBB2B0ECB271EC493B76", "F6C2D7B519A05770991554475891717CAC8A17440E6CE3D0FD4BCFA2DABBDF41", "F6F81EC2A93E77E4D599C827E29E48EFC512C7EB406ED8ADA47D239D81A82F3B", "F713D909A314116D26B3223AC74DB2A12F255E8CD10396BE95E0FAE7DEBD27FB", "F740A49083E598F5C61454D5FE2852EC2DAF253C768CB7F35E6A3DC564290AB7", "F85FD0673B0A582E05FC6637434BB9C2F31E8D3595AAF3A28DEFC1CEBC9B8BF7", "F976E6D48149579C30755509014967F1B6A7163FEAAB9453EBE9572696C3DDDD", "FB20F052B3970A92A99B5F6099486D3A517E17CC9E48FB0EDC62029830F2CAC6", "FB301BD274079F5B2C88A19B0C86981A277D606738CBEB57758A65ED178BA0FC", "FB50FC72D1ADF03C64135E473D71F8FDDDF0FBB202D69511A7EA94874CC168D1", "FB85CEEAD8C48AF70AA7AD629250F45A6ACA126505AA16EF4F81388630286AF3", "FBB20EF2701DFFD146E4827E31BFFA89402D63C4F53B543C5F064479229194EF", "FC2BEDDC9B0A20E14CE30F6B90D14256565AADCC69A534CA0557D8F35594D108", "FC5432554321062F7980E7F32E434446E2B7BB8C9560215C6162A9D3DF6BA6A8", "FCB8784563B363733400795F7607973D06D1738FB91A1E56DC327054442D1148", "FCE59DFD42E59BD7167FAF3866E489EED4113CD69D8279859881BE9C677B99EE", "FD48BA74DC3A1C3984E282E9336A9AAC5D63A6863D7227C72593B2FEC3CC6C79", "FD5117210C2F203C26C62ABB3038601BE66CC50E434B762331873254C1B3BDA3", "FD54ED57D0984C8885C877F9181732A5619A1E525F7855FB4A72EC63053B7375", "FD89F92B8829CE7392B47C0ED84C6AFC3595DB7DDA24639A8AB325F2C83DE0D3", "FD98647DA723C33CDEC38C52B57AE83B49EBDE217212120E05428E998223B712", "FDF6E8F7CD2218245453540A985C40ED7D9C20F3F61D50E98DA8EC923B1A387A", "FEDCA267965BBB9468CAE56A08FFCE9E72E44378F7136A8300FF61E129DBD9CE", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "ics", "idList": ["ICSA-18-212-04", "ICSA-19-024-02", "ICSA-19-253-03", "ICSA-21-159-08", "ICSA-22-097-01", "ICSMA-20-170-06", "ICSMA-21-187-01"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "jvn", "idList": ["JVN:14876762", "JVN:89379547"]}, {"type": "kaspersky", "idList": ["KLA11236", "KLA11339", "KLA11403", "KLA11470"]}, {"type": "kitploit", "idList": ["KITPLOIT:5327440096042512502", "KITPLOIT:5420210148456420402"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-INTEL-PROSETWIRELESS-WIFI-SOFTWARE-VULNERABILITIES-NOSID", "LENOVO:PS500190-NOSID", "LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2013-0199", "MGASA-2014-0100", "MGASA-2014-0109", "MGASA-2014-0110", "MGASA-2014-0348", "MGASA-2014-0557", "MGASA-2015-0392", "MGASA-2016-0012", "MGASA-2016-0164", "MGASA-2016-0260", "MGASA-2017-0405", "MGASA-2018-0190", "MGASA-2018-0257", "MGASA-2018-0301", "MGASA-2018-0306", "MGASA-2018-0339", "MGASA-2018-0365", "MGASA-2018-0417", "MGASA-2018-0418", "MGASA-2018-0419", "MGASA-2018-0437", "MGASA-2019-0038", "MGASA-2019-0071", "MGASA-2019-0107", "MGASA-2019-0155", "MGASA-2019-0171", "MGASA-2019-0172", "MGASA-2019-0195", "MGASA-2019-0196", "MGASA-2019-0197"]}, {"type": "mscve", "idList": ["MS:ADV190020"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787046", "MYHACK58:62201994611", "MYHACK58:62201995222"]}, {"type": "nessus", "idList": ["700393.PRM", "700513.PRM", "700522.PRM", "700627.PRM", "700629.PRM", "700660.PRM", "700700.PASL", "720312.PRM", "9699.PRM", "9904.PRM", "9905.PRM", "9941.PRM", "ACTIVEMQ_5_15_5.NASL", "AIX_JAVA_APR2019_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY24.NASL", "AIX_OPENSSL_ADVISORY26.NASL", "AIX_OPENSSL_ADVISORY27.NASL", "AIX_OPENSSL_ADVISORY28.NASL", "AL2_ALAS-2018-1004.NASL", "AL2_ALAS-2018-1086.NASL", "AL2_ALAS-2018-1102.NASL", "AL2_ALAS-2019-1164.NASL", "AL2_ALAS-2019-1166.NASL", "AL2_ALAS-2019-1177.NASL", "AL2_ALAS-2019-1198.NASL", "AL2_ALAS-2019-1209.NASL", "AL2_ALAS-2019-1222.NASL", "AL2_ALAS-2019-1228.NASL", "AL2_ALAS-2019-1269.NASL", "AL2_ALAS-2019-1305.NASL", "AL2_ALAS-2019-1350.NASL", "AL2_ALAS-2020-1519.NASL", "AL2_ALAS-2021-1643.NASL", "ALA_ALAS-2013-169.NASL", "ALA_ALAS-2014-312.NASL", "ALA_ALAS-2014-344.NASL", "ALA_ALAS-2014-410.NASL", "ALA_ALAS-2015-618.NASL", "ALA_ALAS-2016-736.NASL", "ALA_ALAS-2018-1000.NASL", "ALA_ALAS-2018-1065.NASL", "ALA_ALAS-2018-1069.NASL", "ALA_ALAS-2018-1070.NASL", "ALA_ALAS-2018-1086.NASL", "ALA_ALAS-2018-1098.NASL", "ALA_ALAS-2018-1102.NASL", "ALA_ALAS-2019-1177.NASL", "ALA_ALAS-2019-1180.NASL", "ALA_ALAS-2019-1222.NASL", "ALA_ALAS-2019-1266.NASL", "ALA_ALAS-2019-1286.NASL", "ALA_ALAS-2020-1355.NASL", "ALA_ALAS-2020-1422.NASL", "APACHE_CASSANDRA_RMI_ID_2020.NASL", "ARISTA_CVP_SA0041.NASL", "ARISTA_EOS_SA0041.NASL", "ARTIFACTORY_3_1_1_1.NASL", "ARUBAOS-CX_ARUBA-PSA-2020-010.NASL", "CENTOS8_RHSA-2019-0990.NASL", "CENTOS8_RHSA-2019-1479.NASL", "CENTOS8_RHSA-2019-1518.NASL", "CENTOS8_RHSA-2020-4670.NASL", "CENTOS8_RHSA-2020-4847.NASL", "CENTOS_RHSA-2013-0270.NASL", "CENTOS_RHSA-2014-0429.NASL", "CENTOS_RHSA-2014-0865.NASL", "CENTOS_RHSA-2014-1146.NASL", "CENTOS_RHSA-2014-1166.NASL", "CENTOS_RHSA-2015-2521.NASL", "CENTOS_RHSA-2015-2522.NASL", "CENTOS_RHSA-2015-2671.NASL", "CENTOS_RHSA-2016-2599.NASL", "CENTOS_RHSA-2018-1854.NASL", "CENTOS_RHSA-2018-3083.NASL", "CENTOS_RHSA-2018-3090.NASL", "CENTOS_RHSA-2018-3221.NASL", "CENTOS_RHSA-2018-3651.NASL", "CENTOS_RHSA-2019-0109.NASL", "CENTOS_RHSA-2019-0163.NASL", "CENTOS_RHSA-2019-0368.NASL", "CENTOS_RHSA-2019-0416.NASL", "CENTOS_RHSA-2019-0436.NASL", "CENTOS_RHSA-2019-0462.NASL", "CENTOS_RHSA-2019-0464.NASL", "CENTOS_RHSA-2019-0774.NASL", "CENTOS_RHSA-2019-0775.NASL", "CENTOS_RHSA-2019-0778.NASL", "CENTOS_RHSA-2019-0790.NASL", "CENTOS_RHSA-2019-0791.NASL", "CENTOS_RHSA-2019-1481.NASL", "CENTOS_RHSA-2019-1488.NASL", "CENTOS_RHSA-2019-2052.NASL", "CENTOS_RHSA-2019-2237.NASL", "CENTOS_RHSA-2020-3936.NASL", "CHECK_POINT_GAIA_SK156192.NASL", "CISCO_CUCM_CSCUX34835.NASL", "CISCO_PRIME_LMS_JAVA_DESER.NASL", "CISCO_SECURITY_JAVA_DESER.NASL", "CLOUDBEES_SECURITY_ADVISORY_2021-10-06.NASL", "DEBIAN_DLA-1157.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DLA-1405.NASL", "DEBIAN_DLA-1449.NASL", "DEBIAN_DLA-1531.NASL", "DEBIAN_DLA-1601.NASL", "DEBIAN_DLA-1638.NASL", "DEBIAN_DLA-1684.NASL", "DEBIAN_DLA-1732.NASL", "DEBIAN_DLA-1771.NASL", "DEBIAN_DLA-1782.NASL", "DEBIAN_DLA-1823.NASL", "DEBIAN_DLA-1824.NASL", "DEBIAN_DLA-1862.NASL", "DEBIAN_DLA-222.NASL", "DEBIAN_DLA-322.NASL", "DEBIAN_DLA-504.NASL", "DEBIAN_DLA-528.NASL", "DEBIAN_DLA-529.NASL", "DEBIAN_DLA-930.NASL", "DEBIAN_DSA-2856.NASL", "DEBIAN_DSA-2897.NASL", "DEBIAN_DSA-3503.NASL", "DEBIAN_DSA-3575.NASL", "DEBIAN_DSA-3609.NASL", "DEBIAN_DSA-3611.NASL", "DEBIAN_DSA-3614.NASL", "DEBIAN_DSA-3841.NASL", "DEBIAN_DSA-4017.NASL", "DEBIAN_DSA-4018.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "DEBIAN_DSA-4231.NASL", "DEBIAN_DSA-4308.NASL", "DEBIAN_DSA-4347.NASL", "DEBIAN_DSA-4348.NASL", "DEBIAN_DSA-4355.NASL", "DEBIAN_DSA-4393.NASL", "DEBIAN_DSA-4410.NASL", "DEBIAN_DSA-4453.NASL", "DEBIAN_DSA-4465.NASL", "DEBIAN_DSA-4484.NASL", "DOMINO_SWG21992835.NASL", "EULEROS_SA-2016-1054.NASL", "EULEROS_SA-2018-1085.NASL", "EULEROS_SA-2018-1214.NASL", "EULEROS_SA-2018-1246.NASL", "EULEROS_SA-2018-1306.NASL", "EULEROS_SA-2018-1382.NASL", "EULEROS_SA-2018-1383.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2018-1420.NASL", "EULEROS_SA-2018-1432.NASL", "EULEROS_SA-2019-1009.NASL", "EULEROS_SA-2019-1028.NASL", "EULEROS_SA-2019-1039.NASL", "EULEROS_SA-2019-1076.NASL", "EULEROS_SA-2019-1084.NASL", "EULEROS_SA-2019-1099.NASL", "EULEROS_SA-2019-1107.NASL", "EULEROS_SA-2019-1115.NASL", "EULEROS_SA-2019-1128.NASL", "EULEROS_SA-2019-1131.NASL", "EULEROS_SA-2019-1139.NASL", "EULEROS_SA-2019-1140.NASL", "EULEROS_SA-2019-1153.NASL", "EULEROS_SA-2019-1164.NASL", "EULEROS_SA-2019-1182.NASL", "EULEROS_SA-2019-1185.NASL", "EULEROS_SA-2019-1187.NASL", "EULEROS_SA-2019-1196.NASL", "EULEROS_SA-2019-1201.NASL", "EULEROS_SA-2019-1238.NASL", "EULEROS_SA-2019-1239.NASL", "EULEROS_SA-2019-1244.NASL", "EULEROS_SA-2019-1253.NASL", "EULEROS_SA-2019-1256.NASL", "EULEROS_SA-2019-1299.NASL", "EULEROS_SA-2019-1300.NASL", "EULEROS_SA-2019-1301.NASL", "EULEROS_SA-2019-1303.NASL", "EULEROS_SA-2019-1305.NASL", "EULEROS_SA-2019-1306.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-1401.NASL", "EULEROS_SA-2019-1412.NASL", "EULEROS_SA-2019-1464.NASL", "EULEROS_SA-2019-1468.NASL", "EULEROS_SA-2019-1486.NASL", "EULEROS_SA-2019-1511.NASL", "EULEROS_SA-2019-1512.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1539.NASL", "EULEROS_SA-2019-1546.NASL", "EULEROS_SA-2019-1585.NASL", "EULEROS_SA-2019-1589.NASL", "EULEROS_SA-2019-1628.NASL", "EULEROS_SA-2019-1639.NASL", "EULEROS_SA-2019-1643.NASL", "EULEROS_SA-2019-1672.NASL", "EULEROS_SA-2019-1692.NASL", "EULEROS_SA-2019-1702.NASL", "EULEROS_SA-2019-1717.NASL", "EULEROS_SA-2019-1745.NASL", "EULEROS_SA-2019-1759.NASL", "EULEROS_SA-2019-1792.NASL", "EULEROS_SA-2019-1903.NASL", "EULEROS_SA-2019-2007.NASL", "EULEROS_SA-2019-2027.NASL", "EULEROS_SA-2019-2175.NASL", "EULEROS_SA-2019-2246.NASL", "EULEROS_SA-2019-2397.NASL", "EULEROS_SA-2019-2509.NASL", "EULEROS_SA-2019-2518.NASL", "EULEROS_SA-2020-1109.NASL", "EULEROS_SA-2020-1252.NASL", "EULEROS_SA-2020-1396.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2020-1651.NASL", "EULEROS_SA-2020-1754.NASL", "EULEROS_SA-2021-1221.NASL", "EULEROS_SA-2021-1506.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "F5_BIGIP_SOL15189.NASL", "F5_BIGIP_SOL21665601.NASL", "F5_BIGIP_SOL26618426.NASL", "F5_BIGIP_SOL28241423.NASL", "F5_BIGIP_SOL35421172.NASL", "F5_BIGIP_SOL62532311.NASL", "F5_BIGIP_SOL78234183.NASL", "FEDORA_2013-1189.NASL", "FEDORA_2013-1203.NASL", "FEDORA_2013-1289.NASL", "FEDORA_2014-2175.NASL", "FEDORA_2014-2183.NASL", "FEDORA_2014-2340.NASL", "FEDORA_2014-2372.NASL", "FEDORA_2014-9539.NASL", "FEDORA_2014-9581.NASL", "FEDORA_2014-9617.NASL", "FEDORA_2014-9629.NASL", "FEDORA_2015-15588.NASL", "FEDORA_2015-15589.NASL", "FEDORA_2015-15590.NASL", "FEDORA_2016-0A4DCCDD23.NASL", "FEDORA_2016-175B56BB05.NASL", "FEDORA_2016-250042B8A6.NASL", "FEDORA_2016-2B0C16FD82.NASL", "FEDORA_2016-DE909CC333.NASL", "FEDORA_2016-F4A443888B.NASL", "FEDORA_2017-4CF72E2C11.NASL", "FEDORA_2017-512A6C5AAE.NASL", "FEDORA_2017-55A3247CFD.NASL", "FEDORA_2017-7F30914972.NASL", "FEDORA_2017-DBEC196DD8.NASL", "FEDORA_2018-02A38AF202.NASL", "FEDORA_2018-03A6606CB5.NASL", "FEDORA_2018-0EDB45D9DB.NASL", "FEDORA_2018-1B4F1158E2.NASL", "FEDORA_2018-1EA5BEB4CF.NASL", "FEDORA_2018-2F696A3BE3.NASL", "FEDORA_2018-39E0872379.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-49651B2236.NASL", "FEDORA_2018-520E4C5B4E.NASL", "FEDORA_2018-5453BAA4AF.NASL", "FEDORA_2018-6788454AB6.NASL", "FEDORA_2018-76AFAF1961.NASL", "FEDORA_2018-7A62047E30.NASL", "FEDORA_2018-9490B422E7.NASL", "FEDORA_2018-98AB6B4E56.NASL", "FEDORA_2018-9D667BDFF8.NASL", "FEDORA_2018-9DBE983805.NASL", "FEDORA_2018-C0A1284064.NASL", "FEDORA_2018-CA03363D57.NASL", "FEDORA_2018-EAA7DE17AE.NASL", "FEDORA_2019-00C25B9379.NASL", "FEDORA_2019-2DAB60E288.NASL", "FEDORA_2019-6C3D89B3D0.NASL", "FEDORA_2019-8434288A24.NASL", "FEDORA_2019-914542E05C.NASL", "FEDORA_2019-9A0A7C0986.NASL", "FEDORA_2019-A8FFCFF7EE.NASL", "FEDORA_2019-DB06EFDEA1.NASL", "FREEBSD_PKG_0904E81FA89D11E8AFBBBC5FF4F77B71.NASL", "FREEBSD_PKG_3E0507C6961411E3B3A500E0814CAB4E.NASL", "FREEBSD_PKG_416CA0F43FE011E9BBDD6805CA0B3D42.NASL", "FREEBSD_PKG_53CAF29B918011EDACBEB42E991FC52E.NASL", "FREEBSD_PKG_61B8C3594AAB11E6A7BD14DAE9D210B8.NASL", "FREEBSD_PKG_8F353420419711E88777B499BAEBFEAF.NASL", "FREEBSD_PKG_909BE51B9B3B11E8ADD2B499BAEBFEAF.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_9B5162DE6F3911E8818EE8E0B747A45A.NASL", "FREEBSD_PKG_9BAD457EB3964452877315BEC67E1CEB.NASL", "FREEBSD_PKG_AC18046C9B0811E68011005056925DB4.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "FREEBSD_PKG_C82ECAC56E3F11E88777B499BAEBFEAF.NASL", "FREEBSD_PKG_CBCEEB493BC711E68E82002590263BF5.NASL", "FREEBSD_PKG_D70C9E18F34011E8BE460019DBB15B3F.NASL", "FREEBSD_PKG_ED8D5535CA7811E9980B999FF59C22EA.NASL", "FREEBSD_PKG_F40F07AAC00F11E7AC58B499BAEBFEAF.NASL", "GENTOO_GLSA-201412-29.NASL", "GENTOO_GLSA-201612-35.NASL", "GENTOO_GLSA-201705-09.NASL", "GENTOO_GLSA-201712-03.NASL", "GENTOO_GLSA-201811-03.NASL", "GENTOO_GLSA-201811-21.NASL", "GENTOO_GLSA-201903-07.NASL", "GENTOO_GLSA-201903-14.NASL", "GENTOO_GLSA-201908-10.NASL", "GENTOO_GLSA-201909-01.NASL", "GENTOO_GLSA-202007-53.NASL", "GENTOO_GLSA-202107-37.NASL", "GENTOO_GLSA-202107-39.NASL", "GLASSFISH_CPU_OCT_2017.NASL", "IBM_JAVA_2019_01_15.NASL", "IBM_JAVA_2019_03_01.NASL", "IBM_JAVA_2019_04_01.NASL", "IBM_JAVA_2019_04_16.NASL", "IBM_TEM_9_5_10.NASL", "IBM_TEM_9_5_12.NASL", "JBOSS_JAVA_SERIALIZE.NASL", "JENKINS_1_551.NASL", "JENKINS_2_315.NASL", "JENKINS_4_8_3.NASL", "JFROG_ARTIFACTORY_7_10_1.NASL", "JQUERY_1_9_0.NASL", "JQUERY_3_0_0.NASL", "JUNIPER_JSA10919.NASL", "JUNIPER_NSM_JSA10851.NASL", "JUNIPER_SPACE_JSA_10838.NASL", "LCE_5_1_1.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "MACOS_10_14_4.NASL", "MACOS_SECUPD_10_12_6_2019-002.NASL", "MACOS_SECUPD_10_13_6_2019-002.NASL", "MANDRIVA_MDVSA-2014-056.NASL", "MANDRIVA_MDVSA-2015-084.NASL", "MYSQL_5_6_41_RPM.NASL", "MYSQL_5_7_23.NASL", "MYSQL_5_7_23_RPM.NASL", "MYSQL_8_0_12.NASL", "MYSQL_8_0_12_RPM.NASL", "MYSQL_ENTERPRISE_MONITOR_2_3_17.NASL", "MYSQL_ENTERPRISE_MONITOR_3_0_11.NASL", "MYSQL_ENTERPRISE_MONITOR_3_1_6_7959.NASL", "MYSQL_ENTERPRISE_MONITOR_3_2_2_1075.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "MYSQL_ENTERPRISE_MONITOR_3_4_8.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_14.NASL", "NESSUS_TNS_2018_14.NASL", "NESSUS_TNS_2018_17.NASL", "NEWSTART_CGSL_NS-SA-2019-0053_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0054_PERL.NASL", "NEWSTART_CGSL_NS-SA-2019-0055_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0057_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0057_SYSTEMD.NASL", "NEWSTART_CGSL_NS-SA-2019-0058_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0065_OPENSSL.NASL", "NEWSTART_CGSL_NS-SA-2019-0066_OVMF.NASL", "NEWSTART_CGSL_NS-SA-2019-0070_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0074_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0090_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0093_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0148_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0154_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0157_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0162_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0162_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0165_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0165_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0168_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0185_LIBJPEG-TURBO.NASL", "NEWSTART_CGSL_NS-SA-2019-0193_NSS.NASL", "NEWSTART_CGSL_NS-SA-2019-0227_LIBJPEG-TURBO.NASL", "NEWSTART_CGSL_NS-SA-2019-0236_NSS.NASL", "NEWSTART_CGSL_NS-SA-2021-0045_IPA.NASL", "NEWSTART_CGSL_NS-SA-2021-0171_IPA.NASL", "NODEJS_2018_AUG.NASL", "NUTANIX_NXSA-AOS-5_10_9.NASL", "NUTANIX_NXSA-AOS-5_11_2.NASL", "NUTANIX_NXSA-AOS-5_16.NASL", "OPENJDK_2019-04-16.NASL", "OPENSSL_1_0_2M.NASL", "OPENSSL_1_0_2O.NASL", "OPENSSL_1_0_2P.NASL", "OPENSSL_1_1_0G.NASL", "OPENSSL_1_1_0H.NASL", "OPENSSL_1_1_0I.NASL", "OPENSUSE-2013-161.NASL", "OPENSUSE-2013-304.NASL", "OPENSUSE-2013-305.NASL", "OPENSUSE-2014-297.NASL", "OPENSUSE-2014-298.NASL", "OPENSUSE-2016-1015.NASL", "OPENSUSE-2016-1056.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2018-1041.NASL", "OPENSUSE-2018-1047.NASL", "OPENSUSE-2018-1091.NASL", "OPENSUSE-2018-1109.NASL", "OPENSUSE-2018-1110.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2018-116.NASL", "OPENSUSE-2018-1184.NASL", "OPENSUSE-2018-1330.NASL", "OPENSUSE-2018-1595.NASL", "OPENSUSE-2018-1618.NASL", "OPENSUSE-2018-292.NASL", "OPENSUSE-2018-361.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-704.NASL", "OPENSUSE-2018-763.NASL", "OPENSUSE-2018-769.NASL", "OPENSUSE-2018-777.NASL", "OPENSUSE-2018-795.NASL", "OPENSUSE-2018-807.NASL", "OPENSUSE-2018-823.NASL", "OPENSUSE-2018-844.NASL", "OPENSUSE-2018-938.NASL", "OPENSUSE-2018-991.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-1029.NASL", "OPENSUSE-2019-1039.NASL", "OPENSUSE-2019-1327.NASL", "OPENSUSE-2019-1399.NASL", "OPENSUSE-2019-1438.NASL", "OPENSUSE-2019-1439.NASL", "OPENSUSE-2019-1450.NASL", "OPENSUSE-2019-1500.NASL", "OPENSUSE-2019-152.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-161.NASL", "OPENSUSE-2019-255.NASL", "OPENSUSE-2019-268.NASL", "OPENSUSE-2019-346.NASL", "OPENSUSE-2019-540.NASL", "OPENSUSE-2019-549.NASL", "OPENSUSE-2019-550.NASL", "OPENSUSE-2019-563.NASL", "OPENSUSE-2019-718.NASL", "OPENSUSE-2019-751.NASL", "OPENSUSE-2019-753.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2019-863.NASL", "OPENSUSE-2020-1873.NASL", "OPENSUSE-2020-1875.NASL", "OPENSUSE-2020-395.NASL", "ORACLELINUX_ELSA-2013-0270.NASL", "ORACLELINUX_ELSA-2014-0429.NASL", "ORACLELINUX_ELSA-2014-0865.NASL", "ORACLELINUX_ELSA-2014-1146.NASL", "ORACLELINUX_ELSA-2014-1166.NASL", "ORACLELINUX_ELSA-2015-2521.NASL", "ORACLELINUX_ELSA-2015-2522.NASL", "ORACLELINUX_ELSA-2015-2671.NASL", "ORACLELINUX_ELSA-2016-2599.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-3083.NASL", "ORACLELINUX_ELSA-2018-3090.NASL", "ORACLELINUX_ELSA-2018-3221.NASL", "ORACLELINUX_ELSA-2018-3651.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLELINUX_ELSA-2018-4248.NASL", "ORACLELINUX_ELSA-2018-4249.NASL", "ORACLELINUX_ELSA-2019-0109.NASL", "ORACLELINUX_ELSA-2019-0163.NASL", "ORACLELINUX_ELSA-2019-0368.NASL", "ORACLELINUX_ELSA-2019-0416.NASL", "ORACLELINUX_ELSA-2019-0435.NASL", "ORACLELINUX_ELSA-2019-0436.NASL", "ORACLELINUX_ELSA-2019-0462.NASL", "ORACLELINUX_ELSA-2019-0464.NASL", "ORACLELINUX_ELSA-2019-0774.NASL", "ORACLELINUX_ELSA-2019-0775.NASL", "ORACLELINUX_ELSA-2019-0778.NASL", "ORACLELINUX_ELSA-2019-0790.NASL", "ORACLELINUX_ELSA-2019-0791.NASL", "ORACLELINUX_ELSA-2019-0990.NASL", "ORACLELINUX_ELSA-2019-1146.NASL", "ORACLELINUX_ELSA-2019-1479.NASL", "ORACLELINUX_ELSA-2019-1481.NASL", "ORACLELINUX_ELSA-2019-1488.NASL", "ORACLELINUX_ELSA-2019-1518.NASL", "ORACLELINUX_ELSA-2019-4570.NASL", "ORACLELINUX_ELSA-2019-4575.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2019-4684.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLELINUX_ELSA-2019-4686.NASL", "ORACLELINUX_ELSA-2019-4689.NASL", "ORACLELINUX_ELSA-2019-4850.NASL", "ORACLELINUX_ELSA-2021-9534.NASL", "ORACLEVM_OVMSA-2019-0009.NASL", "ORACLEVM_OVMSA-2019-0024.NASL", "ORACLEVM_OVMSA-2019-0026.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLEVM_OVMSA-2021-0036.NASL", "ORACLE_BI_PUBLISHER_APR_2018_CPU.NASL", "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "ORACLE_BI_PUBLISHER_JUL_2017_CPU.NASL", "ORACLE_BI_PUBLISHER_JUL_2019_CPU.NASL", "ORACLE_BI_PUBLISHER_OCT_2019_CPU.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2018.NASL", "ORACLE_EIDS_CPU_OCT_2014.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2020_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_JAN_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OCT_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_GOLDENGATE_CPU_OCT_2021.NASL", "ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL", "ORACLE_IDENTITY_MANAGEMENT_CPU_JAN_2018.NASL", "ORACLE_JAVA_CPU_APR_2019.NASL", "ORACLE_JAVA_CPU_APR_2019_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2019.NASL", "ORACLE_JAVA_CPU_JAN_2019_UNIX.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "ORACLE_OATS_CPU_APR_2016.NASL", "ORACLE_OATS_CPU_JAN_2019.NASL", "ORACLE_OATS_CPU_JUL_2019.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2020.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2018.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2019.NASL", "ORACLE_RDBMS_CPU_JUL_2020.NASL", "ORACLE_RDBMS_CPU_OCT_2014.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2018_CPU.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JUL_2018_CPU.NASL", "ORACLE_TUXEDO_CPU_JUL_2018.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2019.NBIN", "ORACLE_WEBCENTER_SITES_APR_2015_CPU.NASL", "ORACLE_WEBCENTER_SITES_APR_2017_CPU.NASL", "ORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL", "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2016.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2019.NASL", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PALO_ALTO_PAN-SA-2019-0013.NASL", "PFSENSE_SA-17_07.NASL", "PHOTONOS_PHSA-2017-0042.NASL", "PHOTONOS_PHSA-2017-0042_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0132.NASL", "PHOTONOS_PHSA-2018-1_0-0132_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0149.NASL", "PHOTONOS_PHSA-2018-1_0-0149_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0175_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0182.NASL", "PHOTONOS_PHSA-2018-1_0-0182_LIBGCRYPT.NASL", "PHOTONOS_PHSA-2018-2_0-0042.NASL", "PHOTONOS_PHSA-2018-2_0-0042_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0078.NASL", "PHOTONOS_PHSA-2018-2_0-0078_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0084.NASL", "PHOTONOS_PHSA-2018-2_0-0084_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0091.NASL", "PHOTONOS_PHSA-2018-2_0-0091_LIBGCRYPT.NASL", "PHOTONOS_PHSA-2018-2_0-0109_LINUX.NASL", "PHOTONOS_PHSA-2019-1_0-0212_PERL.NASL", "PHOTONOS_PHSA-2019-1_0-0240_LINUX.NASL", "PHOTONOS_PHSA-2019-2_0-0135_PERL.NASL", "PHOTONOS_PHSA-2019-2_0-0165_LINUX.NASL", "PHOTONOS_PHSA-2019-3_0-0024_SYSTEMD.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0141_COMMONS.NASL", "PULSE_CONNECT_SECURE-SA44601.NASL", "PULSE_POLICY_SECURE-SA44601.NASL", "RANCHEROS_1_5_3.NASL", "REDHAT-RHSA-2013-0270.NASL", "REDHAT-RHSA-2013-0680.NASL", "REDHAT-RHSA-2014-0224.NASL", "REDHAT-RHSA-2014-0253.NASL", "REDHAT-RHSA-2014-0389.NASL", "REDHAT-RHSA-2014-0429.NASL", "REDHAT-RHSA-2014-0525.NASL", "REDHAT-RHSA-2014-0526.NASL", "REDHAT-RHSA-2014-0865.NASL", "REDHAT-RHSA-2014-1146.NASL", "REDHAT-RHSA-2014-1162.NASL", "REDHAT-RHSA-2014-1166.NASL", "REDHAT-RHSA-2014-1320.NASL", "REDHAT-RHSA-2014-1321.NASL", "REDHAT-RHSA-2014-1833.NASL", "REDHAT-RHSA-2014-1834.NASL", "REDHAT-RHSA-2014-2019.NASL", "REDHAT-RHSA-2015-0158.NASL", "REDHAT-RHSA-2015-2500.NASL", "REDHAT-RHSA-2015-2521.NASL", "REDHAT-RHSA-2015-2522.NASL", "REDHAT-RHSA-2015-2535.NASL", "REDHAT-RHSA-2015-2536.NASL", "REDHAT-RHSA-2015-2538.NASL", "REDHAT-RHSA-2015-2539.NASL", "REDHAT-RHSA-2015-2540.NASL", "REDHAT-RHSA-2015-2542.NASL", "REDHAT-RHSA-2015-2671.NASL", "REDHAT-RHSA-2016-1773.NASL", "REDHAT-RHSA-2016-2069.NASL", "REDHAT-RHSA-2016-2072.NASL", "REDHAT-RHSA-2016-2599.NASL", "REDHAT-RHSA-2016-2807.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2018-1854.NASL", "REDHAT-RHSA-2018-2552.NASL", "REDHAT-RHSA-2018-2553.NASL", "REDHAT-RHSA-2018-2948.NASL", "REDHAT-RHSA-2018-3083.NASL", "REDHAT-RHSA-2018-3090.NASL", "REDHAT-RHSA-2018-3096.NASL", "REDHAT-RHSA-2018-3221.NASL", "REDHAT-RHSA-2018-3651.NASL", "REDHAT-RHSA-2018-3666.NASL", "REDHAT-RHSA-2019-0109.NASL", "REDHAT-RHSA-2019-0163.NASL", "REDHAT-RHSA-2019-0188.NASL", "REDHAT-RHSA-2019-0367.NASL", "REDHAT-RHSA-2019-0368.NASL", "REDHAT-RHSA-2019-0416.NASL", "REDHAT-RHSA-2019-0435.NASL", "REDHAT-RHSA-2019-0436.NASL", "REDHAT-RHSA-2019-0457.NASL", "REDHAT-RHSA-2019-0461.NASL", "REDHAT-RHSA-2019-0462.NASL", "REDHAT-RHSA-2019-0464.NASL", "REDHAT-RHSA-2019-0469.NASL", "REDHAT-RHSA-2019-0472.NASL", "REDHAT-RHSA-2019-0473.NASL", "REDHAT-RHSA-2019-0474.NASL", "REDHAT-RHSA-2019-0640.NASL", "REDHAT-RHSA-2019-0774.NASL", "REDHAT-RHSA-2019-0775.NASL", "REDHAT-RHSA-2019-0778.NASL", "REDHAT-RHSA-2019-0790.NASL", "REDHAT-RHSA-2019-0791.NASL", "REDHAT-RHSA-2019-0990.NASL", "REDHAT-RHSA-2019-1146.NASL", "REDHAT-RHSA-2019-1163.NASL", "REDHAT-RHSA-2019-1164.NASL", "REDHAT-RHSA-2019-1165.NASL", "REDHAT-RHSA-2019-1166.NASL", "REDHAT-RHSA-2019-1170.NASL", "REDHAT-RHSA-2019-1190.NASL", "REDHAT-RHSA-2019-1238.NASL", "REDHAT-RHSA-2019-1297.NASL", "REDHAT-RHSA-2019-1322.NASL", "REDHAT-RHSA-2019-1325.NASL", "REDHAT-RHSA-2019-1479.NASL", "REDHAT-RHSA-2019-1480.NASL", "REDHAT-RHSA-2019-1481.NASL", "REDHAT-RHSA-2019-1482.NASL", "REDHAT-RHSA-2019-1483.NASL", "REDHAT-RHSA-2019-1484.NASL", "REDHAT-RHSA-2019-1485.NASL", "REDHAT-RHSA-2019-1486.NASL", "REDHAT-RHSA-2019-1487.NASL", "REDHAT-RHSA-2019-1488.NASL", "REDHAT-RHSA-2019-1489.NASL", "REDHAT-RHSA-2019-1490.NASL", "REDHAT-RHSA-2019-1502.NASL", "REDHAT-RHSA-2019-1518.NASL", "REDHAT-RHSA-2019-1594.NASL", "REDHAT-RHSA-2019-1602.NASL", "REDHAT-RHSA-2019-1699.NASL", "REDHAT-RHSA-2019-1711.NASL", "REDHAT-RHSA-2019-1790.NASL", "REDHAT-RHSA-2019-1942.NASL", "REDHAT-RHSA-2019-1946.NASL", "REDHAT-RHSA-2019-2052.NASL", "REDHAT-RHSA-2019-2237.NASL", "REDHAT-RHSA-2019-2400.NASL", "REDHAT-RHSA-2019-2805.NASL", "REDHAT-RHSA-2019-3932.NASL", "REDHAT-RHSA-2019-3933.NASL", "REDHAT-RHSA-2019-3967.NASL", "REDHAT-RHSA-2019-4159.NASL", "REDHAT-RHSA-2020-0174.NASL", "REDHAT-RHSA-2020-1267.NASL", "REDHAT-RHSA-2020-1345.NASL", "REDHAT-RHSA-2020-1461.NASL", "REDHAT-RHSA-2020-3936.NASL", "REDHAT-RHSA-2020-4274.NASL", "REDHAT-RHSA-2020-4670.NASL", "REDHAT-RHSA-2020-4847.NASL", "REDHAT-RHSA-2022-0055.NASL", "REDHAT-RHSA-2023-0552.NASL", "REDHAT-RHSA-2023-0553.NASL", "REDHAT-RHSA-2023-0554.NASL", "SECURITYCENTER_5_7_1_TNS_2018_12.NASL", "SECURITYCENTER_OPENSSL_1_0_2M.NASL", "SECURITYCENTER_OPENSSL_1_0_2N.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SLACKWARE_SSA_2018-164-01.NASL", "SLACKWARE_SSA_2018-226-01.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SLACKWARE_SSA_2019-169-01.NASL", "SL_20130219_JAKARTA_COMMONS_HTTPCLIENT_ON_SL5_X.NASL", "SL_20140423_TOMCAT6_ON_SL6_X.NASL", "SL_20140709_TOMCAT6_ON_SL6_X.NASL", "SL_20151130_APACHE_COMMONS_COLLECTIONS_ON_SL7_X.NASL", "SL_20151130_JAKARTA_COMMONS_COLLECTIONS_ON_SL6_X.NASL", "SL_20151221_JAKARTA_COMMONS_COLLECTIONS_ON_SL5_X.NASL", "SL_20161103_TOMCAT_ON_SL7_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SL_20181030_KERNEL_ON_SL7_X.NASL", "SL_20181030_OPENSSL_ON_SL7_X.NASL", "SL_20181030_OVMF_ON_ON_SL7_X.NASL", "SL_20181127_KERNEL_ON_SL7_X.NASL", "SL_20190122_PERL_ON_SL7_X.NASL", "SL_20190129_KERNEL_ON_SL7_X.NASL", "SL_20190221_SYSTEMD_ON_SL7_X.NASL", "SL_20190226_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190228_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190228_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190305_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190305_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20190417_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190417_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190417_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190422_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190422_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20190609_KERNEL_ON_SL6_X.NASL", "SL_20190617_KERNEL_ON_SL6_X.NASL", "SL_20190617_KERNEL_ON_SL7_X.NASL", "SL_20190806_LIBJPEG_TURBO_ON_SL7_X.NASL", "SL_20190806_NSS__NSS_SOFTOKN__NSS_UTIL__AND_NSPR_ON_SL7_X.NASL", "SL_20201001_IPA_ON_SL7_X.NASL", "STRUTS_2_3_16_1.NASL", "STRUTS_2_3_16_1_WIN_LOCAL.NASL", "STRUTS_2_3_36_FILEUPLOAD.NASL", "STRUTS_2_5_12.NASL", "SUN_JAVA_WEB_SERVER_7_0_27.NASL", "SUSE_SU-2017-2981-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2018-0002-1.NASL", "SUSE_SU-2018-0053-1.NASL", "SUSE_SU-2018-0112-1.NASL", "SUSE_SU-2018-0293-1.NASL", "SUSE_SU-2018-0785-1.NASL", "SUSE_SU-2018-0786-1.NASL", "SUSE_SU-2018-0902-1.NASL", "SUSE_SU-2018-0906-1.NASL", "SUSE_SU-2018-0925-1.NASL", "SUSE_SU-2018-0975-1.NASL", "SUSE_SU-2018-1887-1.NASL", "SUSE_SU-2018-1887-2.NASL", "SUSE_SU-2018-1968-1.NASL", "SUSE_SU-2018-1993-1.NASL", "SUSE_SU-2018-2036-1.NASL", "SUSE_SU-2018-2041-1.NASL", "SUSE_SU-2018-2072-1.NASL", "SUSE_SU-2018-2089-1.NASL", "SUSE_SU-2018-2158-1.NASL", "SUSE_SU-2018-2207-1.NASL", "SUSE_SU-2018-2452-2.NASL", "SUSE_SU-2018-2486-1.NASL", "SUSE_SU-2018-2492-1.NASL", "SUSE_SU-2018-2647-1.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2018-2796-1.NASL", "SUSE_SU-2018-2812-1.NASL", "SUSE_SU-2018-2860-1.NASL", "SUSE_SU-2018-2928-1.NASL", "SUSE_SU-2018-2928-2.NASL", "SUSE_SU-2018-2956-1.NASL", "SUSE_SU-2018-2965-1.NASL", "SUSE_SU-2018-3159-1.NASL", "SUSE_SU-2018-3171-1.NASL", "SUSE_SU-2018-3172-1.NASL", "SUSE_SU-2018-3173-1.NASL", "SUSE_SU-2018-3238-1.NASL", "SUSE_SU-2018-3265-1.NASL", "SUSE_SU-2018-3328-1.NASL", "SUSE_SU-2018-3470-1.NASL", "SUSE_SU-2018-3618-1.NASL", "SUSE_SU-2018-3689-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2018-3789-1.NASL", "SUSE_SU-2018-3864-1.NASL", "SUSE_SU-2018-4187-1.NASL", "SUSE_SU-2018-4235-1.NASL", "SUSE_SU-2018-4236-1.NASL", "SUSE_SU-2019-0095-1.NASL", "SUSE_SU-2019-0197-1.NASL", "SUSE_SU-2019-0221-1.NASL", "SUSE_SU-2019-0424-1.NASL", "SUSE_SU-2019-0425-1.NASL", "SUSE_SU-2019-0426-1.NASL", "SUSE_SU-2019-0428-1.NASL", "SUSE_SU-2019-0574-1.NASL", "SUSE_SU-2019-0585-1.NASL", "SUSE_SU-2019-0604-1.NASL", "SUSE_SU-2019-0617-1.NASL", "SUSE_SU-2019-0828-1.NASL", "SUSE_SU-2019-1052-1.NASL", "SUSE_SU-2019-1211-1.NASL", "SUSE_SU-2019-1211-2.NASL", "SUSE_SU-2019-1219-1.NASL", "SUSE_SU-2019-1265-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-1308-1.NASL", "SUSE_SU-2019-1308-2.NASL", "SUSE_SU-2019-1345-1.NASL", "SUSE_SU-2019-1364-1.NASL", "SUSE_SU-2019-1364-2.NASL", "SUSE_SU-2019-1392-1.NASL", "SUSE_SU-2019-13978-1.NASL", "SUSE_SU-2019-14044-1.NASL", "SUSE_SU-2019-14059-1.NASL", "SUSE_SU-2019-14089-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1553-1.NASL", "SUSE_SU-2019-1644-1.NASL", "SUSE_SU-2019-1668-1.NASL", "SUSE_SU-2019-1671-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-1924-1.NASL", "SUSE_SU-2019-1935-1.NASL", "SUSE_SU-2019-1948-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2264-1.NASL", "SUSE_SU-2019-2291-1.NASL", "SUSE_SU-2019-2371-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2950-1.NASL", "SUSE_SU-2020-0495-1.NASL", "SUSE_SU-2020-0737-1.NASL", "SYMANTEC_PROXY_SG_SA1462.NASL", "SYNAPSE_3_0_0.NASL", "TOMCAT_7_0_52.NASL", "TOMCAT_7_0_70.NASL", "TOMCAT_8_0_3.NASL", "UBUNTU_USN-2130-1.NASL", "UBUNTU_USN-2769-1.NASL", "UBUNTU_USN-2968-1.NASL", "UBUNTU_USN-2968-2.NASL", "UBUNTU_USN-2969-1.NASL", "UBUNTU_USN-2970-1.NASL", "UBUNTU_USN-3024-1.NASL", "UBUNTU_USN-3027-1.NASL", "UBUNTU_USN-3475-1.NASL", "UBUNTU_USN-3611-1.NASL", "UBUNTU_USN-3617-1.NASL", "UBUNTU_USN-3617-2.NASL", "UBUNTU_USN-3617-3.NASL", "UBUNTU_USN-3619-1.NASL", "UBUNTU_USN-3619-2.NASL", "UBUNTU_USN-3620-1.NASL", "UBUNTU_USN-3628-1.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3689-1.NASL", "UBUNTU_USN-3692-1.NASL", "UBUNTU_USN-3706-1.NASL", "UBUNTU_USN-3775-1.NASL", "UBUNTU_USN-3776-1.NASL", "UBUNTU_USN-3776-2.NASL", "UBUNTU_USN-3777-1.NASL", "UBUNTU_USN-3777-2.NASL", "UBUNTU_USN-3777-3.NASL", "UBUNTU_USN-3834-1.NASL", "UBUNTU_USN-3850-1.NASL", "UBUNTU_USN-3875-1.NASL", "UBUNTU_USN-3891-1.NASL", "UBUNTU_USN-3942-1.NASL", "UBUNTU_USN-3949-1.NASL", "UBUNTU_USN-3975-1.NASL", "UBUNTU_USN-4017-1.NASL", "UBUNTU_USN-4041-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2014-0007.NASL", "VIRTUALBOX_5_2_10.NASL", "VIRTUALBOX_5_2_20.NASL", "VIRTUALBOX_5_2_6.NASL", "VIRTUOZZO_VZA-2018-041.NASL", "VIRTUOZZO_VZA-2018-077.NASL", "VIRTUOZZO_VZA-2019-013.NASL", "VIRTUOZZO_VZA-2019-050.NASL", "VIRTUOZZO_VZA-2019-052.NASL", "VIRTUOZZO_VZA-2019-068.NASL", "VIRTUOZZO_VZLSA-2019-0416.NASL", "VIRTUOZZO_VZLSA-2019-0462.NASL", "VIRTUOZZO_VZLSA-2019-0464.NASL", "VIRTUOZZO_VZLSA-2019-0774.NASL", "VMWARE_ORCHESTRATOR_APPLIANCE_VMSA_2014_0007.NASL", "VMWARE_ORCHESTRATOR_VMSA_2014_0007.NASL", "VMWARE_VCENTER_VMSA-2014-0008.NASL", "VMWARE_VMSA-2014-0008.NASL", "WEBSPHERE_301027.NASL", "WEBSPHERE_547999.NASL", "WEBSPHERE_6453091.NASL", "WEBSPHERE_711867.NASL", "WEBSPHERE_7_0_0_33.NASL", "WEBSPHERE_8_0_0_9.NASL", "WEBSPHERE_8_5_5_2.NASL", "WEBSPHERE_CVE-2019-4046.NASL", "WEBSPHERE_PORTAL_8_0_0_1_CF12.NASL", "WEBSPHERE_PORTAL_8_0_0_1_CF15.NASL", "WEBSPHERE_PORTAL_CVE-2014-0050.NASL", "WEB_APPLICATION_SCANNING_112432", "WEB_APPLICATION_SCANNING_112433", "WEB_APPLICATION_SCANNING_112434", "WEB_APPLICATION_SCANNING_112435", "WEB_APPLICATION_SCANNING_112436"]}, {"type": "nodejs", "idList": ["NODEJS:330"]}, {"type": "nodejsblog", "idList": ["NODEJSBLOG:AUGUST-2018-SECURITY-RELEASES", "NODEJSBLOG:MARCH-2018-SECURITY-RELEASES", "NODEJSBLOG:OPENSSL-NOVEMBER-2017"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2017-3735", "OPENSSL:CVE-2018-0732", "OPENSSL:CVE-2018-0737", "OPENSSL:CVE-2018-0739"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310103919", "OPENVAS:1361412562310105086", "OPENVAS:1361412562310105087", "OPENVAS:1361412562310105088", "OPENVAS:1361412562310105828", "OPENVAS:1361412562310106512", "OPENVAS:1361412562310107017", "OPENVAS:1361412562310107203", "OPENVAS:1361412562310107204", "OPENVAS:1361412562310107358", "OPENVAS:1361412562310107444", "OPENVAS:1361412562310107831", "OPENVAS:1361412562310107838", "OPENVAS:1361412562310108626", "OPENVAS:1361412562310108627", "OPENVAS:1361412562310108799", "OPENVAS:1361412562310120079", "OPENVAS:1361412562310120359", "OPENVAS:1361412562310120384", "OPENVAS:1361412562310120469", "OPENVAS:1361412562310120608", "OPENVAS:1361412562310120725", "OPENVAS:1361412562310121315", "OPENVAS:1361412562310122791", "OPENVAS:1361412562310122792", "OPENVAS:1361412562310123318", "OPENVAS:1361412562310123321", "OPENVAS:1361412562310123422", "OPENVAS:1361412562310123724", "OPENVAS:1361412562310130001", "OPENVAS:1361412562310131177", "OPENVAS:1361412562310131288", "OPENVAS:1361412562310141635", "OPENVAS:1361412562310141636", "OPENVAS:1361412562310141668", "OPENVAS:1361412562310142599", "OPENVAS:1361412562310702856", "OPENVAS:1361412562310702897", "OPENVAS:1361412562310703503", "OPENVAS:1361412562310703575", "OPENVAS:1361412562310703609", "OPENVAS:1361412562310703611", "OPENVAS:1361412562310703614", "OPENVAS:1361412562310703841", "OPENVAS:1361412562310704017", "OPENVAS:1361412562310704018", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310704231", "OPENVAS:1361412562310704308", "OPENVAS:1361412562310704347", "OPENVAS:1361412562310704348", "OPENVAS:1361412562310704355", "OPENVAS:1361412562310704393", "OPENVAS:1361412562310704410", "OPENVAS:1361412562310704453", "OPENVAS:1361412562310704465", "OPENVAS:1361412562310704484", "OPENVAS:1361412562310804251", "OPENVAS:1361412562310807012", "OPENVAS:1361412562310807039", "OPENVAS:1361412562310807351", "OPENVAS:1361412562310807751", "OPENVAS:1361412562310807953", "OPENVAS:1361412562310808197", "OPENVAS:1361412562310808267", "OPENVAS:1361412562310808618", "OPENVAS:1361412562310809053", "OPENVAS:1361412562310809211", "OPENVAS:1361412562310809213", "OPENVAS:1361412562310810747", "OPENVAS:1361412562310811250", "OPENVAS:1361412562310811719", "OPENVAS:1361412562310811720", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310812641", "OPENVAS:1361412562310812642", "OPENVAS:1361412562310812643", "OPENVAS:1361412562310813153", "OPENVAS:1361412562310813154", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310813712", "OPENVAS:1361412562310813713", "OPENVAS:1361412562310814264", "OPENVAS:1361412562310814265", "OPENVAS:1361412562310814266", "OPENVAS:1361412562310814913", "OPENVAS:1361412562310814914", "OPENVAS:1361412562310814915", "OPENVAS:1361412562310814916", "OPENVAS:1361412562310815006", "OPENVAS:1361412562310815103", "OPENVAS:1361412562310815106", "OPENVAS:1361412562310841741", "OPENVAS:1361412562310842488", "OPENVAS:1361412562310842737", "OPENVAS:1361412562310842739", "OPENVAS:1361412562310842743", "OPENVAS:1361412562310842744", "OPENVAS:1361412562310842823", "OPENVAS:1361412562310842824", "OPENVAS:1361412562310843360", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310843492", "OPENVAS:1361412562310843493", "OPENVAS:1361412562310843496", "OPENVAS:1361412562310843497", "OPENVAS:1361412562310843498", "OPENVAS:1361412562310843500", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843565", "OPENVAS:1361412562310843569", "OPENVAS:1361412562310843584", "OPENVAS:1361412562310843644", "OPENVAS:1361412562310843645", "OPENVAS:1361412562310843646", "OPENVAS:1361412562310843647", "OPENVAS:1361412562310843648", "OPENVAS:1361412562310843664", "OPENVAS:1361412562310843673", "OPENVAS:1361412562310843844", "OPENVAS:1361412562310843888", "OPENVAS:1361412562310843910", "OPENVAS:1361412562310843967", "OPENVAS:1361412562310843979", "OPENVAS:1361412562310844002", "OPENVAS:1361412562310844053", "OPENVAS:1361412562310844075", "OPENVAS:1361412562310850747", "OPENVAS:1361412562310851386", "OPENVAS:1361412562310851723", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851810", "OPENVAS:1361412562310851831", "OPENVAS:1361412562310851840", "OPENVAS:1361412562310851845", "OPENVAS:1361412562310851869", "OPENVAS:1361412562310851885", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310851907", "OPENVAS:1361412562310851920", "OPENVAS:1361412562310851937", "OPENVAS:1361412562310851953", "OPENVAS:1361412562310851991", "OPENVAS:1361412562310852013", "OPENVAS:1361412562310852023", "OPENVAS:1361412562310852049", "OPENVAS:1361412562310852061", "OPENVAS:1361412562310852086", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310852207", "OPENVAS:1361412562310852216", "OPENVAS:1361412562310852279", "OPENVAS:1361412562310852281", "OPENVAS:1361412562310852324", "OPENVAS:1361412562310852325", "OPENVAS:1361412562310852348", "OPENVAS:1361412562310852473", "OPENVAS:1361412562310852501", "OPENVAS:1361412562310852515", "OPENVAS:1361412562310852516", "OPENVAS:1361412562310852518", "OPENVAS:1361412562310852541", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310852928", "OPENVAS:1361412562310853086", "OPENVAS:1361412562310865277", "OPENVAS:1361412562310865280", "OPENVAS:1361412562310865298", "OPENVAS:1361412562310867519", "OPENVAS:1361412562310867523", "OPENVAS:1361412562310867530", "OPENVAS:1361412562310867544", "OPENVAS:1361412562310868129", "OPENVAS:1361412562310868132", "OPENVAS:1361412562310868154", "OPENVAS:1361412562310868159", "OPENVAS:1361412562310869974", "OPENVAS:1361412562310869976", "OPENVAS:1361412562310870917", "OPENVAS:1361412562310871159", "OPENVAS:1361412562310871200", "OPENVAS:1361412562310871237", "OPENVAS:1361412562310871238", "OPENVAS:1361412562310871511", "OPENVAS:1361412562310871512", "OPENVAS:1361412562310871529", "OPENVAS:1361412562310871701", "OPENVAS:1361412562310871961", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310874140", "OPENVAS:1361412562310874141", "OPENVAS:1361412562310874313", "OPENVAS:1361412562310874318", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874647", "OPENVAS:1361412562310874692", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874699", "OPENVAS:1361412562310874721", "OPENVAS:1361412562310874751", "OPENVAS:1361412562310874761", "OPENVAS:1361412562310874787", "OPENVAS:1361412562310874794", "OPENVAS:1361412562310874813", "OPENVAS:1361412562310874832", "OPENVAS:1361412562310874838", "OPENVAS:1361412562310874890", "OPENVAS:1361412562310874919", "OPENVAS:1361412562310874964", "OPENVAS:1361412562310874998", "OPENVAS:1361412562310875095", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875127", "OPENVAS:1361412562310875128", "OPENVAS:1361412562310875129", "OPENVAS:1361412562310875130", "OPENVAS:1361412562310875131", "OPENVAS:1361412562310875132", "OPENVAS:1361412562310875133", "OPENVAS:1361412562310875162", "OPENVAS:1361412562310875170", "OPENVAS:1361412562310875189", "OPENVAS:1361412562310875201", "OPENVAS:1361412562310875303", "OPENVAS:1361412562310875330", "OPENVAS:1361412562310875334", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875355", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310875459", "OPENVAS:1361412562310875476", "OPENVAS:1361412562310875502", "OPENVAS:1361412562310875506", "OPENVAS:1361412562310875559", "OPENVAS:1361412562310875566", "OPENVAS:1361412562310875577", "OPENVAS:1361412562310875602", "OPENVAS:1361412562310876042", "OPENVAS:1361412562310876322", "OPENVAS:1361412562310876377", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876513", "OPENVAS:1361412562310876514", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876621", "OPENVAS:1361412562310876638", "OPENVAS:1361412562310876653", "OPENVAS:1361412562310876666", "OPENVAS:1361412562310876750", "OPENVAS:1361412562310876753", "OPENVAS:1361412562310876809", "OPENVAS:1361412562310876816", "OPENVAS:1361412562310876840", "OPENVAS:1361412562310876841", "OPENVAS:1361412562310876846", "OPENVAS:1361412562310876869", "OPENVAS:1361412562310876925", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310877052", "OPENVAS:1361412562310877058", "OPENVAS:1361412562310877070", "OPENVAS:1361412562310877283", "OPENVAS:1361412562310877370", "OPENVAS:1361412562310877476", "OPENVAS:1361412562310877540", "OPENVAS:1361412562310881604", "OPENVAS:1361412562310881927", "OPENVAS:1361412562310881960", "OPENVAS:1361412562310881999", "OPENVAS:1361412562310882000", "OPENVAS:1361412562310882002", "OPENVAS:1361412562310882010", "OPENVAS:1361412562310882333", "OPENVAS:1361412562310882981", "OPENVAS:1361412562310882994", "OPENVAS:1361412562310882997", "OPENVAS:1361412562310883009", "OPENVAS:1361412562310883012", "OPENVAS:1361412562310883015", "OPENVAS:1361412562310883016", "OPENVAS:1361412562310883018", "OPENVAS:1361412562310883039", "OPENVAS:1361412562310883040", "OPENVAS:1361412562310883041", "OPENVAS:1361412562310883042", "OPENVAS:1361412562310883043", "OPENVAS:1361412562310883065", "OPENVAS:1361412562310883066", "OPENVAS:1361412562310890930", "OPENVAS:1361412562310891330", "OPENVAS:1361412562310891405", "OPENVAS:1361412562310891449", "OPENVAS:1361412562310891531", "OPENVAS:1361412562310891601", "OPENVAS:1361412562310891638", "OPENVAS:1361412562310891684", "OPENVAS:1361412562310891732", "OPENVAS:1361412562310891771", "OPENVAS:1361412562310891782", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891862", "OPENVAS:1361412562311220161054", "OPENVAS:1361412562311220181085", "OPENVAS:1361412562311220181214", "OPENVAS:1361412562311220181246", "OPENVAS:1361412562311220181306", "OPENVAS:1361412562311220181382", "OPENVAS:1361412562311220181383", "OPENVAS:1361412562311220181392", "OPENVAS:1361412562311220181420", "OPENVAS:1361412562311220181432", "OPENVAS:1361412562311220191009", "OPENVAS:1361412562311220191028", "OPENVAS:1361412562311220191039", "OPENVAS:1361412562311220191076", "OPENVAS:1361412562311220191084", "OPENVAS:1361412562311220191099", "OPENVAS:1361412562311220191107", "OPENVAS:1361412562311220191115", "OPENVAS:1361412562311220191128", "OPENVAS:1361412562311220191131", "OPENVAS:1361412562311220191139", "OPENVAS:1361412562311220191140", "OPENVAS:1361412562311220191153", "OPENVAS:1361412562311220191164", "OPENVAS:1361412562311220191182", "OPENVAS:1361412562311220191185", "OPENVAS:1361412562311220191187", "OPENVAS:1361412562311220191196", "OPENVAS:1361412562311220191201", "OPENVAS:1361412562311220191238", "OPENVAS:1361412562311220191239", "OPENVAS:1361412562311220191244", "OPENVAS:1361412562311220191253", "OPENVAS:1361412562311220191256", "OPENVAS:1361412562311220191299", "OPENVAS:1361412562311220191300", "OPENVAS:1361412562311220191301", "OPENVAS:1361412562311220191303", "OPENVAS:1361412562311220191305", "OPENVAS:1361412562311220191306", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220191401", "OPENVAS:1361412562311220191412", "OPENVAS:1361412562311220191464", "OPENVAS:1361412562311220191468", "OPENVAS:1361412562311220191486", "OPENVAS:1361412562311220191511", "OPENVAS:1361412562311220191512", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191539", "OPENVAS:1361412562311220191546", "OPENVAS:1361412562311220191585", "OPENVAS:1361412562311220191589", "OPENVAS:1361412562311220191628", "OPENVAS:1361412562311220191639", "OPENVAS:1361412562311220191643", "OPENVAS:1361412562311220191672", "OPENVAS:1361412562311220191692", "OPENVAS:1361412562311220191702", "OPENVAS:1361412562311220191717", "OPENVAS:1361412562311220191745", "OPENVAS:1361412562311220191759", "OPENVAS:1361412562311220191792", "OPENVAS:1361412562311220191903", "OPENVAS:1361412562311220192007", "OPENVAS:1361412562311220192027", "OPENVAS:1361412562311220192175", "OPENVAS:1361412562311220192246", "OPENVAS:1361412562311220192397", "OPENVAS:1361412562311220192509", "OPENVAS:1361412562311220192518", "OPENVAS:1361412562311220201109", "OPENVAS:1361412562311220201252", "OPENVAS:1361412562311220201396", "OPENVAS:1361412562311220201452", "OPENVAS:1361412562311220201651", "OPENVAS:1361412562311220201754", "OPENVAS:702856", "OPENVAS:702897", "OPENVAS:703503", "OPENVAS:703575", "OPENVAS:703609", "OPENVAS:703611", "OPENVAS:703614", "OPENVAS:703841", "OPENVAS:841741", "OPENVAS:865277", "OPENVAS:865280", "OPENVAS:865298", "OPENVAS:867519", "OPENVAS:867523", "OPENVAS:867530", "OPENVAS:867544", "OPENVAS:870917", "OPENVAS:871159", "OPENVAS:881604", "OPENVAS:881927"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUAPR2016V3", "ORACLE:CPUAPR2017", "ORACLE:CPUAPR2018", "ORACLE:CPUAPR2019", "ORACLE:CPUAPR2020", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2015", "ORACLE:CPUJAN2016", "ORACLE:CPUJAN2017", "ORACLE:CPUJAN2018", "ORACLE:CPUJAN2019", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUJUL2016", "ORACLE:CPUJUL2017", "ORACLE:CPUJUL2018", "ORACLE:CPUJUL2019", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2015", "ORACLE:CPUOCT2016", "ORACLE:CPUOCT2017", "ORACLE:CPUOCT2018", "ORACLE:CPUOCT2019", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2013-0270", "ELSA-2014-0429", "ELSA-2014-0686", "ELSA-2014-0865", "ELSA-2014-1146", "ELSA-2014-1166", "ELSA-2015-2521", "ELSA-2015-2522", "ELSA-2015-2671", "ELSA-2016-2599", "ELSA-2017-2247", "ELSA-2018-1854", "ELSA-2018-3083", "ELSA-2018-3090", "ELSA-2018-3221", "ELSA-2018-3651", "ELSA-2018-4187", "ELSA-2018-4228", "ELSA-2018-4229", "ELSA-2018-4248", "ELSA-2018-4249", "ELSA-2018-4253", "ELSA-2018-4254", "ELSA-2018-4267", "ELSA-2019-0109", "ELSA-2019-0163", "ELSA-2019-0368", "ELSA-2019-0416", "ELSA-2019-0435", "ELSA-2019-0436", "ELSA-2019-0462", "ELSA-2019-0464", "ELSA-2019-0774", "ELSA-2019-0775", "ELSA-2019-0778", "ELSA-2019-0790", "ELSA-2019-0791", "ELSA-2019-0990", "ELSA-2019-1146", "ELSA-2019-1479", "ELSA-2019-1481", "ELSA-2019-1488", "ELSA-2019-1518", "ELSA-2019-1873", "ELSA-2019-1959", "ELSA-2019-2029", "ELSA-2019-2052", "ELSA-2019-2237", "ELSA-2019-2471", "ELSA-2019-4570", "ELSA-2019-4575", "ELSA-2019-4581", "ELSA-2019-4670", "ELSA-2019-4684", "ELSA-2019-4685", "ELSA-2019-4686", "ELSA-2019-4689", "ELSA-2019-4742", "ELSA-2019-4747", "ELSA-2019-4850", "ELSA-2020-3936", "ELSA-2020-4670", "ELSA-2020-4847", "ELSA-2021-9150", "ELSA-2021-9534"]}, {"type": "osv", "idList": ["OSV:CVE-2017-3735", "OSV:DLA-1157-1", "OSV:DLA-1330-1", "OSV:DLA-1405-1", "OSV:DLA-1449-1", "OSV:DLA-1529-1", "OSV:DLA-1531-1", "OSV:DLA-1601-1", "OSV:DLA-1638-1", "OSV:DLA-1684-1", "OSV:DLA-1732-1", "OSV:DLA-1771-1", "OSV:DLA-1782-1", "OSV:DLA-1823-1", "OSV:DLA-1824-1", "OSV:DLA-1862-1", "OSV:DLA-222-1", "OSV:DLA-322-1", "OSV:DLA-504-1", "OSV:DLA-528-1", "OSV:DLA-529-1", "OSV:DLA-930-1", "OSV:DSA-2856-1", "OSV:DSA-2897-1", "OSV:DSA-3503-1", "OSV:DSA-3575-1", "OSV:DSA-3609-1", "OSV:DSA-3611-1", "OSV:DSA-3614-1", "OSV:DSA-3841-1", "OSV:DSA-4017-1", "OSV:DSA-4018-1", "OSV:DSA-4157-1", "OSV:DSA-4158-1", "OSV:DSA-4231-1", "OSV:DSA-4308-1", "OSV:DSA-4347-1", "OSV:DSA-4348-1", "OSV:DSA-4355-1", "OSV:DSA-4393-1", "OSV:DSA-4410-1", "OSV:DSA-4453-1", "OSV:DSA-4465-1", "OSV:DSA-4484-1", "OSV:GHSA-24WW-MC5X-XC43", "OSV:GHSA-2PQJ-H3VJ-PQGW", "OSV:GHSA-2X83-R56G-CV47", "OSV:GHSA-3832-9276-X7GF", "OSV:GHSA-4CCH-WXPW-8P28", "OSV:GHSA-6HGM-866R-3CJV", "OSV:GHSA-7HWC-46RM-65JH", "OSV:GHSA-7X9J-7223-RG5M", "OSV:GHSA-CFH5-3GHH-WFJX", "OSV:GHSA-F554-X222-WGF7", "OSV:GHSA-F7F6-XRWC-9C57", "OSV:GHSA-FJQ5-5J5F-MVXH", "OSV:GHSA-FMJ5-WV96-R2CH", "OSV:GHSA-FVM3-CFVJ-GXQQ", "OSV:GHSA-GFV6-CJ92-G3HX", "OSV:GHSA-HF23-9PF7-388P", "OSV:GHSA-JFVX-7WRX-43FH", "OSV:GHSA-MW36-7C6C-Q4Q2", "OSV:GHSA-P694-23Q3-RVRC", "OSV:GHSA-RGH3-987H-WPMW", "OSV:GHSA-RMXG-73GG-4P98", "OSV:GHSA-VM69-474V-7Q2W", "OSV:GHSA-XX68-JFCG-XMMF", "OSV:PYSEC-2018-22"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:135150", "PACKETSTORM:161972"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015", "PAN-SA-2019-0013"]}, {"type": "photon", "idList": ["PHSA-2017-0008", "PHSA-2017-0095", "PHSA-2018-0042", "PHSA-2018-0076", "PHSA-2018-0078", "PHSA-2018-0084", "PHSA-2018-0091", "PHSA-2018-0109", "PHSA-2018-0132", "PHSA-2018-0149", "PHSA-2018-0175", "PHSA-2018-0182", "PHSA-2018-0190", "PHSA-2018-1.0-0132", "PHSA-2018-1.0-0149", "PHSA-2018-1.0-0175", "PHSA-2018-1.0-0182", "PHSA-2018-2.0-0042", "PHSA-2018-2.0-0078", "PHSA-2018-2.0-0085", "PHSA-2018-2.0-0091", "PHSA-2018-2.0-0109", "PHSA-2019-0002", "PHSA-2019-0003", "PHSA-2019-0014", "PHSA-2019-0021", "PHSA-2019-0024", "PHSA-2019-0135", "PHSA-2019-0159", "PHSA-2019-0165", "PHSA-2019-0171", "PHSA-2019-0205", "PHSA-2019-0212", "PHSA-2019-0232", "PHSA-2019-0240", "PHSA-2019-0248", "PHSA-2019-1.0-0212", "PHSA-2019-1.0-0240", "PHSA-2019-1.0-0248", "PHSA-2019-2.0-0135", "PHSA-2019-2.0-0159", "PHSA-2019-2.0-0165", "PHSA-2019-3.0-0002", "PHSA-2019-3.0-0003", "PHSA-2019-3.0-0014", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0024", "PHSA-2020-0084", "PHSA-2020-0141", "PHSA-2020-0235", "PHSA-2020-1.0-0290", "PHSA-2020-2.0-0235", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0141"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:36C7759879CCF63D810039DBDE053B89"]}, {"type": "redhat", "idList": ["RHSA-2013:0270", "RHSA-2013:0679", "RHSA-2013:0680", "RHSA-2013:0682", "RHSA-2013:1006", "RHSA-2013:1853", "RHSA-2014:0216", "RHSA-2014:0224", "RHSA-2014:0252", "RHSA-2014:0253", "RHSA-2014:0294", "RHSA-2014:0323", "RHSA-2014:0371", "RHSA-2014:0372", "RHSA-2014:0374", "RHSA-2014:0389", "RHSA-2014:0400", "RHSA-2014:0401", "RHSA-2014:0429", "RHSA-2014:0452", "RHSA-2014:0459", "RHSA-2014:0525", "RHSA-2014:0526", "RHSA-2014:0527", "RHSA-2014:0528", "RHSA-2014:0865", "RHSA-2014:1007", "RHSA-2014:1059", "RHSA-2014:1082", "RHSA-2014:1146", "RHSA-2014:1162", "RHSA-2014:1166", "RHSA-2014:1320", "RHSA-2014:1321", "RHSA-2014:1833", "RHSA-2014:1834", "RHSA-2014:1891", "RHSA-2014:1892", "RHSA-2014:1904", "RHSA-2014:2019", "RHSA-2015:0158", "RHSA-2015:0234", "RHSA-2015:0235", "RHSA-2015:0675", "RHSA-2015:0720", "RHSA-2015:0765", "RHSA-2015:0850", "RHSA-2015:0851", "RHSA-2015:1009", "RHSA-2015:1176", "RHSA-2015:1177", "RHSA-2015:1888", "RHSA-2015:2500", "RHSA-2015:2501", "RHSA-2015:2502", "RHSA-2015:2514", "RHSA-2015:2516", "RHSA-2015:2517", "RHSA-2015:2521", "RHSA-2015:2522", "RHSA-2015:2523", "RHSA-2015:2524", "RHSA-2015:2534", "RHSA-2015:2535", "RHSA-2015:2536", "RHSA-2015:2537", "RHSA-2015:2538", "RHSA-2015:2539", "RHSA-2015:2540", "RHSA-2015:2542", "RHSA-2015:2547", "RHSA-2015:2556", "RHSA-2015:2557", "RHSA-2015:2559", "RHSA-2015:2560", "RHSA-2015:2578", "RHSA-2015:2579", "RHSA-2015:2670", "RHSA-2015:2671", "RHSA-2016:0040", "RHSA-2016:0118", "RHSA-2016:1773", "RHSA-2016:1931", "RHSA-2016:2068", "RHSA-2016:2069", "RHSA-2016:2070", "RHSA-2016:2071", "RHSA-2016:2072", "RHSA-2016:2599", "RHSA-2016:2807", "RHSA-2016:2808", "RHSA-2016:2822", "RHSA-2016:2823", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2017:0868", "RHSA-2017:1832", "RHSA-2017:2888", "RHSA-2017:2889", "RHSA-2018:1854", "RHSA-2018:2552", "RHSA-2018:2553", "RHSA-2018:2948", "RHSA-2018:3083", "RHSA-2018:3090", "RHSA-2018:3096", "RHSA-2018:3221", "RHSA-2018:3505", "RHSA-2018:3651", "RHSA-2018:3666", "RHSA-2019:0001", "RHSA-2019:0010", "RHSA-2019:0109", "RHSA-2019:0163", "RHSA-2019:0188", "RHSA-2019:0366", "RHSA-2019:0367", "RHSA-2019:0368", "RHSA-2019:0416", "RHSA-2019:0435", "RHSA-2019:0436", "RHSA-2019:0457", "RHSA-2019:0461", "RHSA-2019:0462", "RHSA-2019:0464", "RHSA-2019:0469", "RHSA-2019:0472", "RHSA-2019:0473", "RHSA-2019:0474", "RHSA-2019:0640", "RHSA-2019:0774", "RHSA-2019:0775", "RHSA-2019:0778", "RHSA-2019:0790", "RHSA-2019:0791", "RHSA-2019:0990", "RHSA-2019:1146", "RHSA-2019:1163", "RHSA-2019:1164", "RHSA-2019:1165", "RHSA-2019:1166", "RHSA-2019:1170", "RHSA-2019:1190", "RHSA-2019:1238", "RHSA-2019:1296", "RHSA-2019:1297", "RHSA-2019:1322", "RHSA-2019:1325", "RHSA-2019:1479", "RHSA-2019:1480", "RHSA-2019:1481", "RHSA-2019:1482", "RHSA-2019:1483", "RHSA-2019:1484", "RHSA-2019:1485", "RHSA-2019:1486", "RHSA-2019:1487", "RHSA-2019:1488", "RHSA-2019:1489", "RHSA-2019:1490", "RHSA-2019:1502", "RHSA-2019:1518", "RHSA-2019:1543", "RHSA-2019:1594", "RHSA-2019:1602", "RHSA-2019:1699", "RHSA-2019:1711", "RHSA-2019:1712", "RHSA-2019:1790", "RHSA-2019:1822", "RHSA-2019:1823", "RHSA-2019:1942", "RHSA-2019:1946", "RHSA-2019:2052", "RHSA-2019:2237", "RHSA-2019:2400", "RHSA-2019:2805", "RHSA-2019:3892", "RHSA-2019:3932", "RHSA-2019:3933", "RHSA-2019:3935", "RHSA-2019:3967", "RHSA-2019:4159", "RHSA-2020:0174", "RHSA-2020:0204", "RHSA-2020:0481", "RHSA-2020:0727", "RHSA-2020:0729", "RHSA-2020:0983", "RHSA-2020:1267", "RHSA-2020:1345", "RHSA-2020:1461", "RHSA-2020:3936", "RHSA-2020:4274", "RHSA-2020:4298", "RHSA-2020:4670", "RHSA-2020:4847", "RHSA-2022:0055", "RHSA-2022:0056", "RHSA-2022:1396", "RHSA-2023:0554", "RHSA-2023:0556", "RHSA-2023:0769"]}, {"type": "redhatcve", "idList": ["RH:CVE-2012-6708", "RH:CVE-2017-1000394", "RH:CVE-2017-3735", "RH:CVE-2018-0495", "RH:CVE-2018-0732", "RH:CVE-2018-0737", "RH:CVE-2018-0739", "RH:CVE-2018-1000026", "RH:CVE-2018-1000872", "RH:CVE-2018-11212", "RH:CVE-2018-12437", "RH:CVE-2018-12547", "RH:CVE-2018-12549", "RH:CVE-2018-14633", "RH:CVE-2018-18311", "RH:CVE-2018-18559", "RH:CVE-2018-1890", "RH:CVE-2019-10173", "RH:CVE-2019-10245", "RH:CVE-2019-11477", "RH:CVE-2019-11478", "RH:CVE-2019-11479", "RH:CVE-2019-2422", "RH:CVE-2019-2426", "RH:CVE-2019-2449", "RH:CVE-2019-2602", "RH:CVE-2019-2684", "RH:CVE-2019-6454", "RH:CVE-2020-13946", "RH:CVE-2020-26258", "RH:CVE-2020-26259"]}, {"type": "rocky", "idList": ["RLSA-2020:4670", "RLSA-2020:4847"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29176", "SECURITYVULNS:DOC:30435", "SECURITYVULNS:DOC:31006", "SECURITYVULNS:DOC:32033", "SECURITYVULNS:DOC:32494", "SECURITYVULNS:DOC:32573", "SECURITYVULNS:VULN:13578", "SECURITYVULNS:VULN:13923", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14470", "SECURITYVULNS:VULN:14740", "SECURITYVULNS:VULN:14755"]}, {"type": "seebug", "idList": ["SSV:60668", "SSV:61443", "SSV:84935", "SSV:89999", "SSV:96979"]}, {"type": "slackware", "idList": ["SSA-2018-087-01", "SSA-2018-164-01", "SSA-2018-226-01", "SSA-2019-030-01", "SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2144-1", "OPENSUSE-SU-2018:0781-1", "OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:1906-1", "OPENSUSE-SU-2018:2117-1", "OPENSUSE-SU-2018:2122-1", "OPENSUSE-SU-2018:2129-1", "OPENSUSE-SU-2018:2178-1", "OPENSUSE-SU-2018:2208-1", "OPENSUSE-SU-2018:2238-1", "OPENSUSE-SU-2018:2293-1", "OPENSUSE-SU-2018:2524-1", "OPENSUSE-SU-2018:2667-1", "OPENSUSE-SU-2018:2695-1", "OPENSUSE-SU-2018:2816-1", "OPENSUSE-SU-2018:2855-1", "OPENSUSE-SU-2018:2957-1", "OPENSUSE-SU-2018:3013-1", "OPENSUSE-SU-2018:3015-1", "OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2018:3202-1", "OPENSUSE-SU-2018:4258-1", "OPENSUSE-SU-2018:4283-1", "OPENSUSE-SU-2019:0152-1", "OPENSUSE-SU-2019:0161-1", "OPENSUSE-SU-2019:0255-1", "OPENSUSE-SU-2019:0268-1", "OPENSUSE-SU-2019:0346-1", "OPENSUSE-SU-2019:1327-1", "OPENSUSE-SU-2019:1399-1", "OPENSUSE-SU-2019:1438-1", "OPENSUSE-SU-2019:1439-1", "OPENSUSE-SU-2019:1450-1", "OPENSUSE-SU-2019:1500-1", "OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "OPENSUSE-SU-2020:0395-1", "OPENSUSE-SU-2020:1873-1", "OPENSUSE-SU-2020:1875-1", "SUSE-SU-2014:0548-1", "SUSE-SU-2017:1660-1", "SUSE-SU-2017:2968-1", "SUSE-SU-2017:2981-1", "SUSE-SU-2018:0112-1", "SUSE-SU-2018:0785-1", "SUSE-SU-2018:0786-1", "SUSE-SU-2018:0902-1", "SUSE-SU-2018:0905-1", "SUSE-SU-2018:0906-1", "SUSE-SU-2018:0975-1", "SUSE-SU-2018:0986-1"]}, {"type": "symantec", "idList": ["SMNTC-104442", "SMNTC-108801", "SMNTC-1329", "SMNTC-1423", "SMNTC-1443", "SMNTC-1462", "SMNTC-1492", "SMNTC-93604"]}, {"type": "tenable", "idList": ["TENABLE:1B5802D1F3C4D2BAAD7D49F212C928A2", "TENABLE:4E674CF4B21E94DA45B8AAFFBB339230", "TENABLE:50BE3CD37FC3509DDA43C11702778C75", "TENABLE:9FBA7B0389DAB57A3AE18DB805AD608C", "TENABLE:BCE3A24CD7E9D406351C554BBB9543AC", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:90DC43ADC5123FED500235ACDF6D6277", "THN:EF08CCF54E69481550D84949A563BAD5"]}, {"type": "threatpost", "idList": ["THREATPOST:17D0F37EF6943E743BE5812F4D3D87E6", "THREATPOST:2ECE427D1900B827769D37FD86AC8265", "THREATPOST:40B4CEF304ADBCA0734F292661E7810B", "THREATPOST:71CFE98EE69CB32A2F1F115FCB3ACF21", "THREATPOST:A45826A8CDA7058392C4901D6AAD15F1"]}, {"type": "tomcat", "idList": ["TOMCAT:0771E17F0F0733FEFCB0AD32B094C50F", "TOMCAT:3433D97DD68E3E4EE81DAC140FD2AF8F", "TOMCAT:60B7F846069FB29989715E62FE185ECA", "TOMCAT:720D06DA167834DEDCCF6CCE7DD28826", "TOMCAT:7E8B1837DB1B24489FB7CEAE24C18E30", "TOMCAT:EB85C74A2FFEC0BC4964D6CF659D2F1D", "TOMCAT:F551C8E09F0122E8322CF8CB981AC710", "TOMCAT:F732146DF28A05A3F4B1EFE76B3CC81C"]}, {"type": "ubuntu", "idList": ["USN-2130-1", "USN-2769-1", "USN-2968-1", "USN-2968-2", "USN-2969-1", "USN-2970-1", "USN-3024-1", "USN-3027-1", "USN-3475-1", "USN-3611-1", "USN-3611-2", "USN-3617-1", "USN-3617-2", "USN-3617-3", "USN-3619-1", "USN-3619-2", "USN-3620-1", "USN-3620-2", "USN-3628-1", "USN-3628-2", "USN-3632-1", "USN-3689-1", "USN-3689-2", "USN-3692-1", "USN-3692-2", "USN-3706-1", "USN-3706-2", "USN-3775-1", "USN-3775-2", "USN-3776-1", "USN-3776-2", "USN-3777-1", "USN-3777-2", "USN-3777-3", "USN-3779-1", "USN-3834-1", "USN-3834-2", "USN-3850-1", "USN-3850-2", "USN-3875-1", "USN-3891-1", "USN-3942-1", "USN-3949-1", "USN-3975-1", "USN-4017-1", "USN-4017-2", "USN-4041-1", "USN-4041-2", "USN-5336-1", "USN-5497-1", "USN-5497-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5783", "UB:CVE-2012-6153", "UB:CVE-2012-6708", "UB:CVE-2013-0248", "UB:CVE-2013-7285", "UB:CVE-2014-0050", "UB:CVE-2014-3577", "UB:CVE-2014-6071", "UB:CVE-2015-4852", "UB:CVE-2015-5262", "UB:CVE-2015-7501", "UB:CVE-2015-8830", "UB:CVE-2015-9251", "UB:CVE-2016-1000031", "UB:CVE-2016-10707", "UB:CVE-2016-3092", "UB:CVE-2016-3674", "UB:CVE-2017-3735", "UB:CVE-2017-7957", "UB:CVE-2018-0495", "UB:CVE-2018-0732", "UB:CVE-2018-0737", "UB:CVE-2018-0739", "UB:CVE-2018-1000026", "UB:CVE-2018-1000872", "UB:CVE-2018-11212", "UB:CVE-2018-14633", "UB:CVE-2018-18311", "UB:CVE-2018-18559", "UB:CVE-2019-10173", "UB:CVE-2019-11477", "UB:CVE-2019-11478", "UB:CVE-2019-11479", "UB:CVE-2019-2422", "UB:CVE-2019-2426", "UB:CVE-2019-2449", "UB:CVE-2019-2602", "UB:CVE-2019-2684", "UB:CVE-2019-6454"]}, {"type": "veracode", "idList": ["VERACODE:13488", "VERACODE:19909", "VERACODE:20211", "VERACODE:20214"]}, {"type": "virtuozzo", "idList": ["VZA-2018-040", "VZA-2018-041", "VZA-2018-077", "VZA-2019-013", "VZA-2019-050", "VZA-2019-051", "VZA-2019-052", "VZA-2019-053", "VZA-2019-068"]}, {"type": "vmware", "idList": ["VMSA-2014-0007", "VMSA-2014-0007.2", "VMSA-2014-0008", "VMSA-2014-0008.2", "VMSA-2019-0010", "VMSA-2019-0010.3"]}, {"type": "zdi", "idList": ["ZDI-16-570", "ZDI-19-033"]}, {"type": "zdt", "idList": ["1337DAY-ID-21887", "1337DAY-ID-24847", "1337DAY-ID-32884", "1337DAY-ID-36032"]}]}, "score": {"value": 1.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_APR2019_ADVISORY.ASC", "OPENSSL_ADVISORY24.ASC", "OPENSSL_ADVISORY26.ASC", "OPENSSL_ADVISORY28.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:4670", "ALSA-2020:4847"]}, {"type": "amazon", "idList": ["ALAS-2018-1000", "ALAS-2018-1065", "ALAS-2018-1069", "ALAS-2018-1070", "ALAS-2018-1086", "ALAS-2019-1222", "ALAS-2020-1422", "ALAS2-2018-1086", "ALAS2-2018-1102", "ALAS2-2019-1164", "ALAS2-2019-1166", "ALAS2-2019-1177", "ALAS2-2019-1198", "ALAS2-2019-1209", "ALAS2-2019-1222", "ALAS2-2019-1228", "ALAS2-2019-1269", "ALAS2-2019-1305", "ALAS2-2019-1350", "ALAS2-2020-1519", "ALAS2-2021-1643"]}, {"type": "apple", "idList": ["APPLE:7AC1206D64FFADF7D373D56EED86A4D6", "APPLE:B7AA5B9368DE4BD135A602B017EB0259", "APPLE:HT208331", "APPLE:HT209600"]}, {"type": "archlinux", "idList": ["ASA-201711-14", "ASA-201711-15", "ASA-201712-9", "ASA-201806-10", "ASA-201902-24", "ASA-201906-12", "ASA-201906-13", "ASA-201906-14", "ASA-201910-4", "ASA-201910-5"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70929"]}, {"type": "attackerkb", "idList": ["AKB:4A2FD572-63FD-426B-8D34-A9914260EF72", "AKB:B358B251-7E9D-453E-8802-E59A3DE72FAA", "AKB:CA3F16E5-5B43-471E-A678-F1231559A5F1"]}, {"type": "avleonov", "idList": ["AVLEONOV:101A90D5F21CD7ACE01781C2913D1B6D"]}, {"type": "centos", "idList": ["CESA-2018:3651", "CESA-2019:0109", "CESA-2019:0163", "CESA-2019:0368", "CESA-2019:1481", "CESA-2019:1488"]}, {"type": "cert", "idList": ["VU:905115"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2013-2454", "CPAI-2017-0740", "CPAI-2019-0250", "CPAI-2019-1309"]}, {"type": "checkpoint_security", "idList": ["CPS:SK156192"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisco", "idList": ["CISCO-SA-20151209-JAVA-DESERIALIZATION"]}, {"type": "citrix", "idList": ["CTX256725", "CTX256918"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9", "CFOUNDRY:4B9A3BCF243ED381ED0645E905D1D406", "CFOUNDRY:5F7B0715477A47782120872F352D59E0", "CFOUNDRY:78350CC978808A6C42CDCB2451BF30F4", "CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "CFOUNDRY:9243E8457D02CBA7A3505CB1E0E03739", "CFOUNDRY:B1BFB1BD3BA9A90D6CA66F05AB2DCBAE", "CFOUNDRY:E36E8558D6E84664F9D34B4A9E5179AC"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632262317"]}, {"type": "cve", "idList": ["CVE-2012-5783", "CVE-2013-0248", "CVE-2015-6420", "CVE-2016-1000031", "CVE-2017-15708", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739", "CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-14633", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1157-1:16CF2", "DEBIAN:DLA-1330-1:A6756", "DEBIAN:DLA-1405-1:4C0C5", "DEBIAN:DLA-1449-1:EF247", "DEBIAN:DLA-1531-1:834CC", "DEBIAN:DLA-1638-1:87B2B", "DEBIAN:DLA-1684-1:394E8", "DEBIAN:DLA-1823-1:39845", "DEBIAN:DLA-1824-1:6789E", "DEBIAN:DLA-1862-1:8E150", "DEBIAN:DLA-930-1:3C143", "DEBIAN:DSA-3611-1:6D627", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-3841-1:B278A", "DEBIAN:DSA-4017-1:88D36", "DEBIAN:DSA-4018-1:01441", "DEBIAN:DSA-4157-1:5A16B", "DEBIAN:DSA-4158-1:43C61", "DEBIAN:DSA-4231-1:6B2CC", "DEBIAN:DSA-4308-1:D561A", "DEBIAN:DSA-4355-1:1415E", "DEBIAN:DSA-4393-1:211D1", "DEBIAN:DSA-4453-1:C46EE", "DEBIAN:DSA-4465-1:304F1", "DEBIAN:DSA-4484-1:9995E"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2012-6708", "DEBIANCVE:CVE-2013-0248", "DEBIANCVE:CVE-2014-6071", "DEBIANCVE:CVE-2015-9251", "DEBIANCVE:CVE-2016-10707", "DEBIANCVE:CVE-2017-7957", "DEBIANCVE:CVE-2018-0495", "DEBIANCVE:CVE-2018-0739", "DEBIANCVE:CVE-2018-11212"]}, {"type": "exploitdb", "idList": ["EDB-ID:49708"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:EB000848EE6583FA3B8F33FA4CDD34C0"]}, {"type": "f5", "idList": ["F5:K04154823", "F5:K04734219", "F5:K15364328", "F5:K17848347", "F5:K20001553", "F5:K26618426", "F5:K28241423", "F5:K35421172", "F5:K43429502", "F5:K63404203", "F5:K73540515", "F5:K75521003", "F5:K78234183", "SOL15189", "SOL15741"]}, {"type": "fedora", "idList": ["FEDORA:0240B604B381", "FEDORA:08D3760E6566", "FEDORA:10F7D6255145", "FEDORA:122AE604D3F9", "FEDORA:1EFAB60ACFB0", "FEDORA:250CB6087A80", "FEDORA:258716069A4C", "FEDORA:25BDD6190ECF", "FEDORA:277CC60874DE", "FEDORA:29049600CFF3", "FEDORA:29FCE65ECD33", "FEDORA:2D794604948D", "FEDORA:3266960F0E44", "FEDORA:3ED26601CEE3", "FEDORA:41B546014626", "FEDORA:42DA3601FD86", "FEDORA:44065605602A", "FEDORA:4832F6079717", "FEDORA:4D56F604EC0E", "FEDORA:4D5AD601FDAC", "FEDORA:50E6E6087656", "FEDORA:5D742610B071", "FEDORA:5DB9C604622A", "FEDORA:5E4536182D79", "FEDORA:60E4D618B8A2", "FEDORA:648496077DD1", "FEDORA:65B57634CA63", "FEDORA:67D5B602F037", "FEDORA:68D44601BD0C", "FEDORA:6B66A6047312", "FEDORA:6EC6360BEA04", "FEDORA:6F1BC604D0C1", "FEDORA:74245604D4DA", "FEDORA:74907604973F", "FEDORA:7640C641CB61", "FEDORA:7B564604AACC", "FEDORA:80260604817C", "FEDORA:8387C60468C7", "FEDORA:87BD56087904", "FEDORA:8B3DA601B251", "FEDORA:8D9BA60468B9", "FEDORA:8F974604E846", "FEDORA:909D360491BF", "FEDORA:95A686085F81", "FEDORA:98315602F10D", "FEDORA:9E3D9606D195", "FEDORA:AB52460321C9", "FEDORA:ACC466324C7C", "FEDORA:AEECE6075DBF", "FEDORA:AFDBD60E76E0", "FEDORA:B395E6087A9D", "FEDORA:B4E3C6062CB4", "FEDORA:B54D264CBCAC", "FEDORA:B56AC605DCD2", "FEDORA:B5C736087A8D", "FEDORA:B76DE6348980", "FEDORA:B803860875BB", "FEDORA:B98866076020", "FEDORA:BBFE360460D0", "FEDORA:BD35260BC96F", "FEDORA:BFACF60A35B3", "FEDORA:C49D061F375F", "FEDORA:C63E3604CD70", "FEDORA:C64AE6007F37", "FEDORA:D013361742CE", "FEDORA:D6CAE607A456", "FEDORA:D6F86601E6D9", "FEDORA:DEA206060997", "FEDORA:DF5176048167", "FEDORA:E6F08605DCE7", "FEDORA:E93AE6077DCD", "FEDORA:EFABA604D0DC"]}, {"type": "fortinet", "idList": ["FG-IR-18-013", "FG-IR-19-180"]}, {"type": "freebsd", "idList": ["3E0507C6-9614-11E3-B3A5-00E0814CAB4E", "8F353420-4197-11E8-8777-B499BAEBFEAF", "9442A811-DAB3-11E7-B5AF-A4BADB2F4699", "9B5162DE-6F39-11E8-818E-E8E0B747A45A", "B7CFF5A9-31CC-11E8-8F07-B499BAEBFEAF"]}, {"type": "gentoo", "idList": ["GLSA-201712-03", "GLSA-202107-37"]}, {"type": "github", "idList": ["GHSA-MHPP-875W-9CPV", "GHSA-RMXG-73GG-4P98"]}, {"type": "githubexploit", "idList": ["F67B1561-9F99-5BDE-8EDF-EA45E59D6039"]}, {"type": "hackerone", "idList": ["H1:364964"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20180613-01-OPENSSL", "HUAWEI-SA-20181212-01-CACHE"]}, {"type": "ibm", "idList": ["0A3CB536625237AF6E1A39B78799B41B9AF062894DA038E4F769071D72640FDB", "0D6741D3E748A958EDB23F61FCE87910BAE0A43DDF4467209940DCC757354B1D", "121AD16C8E6DC137F59BC7099DCBB94073B1DAF243EA01F065B73DC33C59F7CD", "22C6665D00A9702426CEE593F4765FD3CD4EE170F8AA7F50D0505C6B2799BC21", "3530DF8DA972875E9B1FD6F767CF9BCE12DD28AEEAAF4F127105D1281DCB6CC5", "41E52F75A6D7D5643A154BDF7E47439DD72AD5A21A6077C530F676B951CB6EAA", "474B001918E3BB67F19CDAEC32E64680E9B10E26675494527CA8E89563FC463A", "539FD5A344951CB3146EC1C6256AC3A91344217924BD86DB5242BF2BD9D82C91", "54FB6726805D886796865FF32608051BEE914B969DCB3300B1E662574A92A04E", "5A23BE34322F36780B2821378B1628B3331997E99E3A9C4B3B0067399EEBC3F5", "6155DCB197E0C8F981A0079215EC9D72376C81F0D5C98B713195392A9699AA19", "6DC9908A2BA9AE31D55D0175A923886E277978E74AAF349BFE61B221B1874064", "7CFB9BE2DA6D94FEBCA1C4AA8CF9F47ECB13D1F735997F5255B4A85A3E13B4E7", "859E9503503A634C300E460C2F12FCA56E167B475CCBFA01CFD35167C415E188", "86FEF5081D62A9128F5FB12EF899306F75982B448B891B793DCEFF1C2AE1C3BA", "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "A6001F6CB3771825DE3D57F508457CE779561EA49A592B0FA1556E246BA8A449", "BA26481027AF6429B5D0591E1B64697FA26DACFE8B5A520E01934500A36BAFAE", "C210DB4F68E45B14B945F03E927903ECBDD3FE9752D07BE050AA1247BFD07911", "C97A3E95675449D0B4FB3B9F03BC3D1C54EEFCAFE80A94AF2A2CBFD8347169AE", "CBA598237EC6F84B53BABD94A4C1A8896539FE5863458FA4408BD6DB2D7A57BB", "D006FC5774ADF4AA80F3952715EDDA472FE39E68ACF3E0BE82C85E08EB7037BF", "D0F90FC02DF0C56E6BD132E8B2615B5F33AB5CF670A65189CA520A94D2F35C9A", "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "D339AF4F92E6BDA2B14C46B53EEC584B9068C60D095CA91F8D91E775B6991D1D", "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2"]}, {"type": "ics", "idList": ["ICSA-19-253-03"]}, {"type": "jvn", "idList": ["JVN:14876762"]}, {"type": "kaspersky", "idList": ["KLA11236", "KLA11403"]}, {"type": "kitploit", "idList": ["KITPLOIT:5327440096042512502"]}, {"type": "lenovo", "idList": ["LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2017-3735/", "MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2018-14633/", "MSF:ILITIES/APPLE-OSX-OPENSSL-CVE-2017-3735/", "MSF:ILITIES/CENTOS_LINUX-CVE-2010-0827/", "MSF:ILITIES/CENTOS_LINUX-CVE-2018-11212/", "MSF:ILITIES/CENTOS_LINUX-CVE-2018-14633/", "MSF:ILITIES/DEBIAN-CVE-2018-14633/", "MSF:ILITIES/F5-BIG-IP-CVE-2017-3735/", "MSF:ILITIES/GENTOO-LINUX-CVE-2017-3735/", "MSF:ILITIES/HTTP-OPENSSL-CVE-2017-3735/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2017-3735/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2018-14633/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2018-14633/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP5-CVE-2017-3735/", "MSF:ILITIES/IBM-AIX-CVE-2017-3735/", "MSF:ILITIES/IBM-AIX-CVE-2018-11212/", "MSF:ILITIES/IBM-JAVA-CVE-2018-11212/", "MSF:ILITIES/JRE-VULN-CVE-2018-11212/", "MSF:ILITIES/ORACLE_LINUX-CVE-2017-3735/", "MSF:ILITIES/ORACLE_LINUX-CVE-2018-14633/", "MSF:ILITIES/REDHAT_LINUX-CVE-2017-3735/", "MSF:ILITIES/REDHAT_LINUX-CVE-2018-11212/", "MSF:ILITIES/UBUNTU-CVE-2017-3735/"]}, {"type": "mscve", "idList": ["MS:ADV190020"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994611"]}, {"type": "nessus", "idList": ["AL2_ALAS-2018-1086.NASL", "AL2_ALAS-2019-1164.NASL", "AL2_ALAS-2019-1350.NASL", "AL2_ALAS-2021-1643.NASL", "ALA_ALAS-2018-1000.NASL", "ALA_ALAS-2018-1086.NASL", "ARTIFACTORY_3_1_1_1.NASL", "ARUBAOS-CX_ARUBA-PSA-2020-010.NASL", "CENTOS_RHSA-2018-3651.NASL", "CENTOS_RHSA-2019-0109.NASL", "CENTOS_RHSA-2019-0163.NASL", "CENTOS_RHSA-2019-0368.NASL", "CISCO_PRIME_LMS_JAVA_DESER.NASL", "DEBIAN_DLA-1157.NASL", "DEBIAN_DLA-1330.NASL", "DEBIAN_DLA-1531.NASL", "DEBIAN_DLA-1638.NASL", "DEBIAN_DLA-1684.NASL", "DEBIAN_DSA-4157.NASL", "DEBIAN_DSA-4158.NASL", "DEBIAN_DSA-4231.NASL", "DEBIAN_DSA-4308.NASL", "DEBIAN_DSA-4355.NASL", "DEBIAN_DSA-4393.NASL", "EULEROS_SA-2018-1085.NASL", "EULEROS_SA-2018-1246.NASL", "EULEROS_SA-2018-1306.NASL", "EULEROS_SA-2018-1392.NASL", "EULEROS_SA-2019-1028.NASL", "EULEROS_SA-2019-1039.NASL", "EULEROS_SA-2019-2175.NASL", "EULEROS_SA-2019-2246.NASL", "EULEROS_SA-2020-1452.NASL", "EULEROS_SA-2021-1506.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "FEDORA_2016-175B56BB05.NASL", "FEDORA_2017-55A3247CFD.NASL", "FEDORA_2017-DBEC196DD8.NASL", "FEDORA_2018-02A38AF202.NASL", "FEDORA_2018-40DC8B8B16.NASL", "FEDORA_2018-6788454AB6.NASL", "FEDORA_2018-76AFAF1961.NASL", "FEDORA_2018-C0A1284064.NASL", "FEDORA_2019-8434288A24.NASL", "FEDORA_2019-A8FFCFF7EE.NASL", "FREEBSD_PKG_8F353420419711E88777B499BAEBFEAF.NASL", "FREEBSD_PKG_9442A811DAB311E7B5AFA4BADB2F4699.NASL", "FREEBSD_PKG_9B5162DE6F3911E8818EE8E0B747A45A.NASL", "FREEBSD_PKG_B7CFF5A931CC11E88F07B499BAEBFEAF.NASL", "FREEBSD_PKG_C82ECAC56E3F11E88777B499BAEBFEAF.NASL", "GENTOO_GLSA-201712-03.NASL", "MACOSX_SECUPD2017-005.NASL", "MACOS_10_13_2.NASL", "NEWSTART_CGSL_NS-SA-2019-0148_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0154_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0157_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0162_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0162_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0165_KERNEL-RT.NASL", "NEWSTART_CGSL_NS-SA-2019-0165_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0168_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0177_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0185_LIBJPEG-TURBO.NASL", "NEWSTART_CGSL_NS-SA-2019-0193_NSS.NASL", "NEWSTART_CGSL_NS-SA-2021-0045_IPA.NASL", "OPENJDK_2019-04-16.NASL", "OPENSUSE-2016-1056.NASL", "OPENSUSE-2017-1324.NASL", "OPENSUSE-2018-1041.NASL", "OPENSUSE-2018-1047.NASL", "OPENSUSE-2018-1091.NASL", "OPENSUSE-2018-1109.NASL", "OPENSUSE-2018-1110.NASL", "OPENSUSE-2018-1140.NASL", "OPENSUSE-2018-1595.NASL", "OPENSUSE-2018-389.NASL", "OPENSUSE-2018-5.NASL", "OPENSUSE-2018-997.NASL", "OPENSUSE-2019-1029.NASL", "OPENSUSE-2019-1039.NASL", "OPENSUSE-2019-1327.NASL", "OPENSUSE-2019-1399.NASL", "OPENSUSE-2019-1438.NASL", "OPENSUSE-2019-1439.NASL", "OPENSUSE-2019-1450.NASL", "OPENSUSE-2019-1500.NASL", "OPENSUSE-2019-152.NASL", "OPENSUSE-2019-1570.NASL", "OPENSUSE-2019-1571.NASL", "OPENSUSE-2019-1579.NASL", "OPENSUSE-2019-161.NASL", "OPENSUSE-2019-255.NASL", "OPENSUSE-2019-268.NASL", "OPENSUSE-2019-346.NASL", "OPENSUSE-2019-540.NASL", "OPENSUSE-2019-549.NASL", "OPENSUSE-2019-550.NASL", "OPENSUSE-2019-563.NASL", "OPENSUSE-2019-718.NASL", "OPENSUSE-2019-751.NASL", "OPENSUSE-2019-753.NASL", "OPENSUSE-2019-769.NASL", "OPENSUSE-2019-863.NASL", "OPENSUSE-2020-1873.NASL", "OPENSUSE-2020-1875.NASL", "OPENSUSE-2020-395.NASL", "ORACLELINUX_ELSA-2015-2522.NASL", "ORACLELINUX_ELSA-2018-4228.NASL", "ORACLELINUX_ELSA-2018-4248.NASL", "ORACLELINUX_ELSA-2018-4249.NASL", "ORACLELINUX_ELSA-2019-0109.NASL", "ORACLELINUX_ELSA-2019-0163.NASL", "ORACLELINUX_ELSA-2019-0368.NASL", "ORACLELINUX_ELSA-2019-0416.NASL", "ORACLELINUX_ELSA-2019-0435.NASL", "ORACLELINUX_ELSA-2019-0436.NASL", "ORACLELINUX_ELSA-2019-0462.NASL", "ORACLELINUX_ELSA-2019-0464.NASL", "ORACLELINUX_ELSA-2019-0774.NASL", "ORACLELINUX_ELSA-2019-0775.NASL", "ORACLELINUX_ELSA-2019-0778.NASL", "ORACLELINUX_ELSA-2019-0790.NASL", "ORACLELINUX_ELSA-2019-0791.NASL", "ORACLELINUX_ELSA-2019-0990.NASL", "ORACLELINUX_ELSA-2019-1146.NASL", "ORACLELINUX_ELSA-2019-1479.NASL", "ORACLELINUX_ELSA-2019-1481.NASL", "ORACLELINUX_ELSA-2019-1488.NASL", "ORACLELINUX_ELSA-2019-1518.NASL", "ORACLELINUX_ELSA-2019-4570.NASL", "ORACLELINUX_ELSA-2019-4575.NASL", "ORACLELINUX_ELSA-2019-4670.NASL", "ORACLELINUX_ELSA-2019-4684.NASL", "ORACLELINUX_ELSA-2019-4685.NASL", "ORACLELINUX_ELSA-2019-4686.NASL", "ORACLELINUX_ELSA-2019-4689.NASL", "ORACLEVM_OVMSA-2019-0009.NASL", "ORACLEVM_OVMSA-2019-0026.NASL", "ORACLEVM_OVMSA-2019-0040.NASL", "ORACLE_BI_PUBLISHER_OCT_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2018_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2020_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JAN_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2019_CPU.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JUL_2018.NASL", "ORACLE_OATS_CPU_JAN_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_JAN_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2019.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2019.NASL", "PALO_ALTO_PAN-SA-2018-0015.NASL", "PALO_ALTO_PAN-SA-2019-0013.NASL", "PHOTONOS_PHSA-2017-0042_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0132_LINUX.NASL", "PHOTONOS_PHSA-2018-1_0-0149_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0175_OPENSSL.NASL", "PHOTONOS_PHSA-2018-1_0-0182_LIBGCRYPT.NASL", "PHOTONOS_PHSA-2018-2_0-0042_LINUX.NASL", "PHOTONOS_PHSA-2018-2_0-0078_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0084_OPENSSL.NASL", "PHOTONOS_PHSA-2018-2_0-0091_LIBGCRYPT.NASL", "PHOTONOS_PHSA-2018-2_0-0109_LINUX.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "REDHAT-RHSA-2013-0270.NASL", "REDHAT-RHSA-2015-2540.NASL", "REDHAT-RHSA-2017-0456.NASL", "REDHAT-RHSA-2019-0109.NASL", "REDHAT-RHSA-2019-0163.NASL", "REDHAT-RHSA-2019-0188.NASL", "REDHAT-RHSA-2019-0367.NASL", "REDHAT-RHSA-2019-0368.NASL", "REDHAT-RHSA-2019-0416.NASL", "REDHAT-RHSA-2019-0435.NASL", "REDHAT-RHSA-2019-0436.NASL", "REDHAT-RHSA-2019-0457.NASL", "REDHAT-RHSA-2019-0461.NASL", "REDHAT-RHSA-2019-0462.NASL", "REDHAT-RHSA-2019-0464.NASL", "REDHAT-RHSA-2019-0469.NASL", "REDHAT-RHSA-2019-0472.NASL", "REDHAT-RHSA-2019-0473.NASL", "REDHAT-RHSA-2019-0474.NASL", "REDHAT-RHSA-2019-0640.NASL", "REDHAT-RHSA-2019-0774.NASL", "REDHAT-RHSA-2019-0775.NASL", "REDHAT-RHSA-2019-0778.NASL", "REDHAT-RHSA-2019-0790.NASL", "REDHAT-RHSA-2019-0791.NASL", "REDHAT-RHSA-2019-0990.NASL", "REDHAT-RHSA-2019-1146.NASL", "REDHAT-RHSA-2019-1163.NASL", "REDHAT-RHSA-2019-1164.NASL", "REDHAT-RHSA-2019-1165.NASL", "REDHAT-RHSA-2019-1166.NASL", "REDHAT-RHSA-2019-1170.NASL", "REDHAT-RHSA-2019-1190.NASL", "REDHAT-RHSA-2019-1238.NASL", "REDHAT-RHSA-2019-1297.NASL", "REDHAT-RHSA-2019-1322.NASL", "REDHAT-RHSA-2019-1325.NASL", "REDHAT-RHSA-2019-1479.NASL", "REDHAT-RHSA-2019-1480.NASL", "REDHAT-RHSA-2019-1481.NASL", "REDHAT-RHSA-2019-1482.NASL", "REDHAT-RHSA-2019-1483.NASL", "REDHAT-RHSA-2019-1484.NASL", "REDHAT-RHSA-2019-1485.NASL", "REDHAT-RHSA-2019-1486.NASL", "REDHAT-RHSA-2019-1487.NASL", "REDHAT-RHSA-2019-1488.NASL", "REDHAT-RHSA-2019-1489.NASL", "REDHAT-RHSA-2019-1490.NASL", "REDHAT-RHSA-2019-1502.NASL", "REDHAT-RHSA-2019-1518.NASL", "REDHAT-RHSA-2019-1594.NASL", "REDHAT-RHSA-2019-1602.NASL", "REDHAT-RHSA-2019-1699.NASL", "REDHAT-RHSA-2019-1711.NASL", "REDHAT-RHSA-2019-1790.NASL", "REDHAT-RHSA-2019-1942.NASL", "REDHAT-RHSA-2019-1946.NASL", "REDHAT-RHSA-2019-2052.NASL", "REDHAT-RHSA-2019-2237.NASL", "REDHAT-RHSA-2019-2400.NASL", "REDHAT-RHSA-2019-2805.NASL", "REDHAT-RHSA-2019-3932.NASL", "REDHAT-RHSA-2019-3933.NASL", "REDHAT-RHSA-2020-1267.NASL", "REDHAT-RHSA-2020-1345.NASL", "REDHAT-RHSA-2020-1461.NASL", "REDHAT-RHSA-2020-3936.NASL", "SECURITYCENTER_5_7_1_TNS_2018_12.NASL", "SECURITYCENTER_OPENSSL_1_0_2M.NASL", "SLACKWARE_SSA_2018-087-01.NASL", "SLACKWARE_SSA_2018-164-01.NASL", "SLACKWARE_SSA_2019-030-01.NASL", "SL_20190122_PERL_ON_SL7_X.NASL", "SL_20190129_KERNEL_ON_SL7_X.NASL", "SL_20190221_SYSTEMD_ON_SL7_X.NASL", "SL_20190226_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190228_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190228_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190305_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190305_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20190417_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190417_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190417_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190422_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190422_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20190609_KERNEL_ON_SL6_X.NASL", "SL_20190617_KERNEL_ON_SL6_X.NASL", "SL_20190617_KERNEL_ON_SL7_X.NASL", "SL_20190806_LIBJPEG_TURBO_ON_SL7_X.NASL", "SL_20190806_NSS__NSS_SOFTOKN__NSS_UTIL__AND_NSPR_ON_SL7_X.NASL", "SUSE_SU-2017-2981-1.NASL", "SUSE_SU-2017-3169-1.NASL", "SUSE_SU-2018-0785-1.NASL", "SUSE_SU-2018-0786-1.NASL", "SUSE_SU-2018-0975-1.NASL", "SUSE_SU-2018-2683-1.NASL", "SUSE_SU-2018-2860-1.NASL", "SUSE_SU-2018-2928-1.NASL", "SUSE_SU-2018-3172-1.NASL", "SUSE_SU-2018-4236-1.NASL", "SUSE_SU-2019-0197-1.NASL", "SUSE_SU-2019-0221-1.NASL", "SUSE_SU-2019-0424-1.NASL", "SUSE_SU-2019-0425-1.NASL", "SUSE_SU-2019-0426-1.NASL", "SUSE_SU-2019-0428-1.NASL", "SUSE_SU-2019-0574-1.NASL", "SUSE_SU-2019-0585-1.NASL", "SUSE_SU-2019-0604-1.NASL", "SUSE_SU-2019-0617-1.NASL", "SUSE_SU-2019-0828-1.NASL", "SUSE_SU-2019-1052-1.NASL", "SUSE_SU-2019-1211-1.NASL", "SUSE_SU-2019-1211-2.NASL", "SUSE_SU-2019-1219-1.NASL", "SUSE_SU-2019-1265-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-1308-1.NASL", "SUSE_SU-2019-1308-2.NASL", "SUSE_SU-2019-1345-1.NASL", "SUSE_SU-2019-1364-1.NASL", "SUSE_SU-2019-1364-2.NASL", "SUSE_SU-2019-1392-1.NASL", "SUSE_SU-2019-13978-1.NASL", "SUSE_SU-2019-14059-1.NASL", "SUSE_SU-2019-1527-1.NASL", "SUSE_SU-2019-1529-1.NASL", "SUSE_SU-2019-1530-1.NASL", "SUSE_SU-2019-1532-1.NASL", "SUSE_SU-2019-1533-1.NASL", "SUSE_SU-2019-1534-1.NASL", "SUSE_SU-2019-1535-1.NASL", "SUSE_SU-2019-1536-1.NASL", "SUSE_SU-2019-1550-1.NASL", "SUSE_SU-2019-1553-1.NASL", "SUSE_SU-2019-1644-1.NASL", "SUSE_SU-2019-1668-1.NASL", "SUSE_SU-2019-1671-1.NASL", "SUSE_SU-2019-1692-1.NASL", "SUSE_SU-2019-1851-1.NASL", "SUSE_SU-2019-1855-1.NASL", "SUSE_SU-2019-1870-1.NASL", "SUSE_SU-2019-1924-1.NASL", "SUSE_SU-2019-1935-1.NASL", "SUSE_SU-2019-1948-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2264-1.NASL", "SUSE_SU-2019-2291-1.NASL", "SUSE_SU-2019-2371-1.NASL", "SUSE_SU-2019-2430-1.NASL", "SUSE_SU-2019-2821-1.NASL", "SUSE_SU-2019-2950-1.NASL", "UBUNTU_USN-3611-1.NASL", "UBUNTU_USN-3628-1.NASL", "UBUNTU_USN-3632-1.NASL", "UBUNTU_USN-3689-1.NASL", "UBUNTU_USN-3775-1.NASL", "UBUNTU_USN-3776-1.NASL", "UBUNTU_USN-3776-2.NASL", "UBUNTU_USN-3777-1.NASL", "UBUNTU_USN-3777-2.NASL", "UBUNTU_USN-3875-1.NASL", "UBUNTU_USN-3891-1.NASL", "UBUNTU_USN-3942-1.NASL", "UBUNTU_USN-3949-1.NASL", "UBUNTU_USN-3975-1.NASL", "UBUNTU_USN-4017-1.NASL", "UBUNTU_USN-4041-1.NASL", "VIRTUALBOX_5_2_10.NASL", "WEBSPHERE_PORTAL_8_0_0_1_CF12.NASL", "WEBSPHERE_PORTAL_CVE-2014-0050.NASL"]}, {"type": "nodejs", "idList": ["NODEJS:330"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2018-0732"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310106512", "OPENVAS:1361412562310107017", "OPENVAS:1361412562310123318", "OPENVAS:1361412562310123422", "OPENVAS:1361412562310142599", "OPENVAS:1361412562310702856", "OPENVAS:1361412562310704157", "OPENVAS:1361412562310704158", "OPENVAS:1361412562310704231", "OPENVAS:1361412562310704308", "OPENVAS:1361412562310704355", "OPENVAS:1361412562310704393", "OPENVAS:1361412562310704453", "OPENVAS:1361412562310704465", "OPENVAS:1361412562310704484", "OPENVAS:1361412562310812401", "OPENVAS:1361412562310813153", "OPENVAS:1361412562310813154", "OPENVAS:1361412562310813302", "OPENVAS:1361412562310813303", "OPENVAS:1361412562310813304", "OPENVAS:1361412562310814913", "OPENVAS:1361412562310814914", "OPENVAS:1361412562310814915", "OPENVAS:1361412562310814916", "OPENVAS:1361412562310843360", "OPENVAS:1361412562310843487", "OPENVAS:1361412562310843509", "OPENVAS:1361412562310843565", "OPENVAS:1361412562310843644", "OPENVAS:1361412562310843646", "OPENVAS:1361412562310843647", "OPENVAS:1361412562310843648", "OPENVAS:1361412562310843888", "OPENVAS:1361412562310844053", "OPENVAS:1361412562310844075", "OPENVAS:1361412562310851723", "OPENVAS:1361412562310851734", "OPENVAS:1361412562310851888", "OPENVAS:1361412562310851907", "OPENVAS:1361412562310851920", "OPENVAS:1361412562310852515", "OPENVAS:1361412562310852516", "OPENVAS:1361412562310852518", "OPENVAS:1361412562310852541", "OPENVAS:1361412562310852568", "OPENVAS:1361412562310852570", "OPENVAS:1361412562310865277", "OPENVAS:1361412562310868154", "OPENVAS:1361412562310869974", "OPENVAS:1361412562310870917", "OPENVAS:1361412562310871529", "OPENVAS:1361412562310873627", "OPENVAS:1361412562310873748", "OPENVAS:1361412562310873785", "OPENVAS:1361412562310873829", "OPENVAS:1361412562310873837", "OPENVAS:1361412562310874349", "OPENVAS:1361412562310874356", "OPENVAS:1361412562310874365", "OPENVAS:1361412562310874366", "OPENVAS:1361412562310874400", "OPENVAS:1361412562310874427", "OPENVAS:1361412562310874606", "OPENVAS:1361412562310874619", "OPENVAS:1361412562310874623", "OPENVAS:1361412562310874692", "OPENVAS:1361412562310874695", "OPENVAS:1361412562310874699", "OPENVAS:1361412562310875095", "OPENVAS:1361412562310875099", "OPENVAS:1361412562310875349", "OPENVAS:1361412562310875355", "OPENVAS:1361412562310875369", "OPENVAS:1361412562310875407", "OPENVAS:1361412562310875414", "OPENVAS:1361412562310875423", "OPENVAS:1361412562310875438", "OPENVAS:1361412562310875443", "OPENVAS:1361412562310876510", "OPENVAS:1361412562310876513", "OPENVAS:1361412562310876514", "OPENVAS:1361412562310876515", "OPENVAS:1361412562310876543", "OPENVAS:1361412562310876555", "OPENVAS:1361412562310876586", "OPENVAS:1361412562310876611", "OPENVAS:1361412562310876943", "OPENVAS:1361412562310876995", "OPENVAS:1361412562310876999", "OPENVAS:1361412562310882981", "OPENVAS:1361412562310882994", "OPENVAS:1361412562310883065", "OPENVAS:1361412562310883066", "OPENVAS:1361412562310891330", "OPENVAS:1361412562310891531", "OPENVAS:1361412562310891638", "OPENVAS:1361412562310891684", "OPENVAS:1361412562310891823", "OPENVAS:1361412562310891824", "OPENVAS:1361412562310891862", "OPENVAS:1361412562311220201452", "OPENVAS:703841"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015"]}, {"type": "oraclelinux", "idList": ["ELSA-2015-2521", "ELSA-2015-2522", "ELSA-2015-2671", "ELSA-2018-4228", "ELSA-2018-4229", "ELSA-2018-4248", "ELSA-2018-4249", "ELSA-2018-4253", "ELSA-2018-4254", "ELSA-2019-0109", "ELSA-2019-0163", "ELSA-2019-0368", "ELSA-2019-1481", "ELSA-2019-1488", "ELSA-2019-1873", "ELSA-2019-4684", "ELSA-2019-4686", "ELSA-2019-4689", "ELSA-2019-4850"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:161972"]}, {"type": "paloalto", "idList": ["PAN-SA-2018-0015", "PAN-SA-2019-0013"]}, {"type": "photon", "idList": ["PHSA-2017-0008", "PHSA-2018-0109", "PHSA-2018-1.0-0132", "PHSA-2018-1.0-0149", "PHSA-2018-1.0-0175", "PHSA-2018-1.0-0182", "PHSA-2018-2.0-0042", "PHSA-2018-2.0-0078", "PHSA-2018-2.0-0085", "PHSA-2018-2.0-0091", "PHSA-2018-2.0-0109", "PHSA-2019-1.0-0212", "PHSA-2019-1.0-0240", "PHSA-2019-2.0-0135", "PHSA-2019-2.0-0159", "PHSA-2019-2.0-0165", "PHSA-2019-3.0-0003", "PHSA-2019-3.0-0014", "PHSA-2019-3.0-0021", "PHSA-2019-3.0-0024", "PHSA-2020-1.0-0290", "PHSA-2020-2.0-0235", "PHSA-2020-3.0-0084"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:36C7759879CCF63D810039DBDE053B89"]}, {"type": "redhat", "idList": ["RHSA-2015:0675", "RHSA-2015:2500", "RHSA-2015:2521", "RHSA-2015:2522", "RHSA-2015:2523", "RHSA-2015:2535", "RHSA-2015:2536", "RHSA-2015:2671", "RHSA-2017:2889", "RHSA-2018:2552", "RHSA-2019:0109", "RHSA-2019:0188", "RHSA-2019:0435", "RHSA-2019:1165", "RHSA-2019:1322", "RHSA-2019:1482", "RHSA-2020:1345", "RHSA-2020:1461"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-0737", "RH:CVE-2018-1000026", "RH:CVE-2018-12437", "RH:CVE-2018-12549", "RH:CVE-2018-1890", "RH:CVE-2019-10245", "RH:CVE-2019-2426", "RH:CVE-2019-2449", "RH:CVE-2020-13946"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29176"]}, {"type": "seebug", "idList": ["SSV:60668", "SSV:96979"]}, {"type": "slackware", "idList": ["SSA-2018-087-01", "SSA-2018-164-01", "SSA-2019-030-01", "SSA-2019-169-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:1057-1", "OPENSUSE-SU-2018:2816-1", "OPENSUSE-SU-2018:2855-1", "OPENSUSE-SU-2018:2957-1", "OPENSUSE-SU-2018:3013-1", "OPENSUSE-SU-2018:3015-1", "OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2018:3202-1", "OPENSUSE-SU-2018:4258-1", "OPENSUSE-SU-2019:0152-1", "OPENSUSE-SU-2019:0161-1", "OPENSUSE-SU-2019:1438-1", "OPENSUSE-SU-2019:1439-1", "OPENSUSE-SU-2019:1450-1", "OPENSUSE-SU-2019:1500-1", "OPENSUSE-SU-2019:1570-1", "OPENSUSE-SU-2019:1571-1", "OPENSUSE-SU-2019:1579-1", "SUSE-SU-2017:2968-1", "SUSE-SU-2017:2981-1", "SUSE-SU-2018:0975-1"]}, {"type": "symantec", "idList": ["SMNTC-1423", "SMNTC-1443", "SMNTC-1462", "SMNTC-1492"]}, {"type": "tenable", "idList": ["TENABLE:9FBA7B0389DAB57A3AE18DB805AD608C", "TENABLE:FF52F52E6157E81F57A22D9356B954AC"]}, {"type": "thn", "idList": ["THN:EF08CCF54E69481550D84949A563BAD5"]}, {"type": "threatpost", "idList": ["THREATPOST:17D0F37EF6943E743BE5812F4D3D87E6", "THREATPOST:2ECE427D1900B827769D37FD86AC8265"]}, {"type": "tomcat", "idList": ["TOMCAT:F551C8E09F0122E8322CF8CB981AC710"]}, {"type": "ubuntu", "idList": ["USN-2769-1", "USN-2969-1", "USN-3475-1", "USN-3611-1", "USN-3611-2", "USN-3619-2", "USN-3620-1", "USN-3620-2", "USN-3628-1", "USN-3628-2", "USN-3632-1", "USN-3775-1", "USN-3775-2", "USN-3776-1", "USN-3776-2", "USN-3777-1", "USN-3777-2", "USN-3779-1", "USN-3834-2", "USN-3850-2", "USN-3875-1", "USN-3891-1", "USN-4017-1", "USN-4017-2", "USN-4041-1", "USN-4041-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-5783", "UB:CVE-2018-0495", "UB:CVE-2018-0732", "UB:CVE-2018-0737", "UB:CVE-2018-0739", "UB:CVE-2018-1000026", "UB:CVE-2018-11212", "UB:CVE-2018-14633", "UB:CVE-2018-18311", "UB:CVE-2018-18559", "UB:CVE-2019-11477", "UB:CVE-2019-11478", "UB:CVE-2019-11479", "UB:CVE-2019-2422", "UB:CVE-2019-2426", "UB:CVE-2019-2602", "UB:CVE-2019-2684", "UB:CVE-2019-6454"]}, {"type": "virtuozzo", "idList": ["VZA-2018-077", "VZA-2019-013", "VZA-2019-050", "VZA-2019-051", "VZA-2019-052", "VZA-2019-053", "VZA-2019-068"]}, {"type": "vmware", "idList": ["VMSA-2014-0007.2"]}, {"type": "zdi", "idList": ["ZDI-16-570"]}, {"type": "zdt", "idList": ["1337DAY-ID-32884"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm security privileged identity manager", "version": 2}]}, "epss": [{"cve": "CVE-2012-5783", "epss": "0.002380000", "percentile": "0.600970000", "modified": "2023-03-17"}, {"cve": "CVE-2012-6708", "epss": "0.014410000", "percentile": "0.845750000", "modified": "2023-03-18"}, {"cve": "CVE-2013-0248", "epss": "0.000420000", "percentile": "0.056410000", "modified": "2023-03-17"}, {"cve": "CVE-2013-7285", "epss": "0.161250000", "percentile": "0.950870000", "modified": "2023-03-18"}, {"cve": "CVE-2014-0050", "epss": "0.157010000", "percentile": "0.950020000", "modified": "2023-03-17"}, {"cve": "CVE-2014-3577", "epss": "0.003200000", "percentile": "0.658720000", "modified": "2023-03-17"}, {"cve": "CVE-2014-6071", "epss": "0.001350000", "percentile": "0.469610000", "modified": "2023-03-18"}, {"cve": "CVE-2015-5262", "epss": "0.032920000", "percentile": "0.897800000", "modified": "2023-03-17"}, {"cve": "CVE-2015-6420", "epss": "0.008800000", "percentile": "0.800330000", "modified": "2023-03-18"}, {"cve": "CVE-2015-7501", "epss": "0.013000000", "percentile": "0.837670000", "modified": "2023-03-17"}, {"cve": "CVE-2015-8830", "epss": "0.000440000", "percentile": "0.081930000", "modified": "2023-03-17"}, {"cve": "CVE-2015-9251", "epss": "0.003570000", "percentile": "0.677010000", "modified": "2023-03-18"}, {"cve": "CVE-2016-1000031", "epss": "0.042270000", "percentile": "0.909150000", "modified": "2023-03-17"}, {"cve": "CVE-2016-10707", "epss": "0.002270000", "percentile": "0.591700000", "modified": "2023-03-18"}, {"cve": "CVE-2016-3092", "epss": "0.013670000", "percentile": "0.841790000", "modified": "2023-03-17"}, {"cve": "CVE-2016-3674", "epss": "0.001780000", "percentile": "0.532850000", "modified": "2023-03-17"}, {"cve": "CVE-2017-15708", "epss": "0.007160000", "percentile": "0.775150000", "modified": "2023-03-17"}, {"cve": "CVE-2017-3735", "epss": "0.031880000", "percentile": "0.896430000", "modified": "2023-03-17"}, {"cve": "CVE-2017-7957", "epss": "0.870380000", "percentile": "0.980050000", "modified": "2023-03-17"}, {"cve": "CVE-2018-0495", "epss": "0.000700000", "percentile": "0.285900000", "modified": "2023-03-18"}, {"cve": "CVE-2018-0732", "epss": "0.108730000", "percentile": "0.941590000", "modified": "2023-03-18"}, {"cve": "CVE-2018-0737", "epss": "0.005640000", "percentile": "0.743510000", "modified": "2023-03-18"}, {"cve": "CVE-2018-0739", "epss": "0.012640000", "percentile": "0.835170000", "modified": "2023-03-18"}, {"cve": "CVE-2018-1000026", "epss": "0.005090000", "percentile": "0.729430000", "modified": "2023-03-18"}, {"cve": "CVE-2018-11212", "epss": "0.007980000", "percentile": "0.789860000", "modified": "2023-03-18"}, {"cve": "CVE-2018-12547", "epss": "0.017860000", "percentile": "0.861690000", "modified": "2023-03-18"}, {"cve": "CVE-2018-12549", "epss": "0.004850000", "percentile": "0.722480000", "modified": "2023-03-18"}, {"cve": "CVE-2018-14633", "epss": "0.013240000", "percentile": "0.839190000", "modified": "2023-03-18"}, {"cve": "CVE-2018-18311", "epss": "0.004960000", "percentile": "0.725330000", "modified": "2023-03-17"}, {"cve": "CVE-2018-18559", "epss": "0.012870000", "percentile": "0.836920000", "modified": "2023-03-17"}, {"cve": "CVE-2018-1890", "epss": "0.000420000", "percentile": "0.056370000", "modified": "2023-03-18"}, {"cve": "CVE-2019-10245", "epss": "0.024270000", "percentile": "0.882730000", "modified": "2023-03-18"}, {"cve": "CVE-2019-11477", "epss": "0.973020000", "percentile": "0.997350000", "modified": "2023-03-17"}, {"cve": "CVE-2019-11478", "epss": "0.967150000", "percentile": "0.993830000", "modified": "2023-03-17"}, {"cve": "CVE-2019-11479", "epss": "0.974050000", "percentile": "0.998400000", "modified": "2023-03-17"}, {"cve": "CVE-2019-2422", "epss": "0.001190000", "percentile": "0.443280000", "modified": "2023-03-17"}, {"cve": "CVE-2019-2426", "epss": "0.006560000", "percentile": "0.763500000", "modified": "2023-03-17"}, {"cve": "CVE-2019-2449", "epss": "0.926140000", "percentile": "0.984190000", "modified": "2023-03-17"}, {"cve": "CVE-2019-2602", "epss": "0.003710000", "percentile": "0.683600000", "modified": "2023-03-17"}, {"cve": "CVE-2019-2684", "epss": "0.001230000", "percentile": "0.450770000", "modified": "2023-03-17"}, {"cve": "CVE-2019-4046", "epss": "0.002570000", "percentile": "0.617630000", "modified": "2023-03-18"}, {"cve": "CVE-2019-6454", "epss": "0.000440000", "percentile": "0.081930000", "modified": "2023-03-17"}], "vulnersScore": 1.2}, "_state": {"dependencies": 1677188753, "score": 1698843920, "affected_software_major_version": 1677355290, "epss": 1679165106}, "_internal": {"score_hash": "c5ee5054c8a4ea26e4c5032b38f56230"}, "affectedSoftware": [{"version": "2.1.1", "operator": "eq", "name": "ibm security privileged identity manager"}]}

{"ibm": [{"lastseen": "2023-02-23T21:45:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 used by IBM Security Identity Governance and Intelligence (IGI). \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Identity Governance and Intelligence (IGI) 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, 5.2.3.2, 5.2.4, 5.2.4.1, 5.2.5.0\n\n## Remediation/Fixes\n\nProduct Name\n\n| VRMF | First Fix \n---|---|--- \nIGI | 5.2 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.1 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.2 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.2.1 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.3 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.3.1 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.3.2 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.4 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.4.1 | [](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>)[5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>)[](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=5.2.5.0&platform=Linux&function=all>) \nIGI | 5.2.5.0 | [5.2.5.0-ISS-SIGI-FP0001 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=5.2.5.0-ISS-SIGI-FP0001&continue=1>) \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-19T19:40:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Identity Governance and Intelligence", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-07-19T19:40:01", "id": "6DC9908A2BA9AE31D55D0175A923886E277978E74AAF349BFE61B221B1874064", "href": "https://www.ibm.com/support/pages/node/957973", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:47", "description": "## Summary\n\nMultiple vulnerabilities in the Oracle Java SE and the Java SE Embedded impact the IBM SDK, Java Technology Edition.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private \n \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\n_Product_\n\n| _Product \nVRMF_ | _Remediation_ \n---|---|--- \nIBM Cloud Application Performance Management, Base Private \n \nIBM Cloud Application Performance Management, Advanced Private | _8.1.4_ | The vulnerabilities can be remediated by applying the Core Framework interim fix 8.1.4.0-IBM-APM-CORE-FRAMEWORK-APM-IF0009 to all systems where Cloud APM agents are installed: \n<https://www-01.ibm.com/support/docview.wss?uid=ibm10879541> \nIBM Cloud Application Performance Management | SaaS | \n\nAfter your subscription is upgraded to V8.1.4, the vulnerabilities can be remediated by either \n \na) downloading the Core Framework interim fix 8.1.4.0-IBM-APM-CORE-FRAMEWORK-APM-IF0009 to all systems where Cloud APM agents are installed and applying the fix by following the instructions at this link: \n<https://www-01.ibm.com/support/docview.wss?uid=ibm10879541> \nb) downloading the Cloud APM agent packages for the operating systems that your agents run on and using the downloaded packages to upgrade existing agents to use the updated Core Framework or to install new agents with the updated Core Framework. \n \nPlease refer to the link <https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/download_agents_intro.htm> for details \non downloading agent packages from IBM Marketplace \n \nPlease refer to the link <https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/install_agent_upgrade.htm> or details on upgrading existing agents. \n \nPlease refer to the link <https://www.ibm.com/support/knowledgecenter/SSMKFH/com.ibm.apmaas.doc/install/install_intro.htm> \nfor details on installing new agents. \n \nIBM Monitoring \nIBM Application Diagnostics \nIBM Application Performance Management \nIBM Application Performance Management Advanced | _8.1.3_ | \n\nThe vulnerabilities can be remediated by applying the Core Framework interim fix 8.1.3.0-IBM-IPM-CORE-FRAMEWORK-IPM-IF0009 to all systems where Performance Management agents are installed:\n\n<https://www-01.ibm.com/support/docview.wss?uid=ibm10879839> \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-12T07:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM SDK, Java Technology Edition affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-04-12T07:10:01", "id": "081CC227E983F960ECD518268E6352234EF5EA042FAE8CEC12AAFEE3AE317384", "href": "https://www.ibm.com/support/pages/node/880657", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:43:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in Jan 2019. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Security Guardium V10.0 - 10.6\n\nIBM Security Guardium V9.0 - 9.5\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM Security Guardium | 9.0 - 9.5 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=9.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_9.0p776_SecurityUpdate_64-bit&amp;includeSupersedes=0&amp;source=fc \nIBM Security Guardium ** ** | 10.0 - 10.6 | http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p620_Bundle_Apr-25-2019&amp;includeSupersedes=0&amp;source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T14:30:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-10-02T14:30:03", "id": "C97A3E95675449D0B4FB3B9F03BC3D1C54EEFCAFE80A94AF2A2CBFD8347169AE", "href": "https://www.ibm.com/support/pages/node/883608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:50", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, 7.0.10.35 used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise has addressed the applicable CVEs. \n \nThese issues were also addressed by IBM WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. \n \nThese issues were disclosed as part of the IBM Java SDK updates in January 2019. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\nCVEID: [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \nDESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/152081 for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n \n---|--- \n \nIBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.02. V2.5.0.3, V2.5.0.4, V2.5.0.5, V2.5.0.6, V2.5.0.7, V2.5.0.8\n\n| \n\n * WebSphere Application Server V8.5.5 through V8.5.5.14 \n \nIBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4, V2.4.0.5\n\n| \n\n * WebSphere Application Server V8.5.0.1 through V8.5.5.12 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation/First Fix** \n \n---|---|--- \n \n * IBM Cloud Orchestrator and Cloud Orchestrator Enterprise 2.5, 2.5.0.1, 2.5.0.2, 2.5.0.3, 2.5.0.4, 2.5.0.5, 2.5.0.6, 2.5.0.7, 2.5.0.8\n| V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.4, V2.5.0.5, V2.5.0.6, V2.5.0.7, V2.5.0.8 | \n\nUpgrade to IBM Cloud Orchestrator 2.5 Fix Pack 9: \n[www.ibm.com/support/docview.wss?uid=ibm10878863](<www.ibm.com/support/docview.wss?uid=ibm10878863>) \n \n * IBM Cloud Orchestrator and Cloud Orchestrator Enterprise 2.4, 2.4.0.1, 2.4.0.2, 2.4.0.3, 2.4.0.4, 2.4.0.5\n| V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.4, V2.4.0.5 | \n\nTo remediate, do the following steps:\n\n1\\. Upgrade to minimal fix pack level.\n\n2\\. Download IBM Java 7.0.10.35.\n\n3\\. Install the Java fixpack on any WebSphere Application Server fixpack level as long as the minimum prerequisites are met. \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise.\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version**\n\n| \n\n**Affected Supporting Product Security Bulletin** \n \n---|---|--- \n \n * IBM Cloud Orchestrator and Cloud Orchestrator Enterprise\n| WebSphere Application Server V8.5.5 through V8.5.5.14 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns](<https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-january-2019-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/>) \n \n * IBM Cloud Orchestrator and Cloud Orchestrator Enterprise\n| WebSphere Application Server V8.5.0.1 through V8.5.5.12 | \n\n[IBM Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns](<https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affects-websphere-application-server-january-2019-cpu-that-is-bundled-with-ibm-websphere-application-server-patterns/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-08T07:40:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-05-08T07:40:02", "id": "BDCE7C9CFA9684E952C1FF403595755387D0CADAED67C6B806E31D295F5B32FA", "href": "https://www.ibm.com/support/pages/node/883240", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T22:50:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8.0.5.25 used by IBM Cloud Transformation Advisor. IBM Cloud Transformation Advisor has addressed the applicable CVEs. \nThese issues were disclosed as part of the IBM Java SDK updates in March 2019.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cloud Transformation Advisor 1.9.6, 1.9.7\n\n## Remediation/Fixes\n\nUpgrade to 1.9.8 or later.\n\nIn IBM Cloud Private go to IBM Cloud Transformation Advisor helm release and click Upgrade.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-05T19:00:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cloud Transformation Advisor", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2022-12-05T19:00:57", "id": "6BACF988DEEE7F5AC9B358EA6F20E74143E11CC3DFD708CA91BCC62BEC175C08", "href": "https://www.ibm.com/support/pages/node/957765", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:41:43", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition and IBM\u00ae Runtime Environment Java\u2122 used by IBM i. IBM i has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nReleases 7.1, 7.2 and 7.3 of IBM i are affected.\n\n## Remediation/Fixes\n\nThe issue can be fixed by applying a PTF to the IBM i Operating System.\n\nReleases 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed. \nPlease see the Java document at this URL for the latest Java information for IBM i: \n<https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20i%20Technology%20Updates/page/Java%20on%20IBM%20i>\n\nThe IBM i Group PTF numbers containing the fix for these CVEs follow. Future Group PTFs for Java will also contain the fixes for these CVEs.\n\n**Release 7.1 \u2013 SF99572 level 35** \n**Release 7.2 \u2013 SF99716 level 20** \n**Release 7.3 \u2013 SF99725 level 12**\n\n**_Important note: _**_IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-18T14:26:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-12-18T14:26:38", "id": "38D9A93F57E99FC43E62E2E28DD6CA1B368B4FC1A373ECE7E9C403AB9D7C5DDE", "href": "https://www.ibm.com/support/pages/node/875554", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00aeRuntime Environment Java\u2122Version 6 and 7 used by IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nPlatform Cluster Manager Version 4.2.0, 4.2.0.1, 4.2.0.2 and 4.2.1\n\nPlatform HPC Version 4.2.0 and 4.2.1\n\nSpectrum Cluster Foundation 4.2.2 \n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \n_Platform Cluster Manager Standard Edition_\n\n| \n\n_4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n_Platform Cluster Manager Advanced Edition_\n\n| \n\n_4.2.0, 4.2.0.1, 4.2.0.2, 4.2.1_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n_Platform HPC _\n\n| \n\n_4.2.0, 4.2.1_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n_Spectrum Cluster Foundation_\n\n| \n\n_4.2.2_\n\n| \n\n_None_\n\n| \n\n_See fix below_ \n \n**Platform Cluster Manager 4.2.x &amp; Platform HPC 4.2.x &amp; Spectrum Cluster Foundation 4.2.2**\n\n1\\. Download IBM JRE 7.0 x86_64 from the following location: [http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>). (For POWER platform, download ppc64 version JRE tar package. The followings steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the management node. If high availability is enabled, copy the JRE tar package to standby management node, as well.\n\n3\\. If high availability is enabled, shutdown standby management node to avoid triggering high availability.\n\n4\\. On the management node, stop GUI and PERF services\n\n# pcmadmin service stop --group ALL\n\n5\\. On management node, extract new JRE files and replace some old folders with new ones.\n\n# chmod +x ibm-java-x86_64-jre-7.0-10.40.bin\n\n# ./ibm-java-x86_64-jre-7.0-10.40.bin \n# mv /opt/pcm/jre/bin /opt/pcm/jre/bin-old \n# mv /opt/pcm/jre/lib /opt/pcm/jre/lib-old \n# mv /opt/pcm/jre/plugin /opt/pcm/jre/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/jre/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/jre/ \n# mv /opt/pcm/web-portal/jre/linux-x86_64/bin /opt/pcm/web-portal/jre/linux-x86_64/bin-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/lib /opt/pcm/web-portal/jre/linux-x86_64/lib-old \n# mv /opt/pcm/web-portal/jre/linux-x86_64/plugin /opt/pcm/web-portal/jre/linux-x86_64/plugin-old \n# cp -r ibm-java-x86_64-70/jre/bin /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/lib /opt/pcm/web-portal/jre/linux-x86_64/ \n# cp -r ibm-java-x86_64-70/jre/plugin /opt/pcm/web-portal/jre/linux-x86_64/\n\n6\\. On management node, start GUI and PERF services\n\n# pcmadmin service start --group ALL\n\n7\\. If high availability is enabled, start up standby management node, and replace bin, lib, plugin folders under /opt/pcm/web-portal/jre/linux-x86_64, on standby management node.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-22T10:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Platform Cluster Manager Standard Edition, IBM Platform Cluster Manager Advanced Edition, Platform HPC, and Spectrum Cluster Foundation.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-03-22T10:10:01", "id": "00646C28E0F3D5ABD9265540874AE94D6D8FB44EC23722A3DE54DB8CB7DB2999", "href": "https://www.ibm.com/support/pages/node/875474", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:39", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 that are used by AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAIX 7.1, 7.2 \n\n\nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed:\n\n \nFor Java7: Less than 7.0.0.640 \nFor Java7.1: Less than 7.1.0.440 \nFor Java8: Less than 8.0.0.530\n\nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.\n\nExample: lslpp -L | grep -i java\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version.\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 40 and subsequent releases: \n32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all \n64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all\n\nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 40 and subsequent releases: \n32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all \n64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=7.1.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 30 and subsequent releases: \n32-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+32-bit,+pSeries&amp;function=all \n64-bit: https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28Java+SE%29&amp;release=8.0.0.0&amp;platform=AIX+64-bit,+pSeries&amp;function=all\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-16T16:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-04-16T16:55:01", "id": "971244C87A98D7C8B5234EEB097E98D9D10FB385A162932AA8D1F263E5B31449", "href": "https://www.ibm.com/support/pages/node/878376", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 ,version 8, that is used by IBM Tivoli Composite Application Manager for Transactions - Robotic Response Time. These issues were disclosed as part of the IBM Java SDK updates in Jan 2019.\n\n## Vulnerability Details\n\nRelevant CVEs:\n\nCVE-2018-1890 CVE-2018-12549 CVE-2018-12547 CVE-2019-2422 CVE-2019-2449 CVE-2019-2426 CVE-2018-11212\n\n#### Relevant CVE Information:\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager (ITCAM) for Transactions : 7.4 are affected\n\n## Remediation/Fixes\n\n**Product Name** | **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nITCAM for Transactions | \n\n7.4.0.x\n\n| | \n\n7.4.0.1-TIV-CAMRT-IF0034 for different platforms:\n\n[7.4.0.1-TIV-CAMRT-AIX-IF0034](<https://www-945.ibm.com/support/fixcentral/swg/selectFix?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-AIX-IF0034&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>)\n\n[7.4.0.1-TIV-CAMRT-LINUX-IF0034](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-LINUX-IF0034&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>)\n\n[ 7.4.0.1-TIV-CAMRT-WINDOWS-IF0034](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FTivoli%2FTivoli+Composite+Application+Manager+for+Transactions&fixids=7.4.0.1-TIV-CAMRT-WINDOWS-IF0034&source=SAR&function=fixId&parent=Tivoli%20Composite%20Application%20Manager>) \n \n## Workarounds and Mitigations\n\nN/A\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-26T07:55:01", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU affects IBM Tivoli Composite Application Manager for Transactions-Robotic Response Time", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-04-26T07:55:01", "id": "3939791E988AF2FACF3DA9BBB5130175F1444AD96DE5438660529936D08FCA48", "href": "https://www.ibm.com/support/pages/node/882150", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:40:21", "description": "## Summary\n\nMultiple vulnerabilities in Java were disclosed as part of the Java SDK updates in January 2019 that affect IBM Spectrum Protect Plus.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION: **IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID: **[CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION: **In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)\n\n**DESCRIPTION: **In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION: **An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Spectrum Protect Plus | 10.1.0-10.1.4 \n \n## Remediation/Fixes\n\n**IBM Spectrum \nProtect Plus Release** | **First Fixing \nVRM Level** | \n\n**Platform**\n\n| **Link to Fix** \n---|---|---|--- \n \n10.1\n\n| \n\n10.1.4.254\n\n| \n\nLinux\n\n| \n\nhttp://www.ibm.com/support/docview.wss?uid=ibm10880861 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-05T18:40:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java affect IBM Spectrum Protect Plus", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-11-05T18:40:40", "id": "A446AEABA3B847589A637F0E1DEC9B9F269264B81B83E391C6B544BDC3D1AF42", "href": "https://www.ibm.com/support/pages/node/1103337", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:07", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM API Connect. \n \nIBM API Connect has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nAffected IBM API Management | Affected Versions \n---|--- \nIBM API Connect | 5.0.0.0-5.0.8.6 \nIBM API Connect | 2018.1-2018.4.1.5 \n \n## Remediation/Fixes\n\nAffected Product | Fixed in VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM API Connect V5.0.0.0-5.0.8.6 | 5.0.8.6 iFix | \n\nLI80921\n\n| \n\nAddressed in IBM API Connect V5.0.8.6 iFix.\n\nManagement server is impacted.\n\nFollow this link and find the appropriate packages: \n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+API+Connect&amp;release=5.0.8.6&amp;platform=All&amp;function=all&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.6&platform=All&function=all&source=fc>) \n \nIBM API Connect V2018.1-2018.4.1.5 | 2018.4.1.6 fixpack | LI80921 | \n\nAddressed in IBM API Connect v2018.4.1.6 fixpack.\n\nAll components are impacted.\n\n \nFollow this link and find the appropriate form factor for your installation: \"management\" , \"portal\", \"analytics\" or apicup* or *ICP* for 2018.4.1.6. \n\n\n[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&amp;product=ibm/WebSphere/IBM+API+Connect&amp;release=2018.4.1.5&amp;platform=All&amp;function=all&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=2018.4.1.5&platform=All&function=all&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-12T22:40:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM API Connect", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-06-12T22:40:01", "id": "133D9B412EFEA4F5BF1824902455E8572DC7935AB0149CC5A2F9654E45B69674", "href": "https://www.ibm.com/support/pages/node/882598", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:49:02", "description": "## Summary\n\nJava SE issues disclosed in the Oracle January 2019 Critical Patch Update, plus three additional vulnerabilities\n\n## Vulnerability Details\n\n**CVE IDs:** CVE-2018-11212 CVE-2019-2426 CVE-2019-2449 CVE-2019-2422 CVE-2018-12547 CVE-2018-12549 CVE-2018-1890\n\n**DESCRIPTION:** This bulletin covers all applicable Java SE CVEs published by Oracle as part of their January 2019 Critical Patch Update, plus three additional vulnerabilities. For more information please refer to [Oracle's January 2019 CPU Advisory](<https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixJAVA>) and the X-Force database entries referenced below.\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 35 and earlier releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 35 and earlier releases \nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 27 and earlier releases\n\n**Note 1:** CVE-2018-12547 and CVE-2018-12549 do not apply to IBM SDK, Java Technology Edition on Solaris, HP-UX and Mac OS.\n\n**Note 2:** CVE-2018-12549 only applies to IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 to IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 27 (inclusive)\n\n**Note 3:** CVE-2018-1890 only applies to IBM SDK, Java Technology Edition on AIX. \n \nFor detailed information on which CVEs affect which releases, please refer to the [IBM SDK, Java Technology Edition Security Vulnerabilities page](<https://developer.ibm.com/javasdk/support/security-vulnerabilities/>) .\n\n## Remediation/Fixes\n\nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 40 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 40 and subsequent releases \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 30 and subsequent releases \n \nIBM SDK, Java Technology Edition releases can be downloaded, subject to the terms of the developerWorks license, from the [Java Developer Center](<https://developer.ibm.com/javasdk/downloads/>) . \n \nIBM customers requiring an update for an SDK shipped with an IBM product should contact [IBM support](<http://www.ibm.com/support/>) , and/or refer to the appropriate product security bulletin.\n\n**APAR numbers are as follows:**\n\n[IJ13343](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ13343>) (CVE-2018-11212) \n[IJ13344](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ13344>) (CVE-2019-2426) \n[IJ13345](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ13345>) (CVE-2019-2449) \n[IJ13346](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ13346>) (CVE-2019-2422) \n[IJ14173](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ14173>) (CVE-2018-12547) \n[IJ14174](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ14174>) (CVE-2018-12549) \n[IJ14187](<http://www-01.ibm.com/support/docview.wss?uid=swg1IJ14187>) (CVE-2018-1890)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-01T15:00:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-03-01T15:00:02", "id": "2AEFA99E16A640771ACFAC4BB5BE4B3421B9E6BBED3EEDAC07FCB8592B8E67CD", "href": "https://www.ibm.com/support/pages/node/873332", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:39:08", "description": "## Summary\n\nIBM Java Runtime ais shipped with Tivoli Federated Identity Manager. Information about security vulnerabilities affecting IBM Java Runtime have been published in a security bulletin.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n** DESCRIPTION: **In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n** DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n \n** CVEID: **[CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n** DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n** DESCRIPTION: **IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081. \nCVSS Base score: 5.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n \n** CVEID: **[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n** DESCRIPTION: **In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n** CVEID: **[CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n** DESCRIPTION: **An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n** CVEID: **[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n** DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Federated Identity Manager| 6.2.2 \n \n\n\n## Remediation/Fixes\n\nPrincipal Product and Version| Affected Supporting Product and Versions| Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Federated Identity Manager 6.2.2| IBM Java Runtime 8.0| [Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-may-affect-ibm%C2%AE-sdk-java%E2%84%A2-technology-edition-8> \"Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-20T08:47:33", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities have been identified in IBM Java Runtime as shipped with Tivoli Federated Identity Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-12-20T08:47:33", "id": "761B3F2157156B455D862DB41A0DB938E62346DEF24B625DB3075EC98C612C7C", "href": "https://www.ibm.com/support/pages/node/1118799", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:55", "description": "## Summary\n\nIBM SDK, Java\u2122 Technology Edition is shipped with Predictive Maintenance and Quality. Information about a security vulnerability affecting IBM SDK, Java\u2122 Technology Edition has been published in a security bulletin. \n(CVE-2018-11212 CVE-2019-2426 CVE-2019-2449 CVE-2019-2422 CVE-2018-12547 CVE-2018-12549 CVE-2018-1890) \n \n \n\n\n## Vulnerability Details\n\nRefer to the security bulletins listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nPredictive Maintenance and Quality 2.5.3 \u2013 2.6.2\n\n## Remediation/Fixes\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM DB2 which is shipped with Predictive Maintenance and Quality.\n\nPrincipal Product and Version(s)\n\n| \n\nAffected Supporting Product and Version\n\n| \n\nAffected Supporting Product Security Bulletin \n \n---|---|--- \n \nIBM Predictive Maintenance and Quality 2.5.3 \u2013 2.6.2\n\n| \n\nIBM SDK, Java\u2122 Technology 7 - 8\n\n| \n\n[Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<http://www-01.ibm.com/support/docview.wss?uid=ibm10873332>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-10T14:35:01", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in IBM SDK, Java Technology Edition shipped with Predictive Maintenance and Quality", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-04-10T14:35:01", "id": "DB94999C91E041072E07E35C6AAF225FC95ED5B505AD09EAC92A1A39A3F67998", "href": "https://www.ibm.com/support/pages/node/879499", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR10-FP35 and Version 8 SR5-FP25 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in Jan 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nTADDM 7.2.2.5\n\nTADDM 7.3 (7.3.0.0 - 7.3.0.6)\n\n## Remediation/Fixes\n\n**Fix** | **VRMF** | **APAR** | **How to acquire fix** \n---|---|---|--- \n \nefix_jdk8.0.5.30_FP6190313.zip\n\n| \n\n7.3.0.6\n\n| None | \n\n[Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=YJTMUk5DePDgDx2PgTY5GYRtj3KlqrP4VQQ5gJaXGzI >) \n \n[efix_jdk7.0.10.40_FP420171214.zip](<https://www.secure.ecurep.ibm.com/download/?id=ZrV3fsm9stxhyAIxHNXvLmgol0HE1fMGDN53Cki7cbM >) | 7.3.0.4 | None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=j7kLpHgPnJs5MLtKoZq9aWqKZTqzwrl5RJZuVGnv6sg>) \n \nefix_jdk7.0.10.40_FP520160209.zip\n\n| 7.2.2.5 | None | \n\n[Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=9ieGcjXh4iLCfVM2xeZoz1LXULTwkcV8jzycT9PNLpc >) \n \nThe eFix provided for 7.3.0.6 has been tested to work successfully on top on 7.3.0.5. Similarly, the eFix provided for 7.3.0.4 has been tested to work successfully on 7.3.0.0 - 7.3.0.3.\n\nPlease get familiar with the eFix readme in etc/efix_readme.txt\n\nFor each TADDM release (7.3.0, 7.2.2) there is a prepared replacement for Windows\u00ae 32-bit IBM JRE, Java Technology Edition, shipped separately on TADDM installation DVD discs.\n\n**Fix** | **VRMF** | **APAR** | ** How to acquire fix** \n---|---|---|--- \n \nibm-java-jre-70-win-i386\n\n| \n\n7.3.0 (7.3.0.0 - 7.3.0.4) and 7.2.2\n\n| None | \n\n[_Download eFix_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Application+Dependency+Discovery+Manager&release=7.3.0.4&platform=All&function=all>) \n \nibm-java-jre-80-win-i386\n\n| \n\n7.3.0.5 and 7.3.0.6\n\n| None | \n\n[_Download eFix_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+Application+Dependency+Discovery+Manager&release=7.3.0.5&platform=All&function=all>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-01T17:00:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Application Dependency Discovery Manager (TADDM)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-05-01T17:00:02", "id": "13DE1D2542AE9D3448E8666046AB1DC9B403DEBE85C4CD5ACB8741491EFB1673", "href": "https://www.ibm.com/support/pages/node/882672", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00aeRuntime Environment Java\u2122Version 8 used by IBM Spectrum LSF Process Manager. IBM Spectrum LSF Process Manager has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Spectrum LSF Process Manager 10.2 \n\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nIBM Spectrum LSF Process Manager \n\n\n| \n\n10.2\n\n| \n\nNone\n\n| \n\n1\\. Download IBM JRE 8.0 from the following location: \n\n[http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>). (The followings steps are using x86_64 as an example.)\n\n2\\. Copy the tar package into the PM server host.\n\n3\\. Log on the PM server host as root, stop jfd. \n# jadmin stop\n\n4\\. On the PM server host, extract new JRE files and replace old folders with new ones.\n\n# chmod +x ibm-java-x86_64-jre-8.0-5.27.bin\n\n# ./ibm-java-x86_64-jre-8.0-5.27.bin \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre-old\n\n# mkdir -p /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# cp -r ibm-java-x86_64-80/* /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/bin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/lib /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre \n# mv /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre/plugin /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre\n\n# rm -rf /opt/ppm/10.2/linux2.6-glibc2.3-x86_64/jre/jre\n\n5\\. On the PM server host, start jfd \n# jadmin start \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-31T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Process Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-03-31T05:10:01", "id": "401087BB003017E873165D5C2882860AD98BB92FE59619FCF118CD4A1677E0F2", "href": "https://www.ibm.com/support/pages/node/876402", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:58", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122, 7.0.10.35 used by IBM Cloud Manager with OpenStack. IBM Cloud Manager with OpenStack has addressed the applicable CVEs. \n \nThese issues were disclosed as part of the IBM\u00ae Runtime Environment Java\u2122 updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product Name** | **Affected Versions** \n---|--- \nIBM Cloud Manager with OpenStack | 4.3 \n \n## Remediation/Fixes\n\n**Product** | **VRMF** | **Remediation / First Fix** \n---|---|--- \nIBM Cloud Manager with OpenStack | 4.3 | \n\nUpgrade to 4.3 FP 13:\n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther%20software&amp;product=ibm/Other+software/Cloud+Manager+with+Openstack&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=4.3.0.13-IBM-CMWO-FP13&amp;includeSupersedes=0](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FOther%20software&product=ibm/Other+software/Cloud+Manager+with+Openstack&release=All&platform=All&function=fixId&fixids=4.3.0.13-IBM-CMWO-FP13&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-06T11:45:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version affect IBM Cloud Manager with OpenStack", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-05-06T11:45:01", "id": "02E424095ADDECCF91219720A7393DB5ACE7C07CE780C4B746555DE8BB51B712", "href": "https://www.ibm.com/support/pages/node/883242", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:11", "description": "## Summary\n\nThere are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected InfoSphere Streams | Affected Versions \n---|--- \nInfoSphere Streams | 4.0.1.6 and earlier \nInfoSphere Streams | 3.2.1.6 and earlier \nIBM Streams | 4.1.1.8 and earlier \nIBM Streams | 4.2.1.6 and earlier \nIBM Streams | 4.3.0.2 and earlier \n \n## Remediation/Fixes\n\nNOTE: Fix Packs are available on IBM Fix Central.\n\nTo remediate/fix this issue, follow the instructions below:\n\nVersion 4.3.x: Apply [_ 4.3.0 Fix Pack 1 (4.3.0.3) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%20Management&product=ibm/Information+Management/InfoSphere+Streams&release=4.3.0.0&platform=All&function=all>) . \nVersion 4.2.x: Apply [_4.2.1 Fix Pack 4 (4.2.1.7) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.2.1.0&platform=All&function=all>) . \nVersion 4.1.x: Apply [_4.1.1 Fix Pack 6 (4.1.1.9) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.1.1.0&platform=All&function=all>) . \nVersion 4.0.x: Apply [_4.0.1 Fix Pack 6 (4.0.1.6) or higher_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information%2BManagement&product=ibm/Information+Management/InfoSphere+Streams&release=4.0.1.0&platform=All&function=all>) . \nVersions 3.2.x, 3.1.x, and 3.0.x: For versions earlier than 4.x.x, IBM recommends upgrading to a fixed, supported version/release/platform of the product. Customers who cannot upgrade and need to secure their installation should open a PMR with IBM Technical Support and request assistance securing their InfoSphere Streams system against the vulnerabilities identified in this Security Bulletin.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-24T02:00:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Jan 2019 - Includes Oracle Jan 2019 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-07-24T02:00:01", "id": "A35FCEEFC209DE6C3EDDE258BE5C9CE624D0CFCFC07CFBDD282C8402A63B2BC3", "href": "https://www.ibm.com/support/pages/node/879975", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for more information. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nz/TPF Enterprise Edition Version 1.1\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF** | **APAR** | **Remediation/First Fix** \n---|---|---|--- \nz/TPF | 1.1 | None | \n\nDownload and install the PJ45124_ibm-java-jre-8.0-5.30 package from the [IBM 64-bit Runtime Environment for z/TPF, Java Technology Edition, Version 8](<http://www.ibm.com/support/docview.wss?uid=swg24043118>) download page. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-18T18:50:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-03-18T18:50:02", "id": "E6493D9BE057225FBCB94A6768DAF2C56601206D489452D9D4D2033C399018B1", "href": "https://www.ibm.com/support/pages/node/875850", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:44:41", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition versions 7 and 8 that are used by IBM\u00ae Intelligent Operations Center, IBM\u00ae Intelligent Operations Center for Emergency Management, and IBM\u00ae Water Operations for Waternamics. IBM\u00ae Intelligent Operations Center has addressed the applicable CVEs. \n\n\n## Vulnerability Details\n\nIf you run your own Java\u2122 code using the IBM\u00ae Java\u2122 Runtime Environment that is delivered with this product, you should evaluate your code to determine whether additional Java\u2122 vulnerabilities are applicable to your code.\n\n**CVE IDs:** CVE-2018-11212 CVE-2019-2426 CVE-2019-2449 CVE-2019-2422 CVE-2018-12547 CVE-2018-12549 CVE-2018-1890\n\n**CVEID:** _[CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>)_ \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>)_ \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>)_ \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n * IBM\u00ae Intelligent Operations Center V1.6.0 - V5.2.0\n * IBM\u00ae Intelligent Operations Center for Emergency Management V1.6 - V5.1.0.6\n * IBM\u00ae Water Operations for Waternamics V5.1 - V5.2.1.1\n\n## Remediation/Fixes\n\nThe fix for this issue is available in IBM\u00ae Intelligent Operations Center version 5.2.1 on [Passport Advantage](<http://www.ibm.com/software/passportadvantage/>).\n\nProduct | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nIBM\u00ae Intelligent Operations Center | V5.2.0 | | IBM\u00ae Intelligent Operations Center V5.2.1 on [Passport Advantage](<http://www.ibm.com/software/passportadvantage/>) \nIBM\u00ae Intelligent Operations Center | V5.1.0 - V5.1.0.14 | | IBM\u00ae Intelligent Operations Center V5.2.1 on [Passport Advantage](<http://www.ibm.com/software/passportadvantage/>) \nIBM\u00ae Water Operations for Waternamics | V5.1.0 - V5.2.1.1 | | IBM\u00ae Intelligent Operations Center V5.2.1 on [Passport Advantage](<http://www.ibm.com/software/passportadvantage/>) \n \nFor information about the latest available updates, see [IBM Intelligent Operations Center V5.2 installation updates](<http://www.ibm.com/support/docview.wss?uid=swg21963326>).\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-16T05:05:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java\u2122 SDK affect IBM\u00ae Intelligent Operations Center products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-08-16T05:05:01", "id": "E45B3F5997DB35E1A997FB0E28FA8ADCFF49A6C82C7F855C8050301889C23F79", "href": "https://www.ibm.com/support/pages/node/881598", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:32", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00aeRuntime Environment Java\u2122Version 7 used by IBM Spectrum LSF Analytics. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nSpectrum LSF Analytics 9.1.4\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nSpectrum LSF Analytics\n\n| \n\n_9.1.4_\n\n| \n\n_None_\n\n| \n\n 1. Download IBM JRE 7 from the following location: [http://www.ibm.com/support/fixcentral](<http://www.ibm.com/support/fixcentral>). (The followings steps are using x86_64 as an example.)\n 2. Copy JRE package into the Analytics Server host and Analytics Node host(s).\n 3. On the Analytics Server host, stop pats, pars, and parb services\n 4. On the Analytics Server host, extract new JRE files and replace old JRE files in following directories\n\n#{ANALYTICS_SERVER_TOP}\\jre\n\n#{ANALYTICS_SERVER_TOP}\\report\\jre\n\nWhere ANALYTICS_SERVER_TOP describes the top-level IBM Spectrum LSF Analytics server installation directory.\n\n 5. On the Analytics Server host, start pats, pars, and parb services on demand.\n 6. On the Analytics Node host, stop plc services\n 7. On the Analytics Node host, extract new JRE files and replace old JRE files in following directory\n\n#{ANALYTICS_NODE_TOP}/jre/#{ARCH}/\n\nWhere ANALYTICS_NODE_TOP describes the top-level IBM Spectrum LSF Analytics node installation directory. ARCH describes the architecture of Analytics Node host. E.g. linux-x86_64\n\n 8. On the Analytics Node host, start plc service. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-22T10:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-03-22T10:10:01", "id": "DE862DA54F4F2E85F179B07677F6F11214F151F844B66F5880900149A96692F9", "href": "https://www.ibm.com/support/pages/node/875472", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by Netcool Agile Service Manager. Netcool Agile Service Manager has addressed the applicable CVEs. \n \nThese issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n \n\n\n## Affected Products and Versions\n\nNetcool Agile Service Manager 1.1.3 - 1.1.4\n\n## Remediation/Fixes\n\nUpdate to Netcool Agile Service Manager 1.1.5\n\nTo install Netcool Agile Service Manager 1.1.5, you download the installation images from IBM\u00ae Passport Advantage\u00ae. You then follow standard installation procedures, whether you install a new instance of Netcool Agile Service Manager, or upgrade an existing version.\n\n**[Download Netcool Agile Service Manager 1.1.5](<http://www-01.ibm.com/support/docview.wss?uid=swg24043717>)**\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-03T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Netcool Agile Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-07-03T05:10:01", "id": "011D1A91543956B15602627C23565DD5280CC571F3E0762403E60D8ED5CD78AA", "href": "https://www.ibm.com/support/pages/node/887917", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM\u00ae Cloud App Management V2018.4.1. IBM\u00ae Cloud App Management has addressed the applicable CVEs in a later version.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined\n\n## Affected Products and Versions\n\nIBM Cloud App Management V2018.4.1\n\n## Remediation/Fixes\n\nIBM Cloud App Management V2018 was updated to use a later version of IBM\u00ae SDK Java\u2122 Technology Edition. Install IBM Cloud App Management V2019.2.0 to address these security vulnerabilities. IBM Cloud App Management V2019.2.0 is available on [IBM Passport Advantage](<https://www.ibm.com/software/passportadvantage/index.html>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-29T12:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition affect IBM Cloud App Management V2018.4.1", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-05-29T12:10:01", "id": "C9CB79952C31381EA00CF6FF1D7710EBDC9B4F13415AD2EBDB3F9F3A6354C7B0", "href": "https://www.ibm.com/support/pages/node/885813", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:36", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 5 Fix Pack 27 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs. \n \nIBM is working to provide fixes for these vulnerabilities as soon as possible and will update this security bulletin when available.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** _[CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>)_ \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>)_ \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2019-2698](<https://vulners.com/cve/CVE-2019-2698>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/159790](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159790>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2019-2697](<https://vulners.com/cve/CVE-2019-2697>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/159789](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159789>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2019-2602](<https://vulners.com/cve/CVE-2019-2602>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/159698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159698>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** _[CVE-2019-2684](<https://vulners.com/cve/CVE-2019-2684>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/159776](<https://exchange.xforce.ibmcloud.com/vulnerabilities/159776>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** _[CVE-2019-10245](<https://vulners.com/cve/CVE-2019-10245>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a method past the end of bytecode array by the Java bytecode verifier. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/160010](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160010>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Platform Symphony 7.1 Fix Pack 1 \nIBM Platform Symphony 7.1.1 \nIBM Spectrum Symphony 7.1.2 \nIBM Spectrum Symphony 7.2.0.2 \nIBM Spectrum Symphony 7.2.1\n\n## Remediation/Fixes\n\n### Applicability\n\n * Operating systems: Linux x64, Windows X64\n\n * Cluster type: Single grid cluster, Developer Edition, Multicluster\n\nPrerequisite\n\nTo install or uninstall the .rpm packages for IBM Spectrum Symphony 7.1.2, 7.2.0.2, and 7.2.1, you must have root permission and RPM version 4.2.1 or later must be installed on the host.\n\nPackages\n\n_**Product**_ | _**VRMF**_ | _**APAR**_ | _**Remediation/First Fix**_ \n---|---|---|--- \n_IBM Platform Symphony_ | _7.1 Fix Pack 1_ | _P103016_ | \n\n_symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz_\n\n_symSetup_jre8sr5fp35_win-x64_build520994.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1-build520994&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build520994&includeSupersedes=0>) \n \n_IBM Platform Symphony_ | _7.1.1_ | _P103016_ | \n\n_symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz_\n\n_symSetup_jre8sr5fp35_win-x64_build520994.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.1-build520994&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build520994&includeSupersedes=0>) \n \n_IBM Spectrum Symphony_ | _7.1.2_ | _P103016_ | \n\n_egojre-1.8.0.535.x86_64.rpm_\n\n_symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz_\n\n_symSetup_jre8sr5fp35_win-x64_build520994.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.1.2-build520994&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build520994&includeSupersedes=0>) \n \n_IBM Spectrum Symphony_ | _7.2.0.2_ | _P103016_ | \n\n_egojre-8.0.5.35.x86_64.rpm_\n\n_symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz_\n\n_symSetup_jre8sr5fp35_win-x64_build520994.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.2.0.2-build520994&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build520994&includeSupersedes=0>) \n \n_IBM Spectrum Symphony_ | _7.2.1_ | _P103016_ | \n\n_egojre-8.0.5.35.x86_64.rpm_\n\n_symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz_\n\n_symSetup_jre8sr5fp35_win-x64_build520994.zip_\n\n[http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=sym-7.2.1-build520994&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build520994&includeSupersedes=0>) \n \nInstalling on Linux management hosts in grid clusters\n\n1\\. Log on to the master host as the cluster administrator.\n\n&gt; egosh user logon -u Admin -x Admin\n\n2\\. Disable your applications, stop services, and shut down the cluster:\n\n&gt; soamcontrol app disable all\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n3\\. Back up or uninstall the existing JRE on all management hosts:\n\n * For Platform Symphony 7.1 Fix Pack 1 and 7.1.1, back up the JRE folder (under $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/). For example, in Platform Symphony 7.1.1 cluster, back up the JRE folder at $EGO_TOP/jre/3.3/linux-x86_64/.\n * For IBM Spectrum Symphony 7.1.2, 7.2.0.2 and 7.2.1, uninstall the existing JRE:\n\n1) Query the existing JRE package and uninstall it from the dbpath location, for example:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-1.8.0.3-408454.x86_64\n\n&gt; rpm -e egojre-1.8.0.3-408454.x86_64 --dbpath /tmp/rpm --nodeps\n\n2) For IBM Spectrum Symphony 7.2.0.2, remove the links remaining in the jre folder, for example:\n\n&gt; rm -rf $EGO_TOP/jre/8.0.5.0\n\n4\\. Log on to each management host as the cluster administrator and source the environment.\n\n&gt; source profile.platform\n\n5\\. On each management host, replace your current JRE folder with the files in this interim fix.\n\n * For Platform Symphony 7.1 Fix Pack 1 and 7.1.1, remove the files in the existing JRE folder and extract the interim package to the JRE folder. For example, in Platform Symphony 7.1.1, enter the following commands:\n\n&gt; rm -rf $EGO_TOP/jre/3.3/linux-x86_64/*\n\n&gt; tar zxfo symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64\n\n * For IBM Spectrum Symphony 7.1.2, 7.2.0.2, and 7.2.1, use the same prefix and dbpath as the installation, for example:\n\n&gt; rpm \u2013ivh egojre-1.8.0.535.x86_64.rpm --prefix /opt/platform --dbpath /tmp/rpm\n\n6\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n7\\. Launch your browser and clear the browser cache.\n\n8\\. From the master host, start the cluster and enable your applications:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\n&gt; soamcontrol app enable &lt;_appName_&gt;\n\nInstalling on Linux Multicluster hosts\n\n1\\. Log on to the master host as the cluster administrator and source the environment:\n\n&gt; source profile.platform\n\n2\\. Stop services and shut down the cluster:\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n3\\. Back up the JRE folder (under $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/). For example, in Platform Symphony 7.1.1 Multicluster, back up the JRE folder at $EGO_TOP/jre/3.3/linux-x86_64/.\n\n4\\. Log on to each management host as the cluster administrator and replace your current JRE folder with the files in this interim fix. For example, in Platform Symphony 7.1.1 Multicluster, enter the following commands:\n\n&gt; source profile.platform\n\n&gt; rm -rf $EGO_TOP/jre/3.3/linux-x86_64/*\n\n&gt; tar zxfo symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz -C $EGO_TOP/jre/3.3/linux-x86_64\n\n5\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n6\\. Launch your browser and clear the browser cache.\n\n7\\. From the master host, source the environment and start the cluster:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\nInstalling on Linux Developer Edition hosts\n\n1\\. Log on to each Linux Developer Edition (DE) host, source the environment and stop the agent:\n\n&gt; source profile.platform\n\n&gt; soamcontrol app disable all\n\n&gt; soamshutdown\n\n2\\. Back up the JRE folder (under $SOAM_HOME/jre/linux-x86_64/). For example, in Platform Symphony DE 7.1.1, back up the JRE folder at $SOAM_HOME/jre/linux-x86_64/.\n\n3\\. Log on to each DE host as the administrator and replace your current JRE folder with the files in this interim fix. \n\nFor example, in Platform Symphony DE 7.1.1, enter the following commands:\n\n&gt; rm -rf $SOAM_HOME/jre/linux-x86_64/*\n\n&gt; tar zxfo symSetup_jre8sr5fp35_linux-x64_build520994.tar.gz -C $SOAM_HOME/jre/linux-x86_64\n\n4\\. Start the agent:\n\n&gt; soamstartup &amp;\n\n&gt; soamcontrol app enable _&lt;appName&gt;_\n\nInstalling on Windows Developer Edition hosts\n\n1\\. Log on to each Windows Developer Edition (DE) host and stop the agent:\n\n&gt; soamcontrol app disable all\n\n&gt; soamshutdown\n\n2\\. Back up the JRE folder (under %SOAM_HOME%\\jre). For example, in Platform Symphony DE 7.1.1, back up the JRE folder at %SOAM_HOME%\\jre.\n\n3\\. Log on to each DE host as the administrator and replace your current JRE folder with the files in this interim fix. For example, in Platform Symphony DE 7.1.1, delete all files under %SOAM_HOME%\\jre, and decompress the symSetup_jre8sr5fp35_win-x64_build520994.zip package under it.\n\n4\\. Start the agent:\n\n&gt; soamstartup\n\n&gt; soamcontrol app enable _&lt;appName&gt;_\n\nVerifying the installation\n\n * For Platform Symphony 7.1 Fix Pack 1 hosts, the following example shows output for the java -version command:\n\n&gt; $EGO_TOP/jre/3.1/linux-x86_64/bin/java -version\n\njava version \"1.8.0_211\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.35 - pxa6480sr5fp35-20190418_01(SR5 FP35))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20190417_414854 (JIT enabled, AOT enabled)\n\nOpenJ9 - 777635f\n\nOMR - 16b77d7\n\nIBM - 72459d3)\n\nJCL - 20190409_01 based on Oracle jdk8u211-b25\n\n * For Platform Symphony 7.1.1 hosts, the following example shows output for the java -version command:\n\n&gt; $EGO_TOP/jre/3.3/linux-x86_64/bin/java -version\n\njava version \"1.8.0_211\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.35 - pxa6480sr5fp35-20190418_01(SR5 FP35))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20190417_414854 (JIT enabled, AOT enabled)\n\nOpenJ9 - 777635f\n\nOMR - 16b77d7\n\nIBM - 72459d3)\n\nJCL - 20190409_01 based on Oracle jdk8u211-b25\n\n * For IBM Spectrum Symphony 7.1.2 hosts, the following example shows output for the rpm -qa command:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-1.8.0.535-520994.x86_64\n\n * For IBM Spectrum Symphony 7.2.0.2 hosts, the following example shows output for the rpm -qa command:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-8.0.5.35-520994.x86_64\n\n * For IBM Spectrum Symphony 7.2.1 hosts, the following example shows output for the rpm -qa command:\n\n&gt; rpm -qa --dbpath /tmp/rpm |grep egojre\n\negojre-8.0.5.35-520994.x86_64\n\n * For Linux DE hosts, the following example shows output for the java -version command:\n\n&gt; $SOAM_HOME/jre/linux-x86_64/bin/java -version\n\njava version \"1.8.0_211\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.35 - pxa6480sr5fp35-20190418_01(SR5 FP35))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20190417_414854 (JIT enabled, AOT enabled)\n\nOpenJ9 - 777635f\n\nOMR - 16b77d7\n\nIBM - 72459d3)\n\nJCL - 20190409_01 based on Oracle jdk8u211-b25\n\n * For Windows DE hosts, the following example shows output for the java -version command:\n\n&gt; %SOAM_HOME%\\jre\\bin\\java -version\n\njava version \"1.8.0_211\"\n\nJava(TM) SE Runtime Environment (build 8.0.5.35 - pwa6480sr5fp35-20190418_01(SR5 FP35))\n\nIBM J9 VM (build 2.9, JRE 1.8.0 Windows 10 amd64-64-Bit Compressed References 20190417_414854 (JIT enabled, AOT enabled)\n\nOpenJ9 - 777635f\n\nOMR - 16b77d7\n\nIBM - 72459d3)\n\nJCL - 20190409_01 based on Oracle jdk8u211-b25\n\nUninstallation\n\nIf required, follow these instructions to uninstall this interim fix in your cluster:\n\nUninstalling on Linux management hosts in grid clusters\n\n1\\. Log on to each management host as the cluster administrator, disable your applications, stop services, and shut down the cluster:\n\n&gt; source profile.platform\n\n&gt; soamcontrol app disable all\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n2\\. Log on to each management host as the cluster administrator and restore the JRE folder from your backup.\n\n * For Platform Symphony 7.1 Fix Pack 1 and 7.1.1, restore your backup to the $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/ folder. For example, in Platform Symphony 7.1.1, restore your backup to the $EGO_TOP/jre/3.3/linux-x86_64/ folder.\n * For IBM Spectrum Symphony 7.1.2, 7.2.0.2 and 7.2.1, uninstall the existing JRE, then install the old one:\n\n1) Uninstall the JRE fix, for example:\n\n&gt; rpm -e egojre-1.8.0.535-520994.x86_64 \\--dbpath /tmp/rpm/ --nodeps\n\n2) For IBM Spectrum Symphony 7.2.0.2, remove the link remaining under the jre folder, for example:\n\n&gt; rm -rf $EGO_TOP/jre/8.0.5.35\n\n3) Extract the egojre .rpm package from the .bin installation package. For example, for IBM Spectrum Symphony 7.1.2, enter:\n\n&gt; sym-7.1.2.0_x86_64.bin --extract /opt/extract\n\n4) Reinstall the old JRE package. Use the same prefix and dbpath as the installation, for example:\n\n&gt; rpm -ivh /opt/extract/egojre-1.8.0.3.x86_64.rpm --prefix /opt/platform --dbpath /tmp/rpm\n\n3\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n4\\. Launch your browser and clear the browser cache.\n\n5\\. From the master host, start the cluster and enable your applications:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\n&gt; soamcontrol app enable _&lt;appName&gt;_\n\nUninstalling on Linux Multicluster hosts\n\n1\\. Log on to each management host as the cluster administrator, stop services, and shut down the cluster:\n\n&gt; source profile.platform\n\n&gt; egosh service stop all\n\n&gt; egosh ego shutdown all\n\n2\\. Restore your backup to the $EGO_TOP/jre/&lt;_EGO_version_&gt;/linux-x86_64/ folder. For example, in Platform Symphony 7.1.1 Multicluster, restore your backup to the $EGO_TOP/jre/3.3/linux-x86_64/ folder.\n\n3\\. Delete all subdirectories and files in the GUI work directory:\n\n&gt; rm -rf $EGO_TOP/gui/work/*\n\n&gt; rm -rf $EGO_TOP/gui/workarea/*\n\n**NOTE: **If you configured the WLP_OUTPUT_DIR parameter and APPEND_HOSTNAME_TO_WLP_OUTPUT_DIR is set to true in the $EGO_CONFDIR/conf/wlp.conf file, you must clean up the $WLP_OUTPUT_DIR/webgui_hostname/gui/workarea/ directory.\n\n4\\. Launch your browser and clear the browser cache.\n\n5\\. From the master host, source the environment and start the cluster:\n\n&gt; source profile.platform\n\n&gt; egosh ego start all\n\nUninstalling on Linux Developer Edition hosts\n\n1\\. Log on to each Linux Developer Edition (DE) host as the administrator and stop the agent:\n\n&gt; source profile.platform\n\n&gt; soamcontrol app disable all\n\n&gt; soamshutdown\n\n2\\. Restore your backup to the $SOAM_HOME/jre/linux-x86_64/ folder. For example, in Platform Symphony DE 7.1.1, restore the JRE folder at $SOAM_HOME/jre/linux-x86_64/.\n\n3\\. Start the agent:\n\n&gt; soamstartup &amp;\n\n&gt; soamcontrol app enable _&lt;appName&gt;_\n\nUninstalling on Windows Developer Edition hosts\n\n1\\. Log on to each Windows Developer Edition (DE) host as the administrator and stop the agent:\n\n&gt; soamcontrol app disable all\n\n&gt; soamshutdown\n\n2\\. Restore your backup to the %SOAM_HOME%\\jre folder. For example, in Platform Symphony DE 7.1.1, restore the JRE folder at %SOAM_HOME%\\jre.\n\n3\\. Start the agent:\n\n&gt; soamstartup\n\n&gt; soamcontrol app enable _&lt;appName&gt;_\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-30T05:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2019-10245", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "modified": "2019-05-30T05:10:01", "id": "89D009E3524C1B9AD87ACA19EAA960BC3BB181F3123552424DF4436450F0C39A", "href": "https://www.ibm.com/support/pages/node/885090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:23", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** _[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>)_ \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** _[CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>)_ \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>)_ \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe following products, running on all supported platforms, are affected: \nIBM InfoSphere Information Server: versions 11.3, 11.5, and 11.7 \nIBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_APAR_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n_[JR60764](<http://www.ibm.com/support/docview.wss?uid=swg1JR60764>)_\n\n| \n\n\\--Follow instructions in the _[README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR60764_ISF_services_engine_*>)_ \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.5\n\n| \n\n_[JR60764](<http://www.ibm.com/support/docview.wss?uid=swg1JR60764>)_\n\n| \n\n\\--Follow instructions in the _[README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR60764_ISF_services_engine_*>)_ \n \nInfoSphere Information Server\n\n| \n\n11.3\n\n| \n\n_[JR60764](<http://www.ibm.com/support/docview.wss?uid=swg1JR60764>)_\n\n| \n\n\\--Follow instructions in the _[README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR60764_ISF_services_engine_*>)_ \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-03T20:00:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426"], "modified": "2019-05-03T20:00:02", "id": "3B2B60EA90ACD3DE28D05828ED17EAA30888A25BE1EDABEE82A059D32EE8FF68", "href": "https://www.ibm.com/support/pages/node/882468", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:43:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 used by Content Collector for Email. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Content Collector for Email 4.0.0\n\nIBM Content Collector for Email 4.0.1\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_** | **_Remediation/First Fix_** \n---|---|--- \nIBM Content Collector for Email | 4.0.0 - 4.0.1 | Apply Interim Fix 4.0.1.10-IBM-ICC-IF002, available from [Fix Central](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FInformation+Management%2FContent+Collector&fixids=4.0.1.10-IBM-ICC-IF002&source=SAR>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-31T20:25:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426"], "modified": "2019-05-31T20:25:02", "id": "FBB20EF2701DFFD146E4827E31BFFA89402D63C4F53B543C5F064479229194EF", "href": "https://www.ibm.com/support/pages/node/880991", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:50", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, that is used by IBM SONAS. IBM SONAS has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIBM SONAS is shipped with Java. Java is required for SONAS administration, for executing SONAS specific commands on the command line, and providing similar functionality using GUI.\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM SONAS \nThe product is affected when running a code releases 1.5.0.0 to 1.5.2.10\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SONAS to the following code level or higher: \n \n1.5.2.11 \n \nPlease contact IBM support for assistance in upgrading your system.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-28T07:05:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM SONAS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-06-28T07:05:01", "id": "C52476BB3C40EAD807A597C63DAC77AEDF4B8D108B3A4ED764609E659AEABB11", "href": "https://www.ibm.com/support/pages/node/883256", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:39:03", "description": "## Summary\n\nAn unspecified vulnerability has been identified in IBM Java Runtime that could affect DataQuant for z/OS.\n\n## Vulnerability Details\n\n**CVEID:** CVE-2018-12547\n\nCVSS Base Score: 9.8\n\n**DESCRIPTION:**\n\nA widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java Runtime components use the vulnerable code, so the issue can manifest in a number of different ways. \nThe fix ensures that the buffer cannot overflow.\n\n**CVEID**: CVE-2018-1890\n\nCVSS Base Score: 5.6\n\n**DESCRIPTION: **\n\nOn the AIX platform, the IBM Java 8 executable contains inappropriate absolute RPATHs, which may allow local users to inject code into JVM processes launched by other users with higher privileges. \nThe fix removes the unsafe RPATHs.\n\n**CVEID**: CVE-2018-12549\n\nCVSS Base Score: 9.8\n\n**DESCRIPTION: **\n\nA flaw in the OpenJ9 JIT compiler allows unprivileged code to access to access sensitive methods in the internal class sun.misc.Unsafe, which allows the untrusted code to elevate its privileges. \nThe fix prevents optimized unprivileged code from accessing sun.misc.Unsafe.\n\n**CVEID:** CVE-2019-2426\n\nCVSS Base Score: 3.7\n\n**DESCRIPTION: **\n\nThe transparent NTLM authentication implementation in java.net.HttpURLConnection exposes the user's NTLM credentials to any server that requests them. \nThe fix disables transparent NTLM authentication by default. A new system property (jdk.http.ntlm.transparentAuth) allows the user to enable transparent NTLM authentication for all hosts or trusted hosts only.\n\n**CVEID**: CVE-2018-11212\n\nCVSS Base Score: 5.3\n\n**DESCRIPTION: **\n\nA flaw in the Java runtime's JPEG parser allows maliciously crafted JPEG data to inflict a denial-of-service by triggering a JVM crash. \nThe fix ensures that the bad JPEG data is handled gracefully.\n\n## Affected Products and Versions\n\nPrincipal Products and Versions \n--- \nDataQuant for z/OS 2.1.0 \n \n## Remediation/Fixes\n\nSteps to update Java for IBM DataQuant:\n\n1\\. Close DataQuant.\n\n2\\. Download JRE 8.0.5.30 version from IBM Java download portal.\n\n3\\. Replace jre folder at the install directory location &gt; C:\\Program Files (x86)\\IBM\\IBM DataQuant\\DataQuant for Workstation. Replace with contents in step # 2.\n\n4\\. Download eclipse oxygen from <https://www.eclipse.org/downloads/download.php?file=/technology/epp/downloads/release/oxygen/3a/eclipse-jee-oxygen-3a-win32-x86_64.zip>\n\n5\\. Extract the eclipse oxygen and copy the plugin - org.apache.jasper.glassfish_2.2.2.v201501141630.jar from eclipse-jee-oxygen-3a-win32-x86_64\\eclipse\\plugins\n\n6\\. Copy org.apache.jasper.glassfish_2.2.2.v201501141630.jar in the folder where DataQuant is installed - C:\\Program Files (x86)\\IBM\\IBM DataQuant\\DataQuant for Workstation\\plugins\n\n7\\. Delete the older plugin org.apache.jasper.glassfish_2.2.2.v201205150955.jar from the DataQuant install directory\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-02-12T21:39:41", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Java Runtime which affects DataQuant for z/OS", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2021-02-12T21:39:41", "id": "86FEF5081D62A9128F5FB12EF899306F75982B448B891B793DCEFF1C2AE1C3BA", "href": "https://www.ibm.com/support/pages/node/881488", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:43", "description": "## Summary\n\nAn unspecified vulnerability has been identified in IBM Java Runtime that could affect Db2 Query Management Facility.\n\n## Vulnerability Details\n\n**CVEID:** CVE-2018-12547\n\nCVSS Base Score: 9.8\n\n**DESCRIPTION:**\n\nA widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java Runtime components use the vulnerable code, so the issue can manifest in a number of different ways. \nThe fix ensures that the buffer cannot overflow.\n\n**CVEID:** CVE-2019-2426\n\nCVSS Base Score: 3.7\n\n**DESCRIPTION: **\n\nThe transparent NTLM authentication implementation in java.net.HttpURLConnection exposes the user's NTLM credentials to any server that requests them. \nThe fix disables transparent NTLM authentication by default. A new system property (jdk.http.ntlm.transparentAuth) allows the user to enable transparent NTLM authentication for all hosts or trusted hosts only.\n\n**CVEID**: CVE-2018-1890\n\nCVSS Base Score: 5.6\n\n**DESCRIPTION: **\n\nOn the AIX platform, the IBM Java 8 executable contains inappropriate absolute RPATHs, which may allow local users to inject code into JVM processes launched by other users with higher privileges. \nThe fix removes the unsafe RPATHs.\n\n**CVEID**: CVE-2018-12549\n\nCVSS Base Score: 9.8\n\n**DESCRIPTION: **\n\nA flaw in the OpenJ9 JIT compiler allows unprivileged code to access to access sensitive methods in the internal class sun.misc.Unsafe, which allows the untrusted code to elevate its privileges. \nThe fix prevents optimized unprivileged code from accessing sun.misc.Unsafe.\n\n**CVEID**: CVE-2018-11212\n\nCVSS Base Score: 5.3\n\n**DESCRIPTION: **\n\nA flaw in the Java runtime's JPEG parser allows maliciously crafted JPEG data to inflict a denial-of-service by triggering a JVM crash. \nThe fix ensures that the bad JPEG data is handled gracefully.\n\nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities](<https://exchange.xforce.ibmcloud.com/vulnerabilities/141939>) for the current score\n\nCVSS Environmental Score*: Undefined\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s) | Affected Supporting Product \n---|--- \nDB2 Query Management Facility for z/OS v11.1 | \nQuery Management Facility Enterprise Edition V11.1 | \nDB2 Query Management Facility for z/OS v11.2 | \nDB2 Query Management Facility for z/OS v12.1 | \nDB2 Query Management Facility for z/OS v12.2 | \n \n## Remediation/Fixes\n\n**Steps to update Java - QMF for Workstation:**\n\n1\\. Download JRE 8.0.5.30 version from IBM Java download portal.\n\n2\\. Close QMF for workstation , if any instance is running.\n\n3\\. Copy 8.0.5.30 JRE version to C:\\Program Files\\IBM\\Db2 Query Management Facility\\QMF for Workstation\\jre.\n\n4\\. Start application\n\n**Steps to update Java - QMF Vision: **\n\n1\\. Go to: <https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html>\n\n2\\. Download \"jre-8u202-windows-x64.tar.gz\", and extract the files to a temporary location.\n\n3\\. Stop the following Windows services:\n\n\\- IBM QMF Vision Indexing Service (this will also stop IBM QMF Vision Web Service due to dependencies)\n\n\\- QMFServerLite\n\n4\\. Delete C:\\Program Files\\IBM\\DB2 Query Management Facility\\QMF Vision\\elasticsearch\\java\\jre1.8.0_131.\n\n5\\. Copy folder jre1.8.0_202 from the temporary location to C:\\Program Files\\IBM\\DB2 Query Management Facility\\QMF Vision\\elasticsearch\\java.\n\n6\\. Rename folder jre1.8.0_202 to jre.\n\n7\\. Under C:\\Program Files\\IBM\\DB2 Query Management Facility\\QMF Vision\\, edit the following 6 files:\n\nelasticsearch/bin/install.bat\n\nelasticsearch/bin/start.bat\n\nelasticsearch/bin/stop.bat\n\nelasticsearch/bin/uninstall.bat\n\nqmfserver/bat/setenv.bat\n\nqmfserver/conf/wrapper.conf\n\nFor each file, replace \"jre1.8.0_131\" with \"jre\", and save.\n\n8\\. Open a Windows Command window in Administrator mode and Change directory to elasticsearch/bin.\n\n9\\. Execute:\n\nuninstall.bat\n\ninstall.bat\n\n10\\. Change directory to qmfserver/bat.\n\n11 Execute:\n\nuninstallService.bat\n\ninstallService.bat.\n\n12\\. In the Windows Services console, edit \"IBM QMF Vision Indexing Service\" to change startup type from \"Manual\" to \"Automatic\".\n\n13\\. Restart Windows Services:\n\n\\- IBM QMF Vision Indexing Service\n\n\\- IBM QMF Vision Web Service\n\n\\- QMFServerLite\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-16T05:10:01", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Java Runtime could affect DB2 Query Management Facility (CVE-2018-12547, CVE-2019-2426, CVE-2018-1890, CVE-2018-12549, CVE-2018-11212)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-04-16T05:10:01", "id": "BC9967E46306B31647F93B158F23F8C3BC5FAEC37D111154B34BA21E4B36F106", "href": "https://www.ibm.com/support/pages/node/880785", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:33", "description": "## Summary\n\nThere are multiple vulnerabilities related to IBM\u00ae Runtime Environment Java\u2122 Technology Edition which is used and shipped by different versions of IBM License Key Server Administration and Reporting Tool (ART) and Agent.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n * RLKS Administration and Reporting Tool version 8.1.5\n * RLKS Administration and Reporting Tool version 8.1.5.1\n * RLKS Administration and Reporting Tool version 8.1.5.2\n * RLKS Administration and Reporting Tool version 8.1.5.3\n * RLKS Administration and Reporting Tool version 8.1.5.4\n * RLKS Administration and Reporting Tool version 8.1.5.5\n * RLKS Administration and Reporting Tool version 8.1.5.6\n * RLKS Administration and Reporting Tool version 8.1.6\n\n * RLKS Administration and Reporting Agent version 8.1.5\n * RLKS Administration and Reporting Agent version 8.1.5.1\n * RLKS Administration and Reporting Agent version 8.1.5.2\n * RLKS Administration and Reporting Agent version 8.1.5.3\n * RLKS Administration and Reporting Agent version 8.1.5.4\n * RLKS Administration and Reporting Agent version 8.1.5.5\n * RLKS Administration and Reporting Agent version 8.1.5.6\n * RLKS Administration and Reporting Agent version 8.1.6\n\n## Remediation/Fixes\n\nReplace the JRE used in IBM License Key Server Administration and Reporting Tool and IBM License Key Server Administration Agent.\n\n_Steps to replace the JRE in IBM License Key Server Administration and Reporting Tool (All Versions)_ \n \n1\\. Go to [_Fix Central_](<http://www.ibm.com/support/fixcentral>) \n \n2\\. On the **Find product** tab, enter **_Rational Licensing_** in the **Product Selector** field and hit enter. \n \n3\\. Select the **Installed Version** and hit continue button. \n \n4\\. Select the platform of the machine where RLKS Administration and Reporting Tool is installed and hit continue button. \n \n5\\. On the **Identify fixes** page, select **Browse for fixes** and select **Show fixes that apply to this version** and hit continue button. \n \n6\\. Identify and click the iFix named **IBM_License_Key_Server_Administration_And_Reporting_Tool_And_Agent_816_iFix_1**.\n\n7\\. Download the JARs, **US_export_policy.jar** and **local_policy.jar**.\n\n8\\. Download the JRE for your target platform.\n\n9\\. Shutdown RLKS Administration and Reporting Tool and Agent both. \n \n10\\. Go to the installation location of RLKS Administration and Reporting Tool and Agent one after the other. \n \n11\\. Rename &lt;install location&gt;/jre folder to **&lt;install location&gt;/jre_back.** This step backs up the existing JRE. \n \n12\\. Extract the downloaded JRE into some folder. From inside the extracted folder, copy the sub-folder named **jre** and place it inside the &lt;install location&gt; of both RLKS Administration and Reporting Tool and Agent.\n\n13\\. Navigate to the folder **jre\\lib\\security** under the **&lt;install location&gt; **for RLKS Administration and Reporting Tool. Copy the JARs, **US_export_policy.jar** and **local_policy.jar** over there.\n\n14\\. Startup RLKS Administration and Reporting Tool followed by Agent. \n \n15\\. Login to the tool using rcladmin user and verify that you see the configured license servers under 'Server' tab.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-20T19:30:01", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in IBM Java Runtime affect IBM License Key Server Administration and Reporting Tool and Agent", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2422", "CVE-2019-2426"], "modified": "2019-05-20T19:30:01", "id": "BBDC7096AC6E107B39511F4AA0A8BF766D1F457A271B42F4E5BBC92081940258", "href": "https://www.ibm.com/support/pages/node/884972", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:03", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in Jan 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \nThe product is affected when running supported code releases 1.6.0.0 to 1.6.2.5. The product running unsupported code releases 1.5 or earlier are also affected.\n\n## Remediation/Fixes\n\nA fix for these issues is in version v1.6.2.6 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.6.2.6 or a later version.\n\n[Latest Storwize V7000 Unified Software](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\nSystems running an unsupported version (v1.5 or earlier) should be upgraded to the current release containing the security fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-03T10:10:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-05-03T10:10:01", "id": "BBD5B0FD70EBB30911257F316A998DBE75E6806613D1530261A9CC6A7DDB88E1", "href": "https://www.ibm.com/support/pages/node/882036", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:49", "description": "## Summary\n\nIBM MessageSight has addressed the following Java vulnerabilities: \n \nCVE-2018-12549: Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system. \nCVE-2018-12547: Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. \nCVE-2019-2422: An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component. \nCVE-2019-2426: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking) \nCVE-2019-2449: An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected IBM MessageSight | Affected Versions \n---|--- \nIBM MessageSight | 1.2.0.0 - 1.2.0.3 \nIBM MessageSight | 2.0.0.0 - 2.0.0.2 \nIBM MessageSight | 5.0.0.0 \nIBM MessageSight | 5.0.0.1 \n \n## Remediation/Fixes\n\nIBM MessageSight | 1.2.0.3 | [\n\n1.2.0.3-IBM-IMA-IFIT28839\n\n](<http://www.ibm.com/support/docview.wss?uid=ibm10882960>) \n---|---|--- \nIBM MessageSight | 2.0.0.2 | [\n\n2.0.0.2-IBM-IMA-IFIT28839\n\n](<http://www.ibm.com/support/docview.wss?uid=ibm10878516>) \nIBM MessageSight | 5.0.0.0 | [\n\n5.0.0.0-IBM-IMA-IFIT28839\n\n](<http://www.ibm.com/support/docview.wss?uid=ibm10882962>) \nIBM MessageSight | 5.0.0.1 | [\n\n5.0.0.1-IBM-IMA-IFIT28839\n\n](<http://www.ibm.com/support/docview.wss?uid=ibm10882964>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-08T21:05:01", "type": "ibm", "title": "Security Bulletin: IBM MessageSight is affected by the following four IBM Java vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-12549", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-05-08T21:05:01", "id": "048A51BC0625371C3FE182B38DCA012E93A3FE564EFF85A50D7F489B21007780", "href": "https://www.ibm.com/support/pages/node/878518", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:44:55", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in OpenSSL. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-0732](<https://vulners.com/cve/CVE-2018-0732>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION:** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2018-0737](<https://vulners.com/cve/CVE-2018-0737>) \n**DESCRIPTION:** OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-0495](<https://vulners.com/cve/CVE-2018-0495>) \n**DESCRIPTION:** GnuPG Libgcrypt could allow a local attacker to obtain sensitive information, caused by a memory-cache side-channel attack on ECDSA signatures in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c. An attacker could exploit this vulnerability to recover ECDSA or DSA private keys. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144828> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION:** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 16.\n\n## Workarounds and Mitigations\n\nnone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-12-17T15:00:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in OpenSSL affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3735", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739"], "modified": "2018-12-17T15:00:02", "id": "D272B1ACFC08FB00F71DAECEAF120EF8F47B4AA0F575849F81F09FF6E35CBFB5", "href": "https://www.ibm.com/support/pages/node/739977", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-21T21:45:13", "description": "## Summary\n\nIBM QRadar Network Security has addressed the following vulnerabilities. \n\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2018-0732](<https://vulners.com/cve/CVE-2018-0732>) \n**DESCRIPTION: ** OpenSSL is vulnerable to a denial of service, caused by the sending of a very large prime value to the client by a malicious server during key agreement in a TLS handshake. By spending an unreasonably long period of time generating a key for this prime, a remote attacker could exploit this vulnerability to cause the client to hang. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144658> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2018-0739](<https://vulners.com/cve/CVE-2018-0739>) \n**DESCRIPTION: ** OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2018-0737](<https://vulners.com/cve/CVE-2018-0737>) \n**DESCRIPTION: ** OpenSSL could allow a local attacker to obtain sensitive information, caused by a cache-timing side channel attack in the RSA Key generation algorithm. An attacker with access to mount cache timing attacks during the RSA key generation process could exploit this vulnerability to recover the private key and obtain sensitive information. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/141679> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2018-0495](<https://vulners.com/cve/CVE-2018-0495>) \n**DESCRIPTION: ** GnuPG Libgcrypt could allow a local attacker to obtain sensitive information, caused by a memory-cache side-channel attack on ECDSA signatures in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c. An attacker could exploit this vulnerability to recover ECDSA or DSA private keys. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144828> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2017-3735](<https://vulners.com/cve/CVE-2017-3735>) \n**DESCRIPTION: ** OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error while parsing an IPAdressFamily extension in an X.509 certificate. An attacker could exploit this vulnerability to trigger an out-of-bounds read, resulting in an incorrect text display of the certificate. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131047> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4.0\n\nIBM QRadar Network Security 5.5.0\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security | 5.4.0 | Install Firmware 5.4.0.6 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.6 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM QRadar Network Security | 5.5.0 | Install Firmware 5.5.0.1 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.5.0.1 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-12-07T02:45:02", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by multiple openssl vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-3735", "CVE-2018-0495", "CVE-2018-0732", "CVE-2018-0737", "CVE-2018-0739"], "modified": "2018-12-07T02:45:02", "id": "FEDE4F7915CF8E683DBC7AB56D68872D5740EF9C5D19FED52B140130771052A2", "href": "https://www.ibm.com/support/pages/node/740789", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2023-02-23T21:42:03", "description": "## Summary\n\nThere are vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 and 8, IBM SDK, Java Technology Edition Version 8 and Eclipse Open J9 that affect IBM Transformation Extender.\n\n## Vulnerability Details\n\nCVEID: [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \nDescription: On the AIX platform, the IBM Java 8 executable contains inappropriate absolute RPATHS, which might allow local users to inject code into JVM processes launched by other users with higher privileges. The fix removes the unsafe RPATHs. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081 ](<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F152081&data=02%7C01%7Cwilliam.patterson%40hcl.com%7Ccf66991243e84249caa708d6de30231d%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636940695663738817&sdata=sIlck3BykS50W%2FJDNZnziQy4rL%2FQQEf%2B68l8%2F43vuXA%3D&reserved=0>)for more information. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n\n\nCVEID:** **[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \nDescription: The transparent NTLM authentication implementation in **java.net.HttpURLConnection** exposes the user's NTLM credentials to any server that requests them.The fix disables transparent NTLM authentication by default. A new system property (**jdk.http.ntlm.transparentAuth**) allows the user to enable transparent NTLM authentication for all hosts or trusted hosts only. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F155744&data=02%7C01%7Cwilliam.patterson%40hcl.com%7Ccf66991243e84249caa708d6de30231d%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636940695663748811&sdata=4Y9JURkImyU2KrZCL0ECidCJ3YtHhJZ2N55HJjNZGsU%3D&reserved=0>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n \n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \nDescription: A widely used function in the OpenJ9 JVM is vulnerable to buffer overflows. Multiple Java Runtime components use the vulnerable code, so the issue can manifest in a number of different ways. The fix ensures that the buffer cannot overflow. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F157512&data=02%7C01%7Cwilliam.patterson%40hcl.com%7Ccf66991243e84249caa708d6de30231d%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636940695663748811&sdata=eXo5DwSpSxkPlaOc39MYULVvIFk%2BBvl93hXW0Q05Qc8%3D&reserved=0>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [2019-2602](<https://vulners.com/cve/CVE-2019-2602>) \nDescription: A flaw in the **java.math.BigDecimal** API causes hangs when parsing certain String values. This potentially allows an attacker to inflict a denial-of-service. The fix ensures that all Strings are parsed promptly. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: [https://exchange.xforce.ibmcloud.com/vulnerabilities/159698](<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F159698&data=02%7C01%7Cwilliam.patterson%40hcl.com%7Ccf66991243e84249caa708d6de30231d%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636940695663758807&sdata=3xe0IZiHl6DQmMwbjOURmUxVKG5k6XbQMI16QVLS0WU%3D&reserved=0>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [2019-2684](<https://vulners.com/cve/CVE-2019-2684>) \nDescription: The Java runtime's java.rmi.Registry implementation does not check access privileges correctly for some remote calls. This allows an attacker to effectively replace a number of predefined static skeleton classes with dynamic malicious skeletons. The fix ensures that access checks on remote calls are conducted correctly. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: [https://exchange.xforce.ibmcloud.com/vulnerabilities/159776](<https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexchange.xforce.ibmcloud.com%2Fvulnerabilities%2F159776&data=02%7C01%7Cwilliam.patterson%40hcl.com%7Ccf66991243e84249caa708d6de30231d%7C189de737c93a4f5a8b686f4ca9941912%7C0%7C0%7C636940695663768800&sdata=rVVYh8IpyFz5g1V%2BsXV%2FPJVOUI4aji3f%2BBvFzKgKQgA%3D&reserved=0>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Transformation Extender V10.0.0\n\nIBM Transformation Extender V9.0.0 through V9.0.0.3 \nIBM Transformation Extender V8.4.1.0 through V8.4.1.5\n\n## Remediation/Fixes\n\nAll IBM Transformation Extender versions: Download and install the fix for [APAR PH11548](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Transformation+Extender&release=All&platform=All&function=aparId&apars=PH11548&source=fc>).\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-11-22T18:37:58", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 7 & 8, IBM SDK, Java Technology Edition Version 8 and Eclipse OpenJ9 Affect Transformation Extender", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426", "CVE-2019-2602", "CVE-2019-2684"], "modified": "2019-11-22T18:37:58", "id": "97BD6DE446514B1E9FE357A4E4FA984C0332A7850297BB639A700B30A873803D", "href": "https://www.ibm.com/support/pages/node/882278", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:06", "description": "## Summary\n\nThere are several vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-10245](<https://vulners.com/cve/CVE-2019-10245>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a denial of service, caused by the execution of a method past the end of bytecode array by the Java bytecode verifier. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/160010> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2684](<https://vulners.com/cve/CVE-2019-2684>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2019-2602](<https://vulners.com/cve/CVE-2019-2602>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159698> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-2697](<https://vulners.com/cve/CVE-2019-2697>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159789> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2698](<https://vulners.com/cve/CVE-2019-2698>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE 2D component could allow an unauthenticated attacker to take control of the system. \nCVSS Base Score: 8.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159790> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nThe following components of IBM Tivoli Monitoring (ITM) are affected by this bulletin: \n \n-Java (CANDLEHOME) ITM 6.3.0 through 6.3.0 Fix Pack 7 (JRE 7) (CVE-2018-1890, CVE-2019-2426, CVE-2019-2697 and CVE-2019-2684) \n-Java (Tivoli Enterprise Portal client browser or webstart) ITM 6.3.0 through 6.3.0 Fix Pack 7 (All CVE's listed) \n\n\n## Remediation/Fixes\n\n**_Java (TEP) Remediation:_** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging into the IBM Tivoli Enterprise Portal using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix below provides updated JRE packages for the portal server which can be downloaded by new client systems. Once the fix has been installed on the portal server, instructions in the README can be used to download the updated JRE from the portal to the portal clients.\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20190722 | 6.3.0 through 6.3.0 FP7 | <http://www.ibm.com/support/docview.wss?uid=ibm10960430> \n \n**_Java (CANDLEHOME) Remediation:_** \nThe patch below should be installed which will update the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or Embedded JVM (JVM component on Windows).\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20190722 | 6.3.0 through 6.3.0 FP7 | <http://www.ibm.com/support/docview.wss?uid=ibm10960432> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-25T16:15:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-1890", "CVE-2019-10245", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2602", "CVE-2019-2684", "CVE-2019-2697", "CVE-2019-2698"], "modified": "2019-07-25T16:15:01", "id": "8F42B1EECF982913B8608A5CFBA9BAC45C8FBE09DA56D904DDD3116F3FD9BC4A", "href": "https://www.ibm.com/support/pages/node/959883", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:42", "description": "## Summary\n\nJazz Team Server is shipped as a component of Jazz Reporting Service (JRS). Information about multiple security vulnerabilities affecting Jazz Team Server and Jazz-based products has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product(s) and Version(s) \n---|--- \nJRS 5.0, 5.0.1, 5.0.2 | Jazz Foundation 5.0, 5.0.1, 5.0.2 \nJRS 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6 | Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6 \n \n* Both JRS and Jazz Foundation are part of Rational Collaborative Lifecycle Management.\n\n## Remediation/Fixes\n\nConsult the security bulletin [Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affect multiple IBM Rational products based on IBM Jazz technology Jan 2019 CPU](<https://www-01.ibm.com/support/docview.wss?uid=ibm10875858>) for vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-12T21:15:01", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426, CVE-2018-11212)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-03-12T21:15:01", "id": "4E9AD838365F2BB0F258C33EC7CFCC4BF6D5D2E850D198E6C26739712A30BEE6", "href": "https://www.ibm.com/support/pages/node/875874", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-11T15:25:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition, Version 1.7 and 1.8 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Collaborative Lifecycle Management (CLM), Rational DOORS Next Generation (RDNG), Rational Engineering Lifecycle Manager (RELM), Rational Team Concert (RTC), Rational Quality Manager (RQM), Rational Rhapsody Design Manager (Rhapsody DM), and Rational Software Architect (RSA DM). These issues were disclosed as part of the IBM Java SDK updates in January 2019. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nRational Collaborative Lifecycle Management 5.0 - 6.0.6.1 \n \nRational Quality Manager 5.0 - 5.0.2 \nRational Quality Manager 6.0 - 6.0.6.1 \n \nRational Team Concert 5.0 - 5.0.2 \nRational Team Concert 6.0 - 6.0.6.1 \n \nRational DOORS Next Generation 5.0 - 5.0.2 \nRational DOORS Next Generation 6.0 - 6.0.6.1 \n \nRational Engineering Lifecycle Manager 5.0 - 5.0.2 \nRational Engineering Lifecycle Manager 6.0 - 6.0.6.1 \n \nRational Rhapsody Design Manager 5.0 - 5.0.2 \nRational Rhapsody Design Manager 6.0 - 6.0.6.1 \n \nRational Software Architect Design Manager 5.0 - 5.0.2 \nRational Software Architect Design Manager 6.0 - 6.0.1\n\n## Remediation/Fixes\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Rational product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2019 CPU](<https://www.ibm.com/support/docview.wss?uid=ibm10873042>)\n\nto get the WAS remediation.\n\n 3. If you are deploying the Rational products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process:\n * **Stop the server**: Navigate to the Server directory in your Ratonal product installation path and run this script: _server.shutdown_\n * **Navigate to the server directory** in your Rational product installation path, open **_server.startup_**_ _script using prefered text editor (e.g., Notepad for Windows or Vim Editor for Linux) and add one more option to the healthcenter parameter set: \n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in server.startup script to find the line containing the health center parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions, _ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the server.startup, in this case the update is not needed and you can start using your server. \n**Windows:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"rem \" at the beginning of the line: \n**_Before modification:_** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_ **_ ... \nAfter modification:_** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._ \n**Linux:** \nComment out the line (where HEALTHCENTER_OPTS parameter located) by inserting \"# \" at the beginning of the line: \n**_Before modification:_** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_ **_ ... \nAfter modification:_** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n * **Start the server**. Navigate to the Server directory in your Rational product installation path and run this script: _server.startup. _\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 5.0.2 or 6.0.2. Or optionally, upgrade to the latest 6.0.6 or 6.0.6.1 version. \n \n2\\. Optionally, apply the latest ifix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * For the 6.0.6 release: **JRE 7.1.4._40_****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP40_**) or **JRE 8.0.5._30_****_(&lt;product&gt;-JavaSE-JRE-8.0SR5FP30_**) \n * [_Rational Collaborative Lifecycle Management 6.0.6_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all>)\n * For the 6.0.2 release: **JRE 7.1.4._40_****_(&lt;product&gt;-JavaSE-JRE-7.1SR4FP40_**) \n * [_Rational Collaborative Lifecycle Management 6.0.2_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all>)\n * For the 5.x releases: \n * IBM SDK Java\u2122 Technology Edition, Version 6 is no longer supported on distributed platforms. IBM Collaborative Lifecycle Management (CLM) products version 5.x use Java 6 and are affected. IBM highly recommends customers to upgrade to Extended Maintenance Release 6.0.2 or 6.0.6 for those wishing the stability and support of an EMR release, or to the latest 6.0.x version for those desiring the latest features. For additional details review: _[Impact to CLM 5.x suite of products due to Java 6 EOS](<http://www.ibm.com/support/docview.wss?uid=swg22015069>)_\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_](<http://www.ibm.com/support/docview.wss?uid=swg21674139>) \n \n5\\. Navigate to the server directory in your Rational product installation path, and go to jre/lib/security path. \n \n6\\. Optionallly, If you have not performed a Licenses upgrade as described in the link below, please follow the instructions to complete the setup:\n\n_[No IBM Rational trial, server, or client access licenses available after upgrading Java and/or listed products](<http://www.ibm.com/support/docview.wss?uid=swg22008957>)_\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-28T18:35:50", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affect multiple IBM Rational products based on IBM Jazz technology Jan 2019 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2021-04-28T18:35:50", "id": "EE990E2E33EA6D732776EBA6886616740517F07048E1DC3EEC6AC2E97F7B2855", "href": "https://www.ibm.com/support/pages/node/875858", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:24", "description": "## Summary\n\nMultiple vulnerabilities are identified in IBM\u00ae SDK Java\u2122 Technology Edition Version 1.7 and Version 1.8 that are used by IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5, and V5.0.4 respectively. These issues were disclosed as part of the IBM Java SDK updates in January 2019. \n \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by a divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Application Delivery Intelligence for IBM Z V5.1.0\n\nIBM Application Delivery Intelligence for IBM Z V5.0.5\n\nIBM Application Delivery Intelligence for IBM Z V5.0.4\n\n## Remediation/Fixes\n\nObtain the latest Java JRE CPU update for the IBM Java SDK by using the following information. \n\n[ADI 5.1.0, Java 1.8](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Application+Delivery+Intelligence&release=5.1.0.1&platform=All&function=all>)\n\n[ADI 5.0.5, Java 1.8](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Application+Delivery+Intelligence&release=5.0.5.2&platform=All&function=all>)\n\n[ADI 5.0.4, Java 1.7 ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/IBM+Application+Delivery+Intelligence&release=5.0.4.3&platform=All&function=all>)\n\n 1. If you are running ADI V5.0.5 or V5.1.0, skip this step. For V5.0.4, complete the following substeps. \n 1. **Stop the server****.** Navigate to the server directory in your Rational product installation path and run this script: `server.shutdown`\n 2. **Modify the healthcenter parameter set. **\n * Navigate to the server directory in your Rational product installation path, open the `server.startup` script by using your preferred text editor (e.g., Notepad for Windows or Vim Editor for Linux).\n * Search parameter _-Dcom.ibm.java.diagnostics.healthcenter.agent_ in the `server.startup` script to find the line that contains the healthcenter parameter. \nNOTE: For some Rational Collaborative Lifecycle Management versions,_ -Dcom.ibm.java.diagnostics.healthcenter.agent_ parameter may not be found in the `server.startup`, in this case, the update is not needed and you can start using your server.\n * **Windows:** \nComment out the line (where the _HEALTHCENTER_OPTS_ parameter is located) by inserting \"rem \" at the beginning of the line: \n \n**_Before modification:_ ** \n_set HEALTHCENTER_OPTS=-agentlib:healthcenter_ **_... \n \nAfter modification:_ ** \n_rem set HEALTHCENTER_OPTS=-agentlib:healthcenter ..._\n * **Linux:** \nComment out the line (where the _HEALTHCENTER_OPTS_ parameter is located) by inserting \"# \" at the beginning of the line: \n \n**_Before modification:_ ** \n_export HEALTHCENTER_OPTS=\"-agentlib:healthcenter_ **_... \n \nAfter modification:_ ** \n_# export HEALTHCENTER_OPTS=\"-agentlib:healthcenter ..._\n 3. **Start the server****.** Navigate to the server directory in your Rational product installation path and run this script: `server.startup`\n 2. Upgrade your JRE by following the instructions in the link below: \n[_How to update the IBM SDK for Java of IBM Rational products based on version 3.0.1.6 or later of IBM's Jazz technology_ ](<http://www.ibm.com/support/docview.wss?uid=swg21674139>)\n 3. Navigate to the server directory in your Rational product installation path, and go to _jre/lib/security_ path.\n\n 1. Open the `java.security` file by using your preferred text editor (e.g., Notepad for Windows or Vim Editor for Linux).\n\n 2. Remove the MD5 option from the _jdk.jar.disabledAlgorithms_ parameter set:\n\n * **_Before modification:_** \n_jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize &lt; 1024_ \n\n * **_After modification:_** \n_jdk.jar.disabledAlgorithms=MD2, RSA keySize &lt; 1024_\n\n \n\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-29T15:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK (January 2019) affecting IBM Application Delivery Intelligence for IBM Z V5.1.0, V5.0.5 and V5.0.4", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-05-29T15:10:01", "id": "A62F2CD8BA3B572EFF3B5A5ED675102B48ACE55BB89A8187BC71E8B089BFB6DD", "href": "https://www.ibm.com/support/pages/node/885184", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:19", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 that affect the WebSphere DataPower XC10 Appliance. The issues were disclosed as part of the IBM SDK, Java\u2122 Technology Edition updates in January and April 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2684](<https://vulners.com/cve/CVE-2019-2684>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance Version 2.5\n\n## Remediation/Fixes\n\n## \n\nProduct | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nWebSphere DataPower XC10 Appliance V2.5 on appliance 7199-92X | Version 2.5 with SSD drivers \n**Important**: See [_More Information_](<http://www-01.ibm.com/support/docview.wss?uid=swg21682625>) link and follow instructions to determine if you have an old or newer SSD driver on your appliance using the `show ssd-version` command. | IT28927 | Refer to the **Version 2.5** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \nWebSphere DataPower XC10 Appliance V2.5 virtual image | 2.5 | IT28927 | Refer to the **Version 2.5** table in [Recommended fixes for WebSphere DataPower XC10 Appliance](<http://www-01.ibm.com/support/docview.wss?uid=swg27019704>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-31T05:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere DataPower XC10 Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426", "CVE-2019-2684"], "modified": "2019-05-31T05:10:01", "id": "F1B785D204C426160110194CE97857E0C4BD0233E254D017268713F39E6DD34A", "href": "https://www.ibm.com/support/pages/node/884080", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:39:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) \n\n** CVEID: **[CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L). \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n** CVEID: **[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION: **Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n** CVEID: **[CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION: **An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Cloud APM, Base Private | 8.1.4 \nIBM Cloud APM, Advanced Private | 8.1.4 \nIBM Cloud APM | 8.1.4 \nIBM Monitoring | 8.1.3 \nIBM Application Diagnostics | 8.1.3 \nIBM Application Performance Management | 8.1.3 \nIBM Application Performance Management Advanced | 8.1.3 \n \n## Remediation/Fixes\n\nIBM Application Performance Management, Base Private \n\nIBM Application Performance Management, Advanced Private\n\n| 8.1.4 | \n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0009 server patch to the system where the Cloud APM server is installed: <http://www.ibm.com/support/docview.wss?uid=ibm10961578>[ ](<https://www.ibm.com/support/docview.wss?uid=ibm10874776>)\n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0007 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/docview.wss?uid=ibm10961656> \n \n---|---|--- \nIBM Cloud Application Performance Management | N/A | The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0007 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/docview.wss?uid=ibm10961656> \n \nIBM Monitoring\n\n \nIBM Application Diagnostics\n\nIBM Application Performance Management\n\nIBM Application Performance Management Advanced \n\u200b\n\n| 8.1.3 | \n\nThe vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0016 server patch to the system where the APM server is installed: <https://www.ibm.com/support/pages/ibm-application-performance-management-813-8130-ibm-ipm-server-if0016-readme>\n\nThe vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-GATEWAY-IF0012 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/ibm-application-performance-management-813-8130-ibm-apm-gateway-if0012-readme> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-12-20T08:47:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-12-20T08:47:33", "id": "179FD3D99FEB156E9BE800C71A01BE253FA92ED40794718E11C002132C6604BE", "href": "https://www.ibm.com/support/pages/node/1106973", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:47:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7.0, 7.1 and 8.0 used by CICS Transaction Gateway. CICS Transaction Gateway has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157513> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n#### **CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nCICS Transaction Gateway v8.0.0.0 \u2013 8.0.0.6 \nCICS Transaction Gateway v8.1.0.0 \u2013 8.1.0.5 \nCICS Transaction Gateway v9.0.0.0 \u2013 9.0.0.4 \nCICS Transaction Gateway v9.1.0.0 \u2013 9.1.0.3 \nCICS Transaction Gateway v9.2.0.0 \u2013 9.2.0.2\n\n## Remediation/Fixes\n\nUpgrade the JRE used by CICS TG Java client applications and/or the CICS TG Gateway daemon. Updated JREs which can used with CICS TG Java client applications and the Gateway daemon are made available on Fix Central.\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nCICS Transaction Gateway for Multiplatforms | 9.2.0.0 \n9.2.0.1 \n9.2.0.2 | Updated JRE's have been made available on Fix Central as Fix packs. \nAIX: [8.0.5-CICSTG-AIXpSeries32-JRE-SR31 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-AIXpSeries32-JRE-SR31&continue=1>) \nHP-UX: [8.0.5-CICSTG-HPUXIA32-JRE-SR30 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-HPUXIA32-JRE-SR30&continue=1>) \nxLinux: [8.0.5-CICSTG-Linuxx8632-JRE-SR31 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-Linuxx8632-JRE-SR31&continue=1>) \npLinux: [8.0.5-CICSTG-LinuxpSeries32-JRE-SR31 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-LinuxpSeries32-JRE-SR31&continue=1>) \nzLinux: [8.0.5-CICSTG-LinuxzSeries31-JRE-SR31 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-LinuxzSeries31-JRE-SR31&continue=1>) \nWindows:[8.0.5-CICSTG-Windowsx8632-JRE-SR31](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=8.0.5-CICSTG-Windowsx8632-JRE-SR31&continue=1>) | \n[https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&amp;query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&amp;query.release=9.2.0&amp;query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm%7EOther%20software&query.product=ibm%7EWebSphere%7ECICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \nCICS Transaction Gateway for Multiplatforms | 9.1.0.0 \n9.1.0.1 \n9.1.0.2 \n9.1.0.3 | Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.10-CICSTG-SolarisSPARC32-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-SolarisSPARC32-JRE-SR40&continue=1>) \nAIX: [7.1.4-CICSTG-AIXpSeries32-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-AIXpSeries32-JRE-SR40&continue=1>) \nxLinux: [7.1.4-CICSTG-Linuxx8632-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-Linuxx8632-JRE-SR40&continue=1>) \npLinux: [7.1.4-CICSTG-LinuxpSeries32-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-LinuxpSeries32-JRE-SR40&continue=1>) \nzLinux: [7.1.4-CICSTG-LinuxzSeries31-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-LinuxzSeries31-JRE-SR40&continue=1>) \nWindows: [7.1.4-CICSTG-Windowsx8632-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.1.4-CICSTG-Windowsx8632-JRE-SR40&continue=1>) | \n[https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&amp;query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&amp;query.release=9.1.0&amp;query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm%7EOther%20software&query.product=ibm%7EWebSphere%7ECICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \nCICS Transaction Gateway for Multiplatforms | 9.0.0.0 \n9.0.0.1 \n9.0.0.2 \n9.0.0.3 \n9.0.0.4 \n8.1.0.0 \n8.1.0.1 \n8.1.0.2 \n8.1.0.3 \n8.1.0.4 \n8.1.0.5 \n8.0.0.0 \n8.0.0.1 \n8.0.0.2 \n8.0.0.3 \n8.0.0.4 \n8.0.0.5 \n8.0.0.6 | Updated JRE's have been made available on Fix Central as Fix packs. \nSolaris: [7.0.10-CICSTG-SolarisSPARC32-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-SolarisSPARC32-JRE-SR40&continue=1>) \nAIX: [7.0.10-CICSTG-AIXpSeries32-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-AIXpSeries32-JRE-SR40&continue=1>) \nxLinux: [7.0.10-CICSTG-Linuxx8632-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-Linuxx8632-JRE-SR40&continue=1>) \npLinux: [7.0.10-CICSTG-LinuxpSeries32-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-LinuxpSeries32-JRE-SR40&continue=1>) \nzLinux: [7.0.10-CICSTG-LinuxzSeries31-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-LinuxzSeries31-JRE-SR40&continue=1>) \nWindows: [7.0.10-CICSTG-Windowsx8632-JRE-SR40 ](<https://www-945.ibm.com/support/fixcentral/swg/doSelectFixes?options.selectedFixes=7.0.10-CICSTG-Windowsx8632-JRE-SR40&continue=1>) | [https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm~Other%20software&amp;query.product=ibm~WebSphere~CICS%20Transaction%20Gateway%20for%20Multiplatforms&amp;query.release=9.0.0&amp;query.platform=All](<https://www-945.ibm.com/support/fixcentral/swg/identifyFixes?query.parent=ibm%7EOther%20software&query.product=ibm%7EWebSphere%7ECICS%20Transaction%20Gateway%20for%20Multiplatforms&query.release=9.0.0&query.platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-02T14:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect CICS Transaction Gateway", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-12549", "CVE-2018-1890"], "modified": "2019-05-02T14:50:01", "id": "F46CADA935BAB7CB2109AA0785089017604AD7EAC5A1D830D4321BAF92856A7C", "href": "https://www.ibm.com/support/pages/node/883004", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:44:56", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8.0.5.21 and 7.0.10.35 used by IBM Cast Iron. \nThese issues were disclosed as part of the IBM Java SDK updates in January 2019 &amp; April 2019 \nIBM Cast Iron has addressed the applicable CVEs. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2684](<https://vulners.com/cve/CVE-2019-2684>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)\n\n**CVEID:** [CVE-2019-2602](<https://vulners.com/cve/CVE-2019-2602>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159698> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0\n\nWebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2\n\nApp Connect Professional v 7.5.2.0\n\nApp Connect Professional v 7.5.3.0\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nIBM Cast Iron | 7.0.0.0 \n7.0.0.1 \n7.0.0.2 | LI80968 | [7002 Fixcentral Link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.scrypt2,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.vcrypt2,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.32bit.sc-linux,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.32bit.sc-win,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.sc-linux,7.0.0.2-WS-WCI-20190724-0516_H8_64-CUMUIFIX-045.sc-win,7.0.0.2-WS-WCI-20190724-0543_H7_64-CUMUIFIX-045.32bit.studio,7.0.0.2-WS-WCI-20190724-0543_H7_64-CUMUIFIX-045.studio&includeSupersedes=0>) \nIBM Cast Iron | 7.5.0.0 \n7.5.0.1 \n7.5.1.0 | LI80968 | [7510 fixcentral Link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.scrypt2,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.vcrypt2,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.32bit.sc-linux,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.sc-linux,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.32bit.sc-win,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.sc-win,7.5.1.0-WS-WCI-20190723-2038_H7_64-CUMUIFIX-024.docker,7.5.1.0-WS-WCI-20190723-2039_H8_64-CUMUIFIX-024.32bit.studio,7.5.1.0-WS-WCI-20190723-2039_H8_64-CUMUIFIX-024.studio&includeSupersedes=0>) \nApp Connect Professional | 7.5.2.0 | LI80968 | [7520 Fixcentral link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.2.0&platform=All&function=fixId&fixids=7.5.2.0-WS-ACP-20190728-1413_H15_64-CUMUIFIX-017.vcrypt2,7.5.2.0-WS-ACP-20190728-1413_H15_64-CUMUIFIX-017.32bit.sc-linux,7.5.2.0-WS-ACP-20190728-1413_H15_64-CUMUIFIX-017.sc-linux,7.5.2.0-WS-ACP-20190728-1413_H15_64-CUMUIFIX-017.32bit.sc-win,7.5.2.0-WS-ACP-20190728-1413_H15_64-CUMUIFIX-017.sc-win,7.5.2.0-WS-ACP-20190728-1413_H15_64-CUMUIFIX-017.docker,7.5.2.0-WS-ACP-20190728-1413_H9_64-CUMUIFIX-017.32bit.studio,7.5.2.0-WS-ACP-20190728-1413_H9_64-CUMUIFIX-017.studio&includeSupersedes=0>) \nApp Connect Professional | 7.5.3.0 | LI80968 | [7530 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.3.0&platform=All&function=fixId&fixids=7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.builtDockerImage,7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.docker,7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.vcrypt2,7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.sc-linux,7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.32bit.sc-linux,7.5.3.0-WS-ACP-20190727-1416_H9_64-CUMUIFIX-005.studio,7.5.3.0-WS-ACP-20190727-1416_H9_64-CUMUIFIX-005.32bit.studio,7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.sc-win,7.5.3.0-WS-ACP-20190726-2039_H17_64-CUMUIFIX-005.32bit.sc-win,&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-08-07T15:04:08", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cast Iron (aka App Connect Professional)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2602", "CVE-2019-2684"], "modified": "2019-08-07T15:04:08", "id": "08749D2CCAC89E6680D2F11C9FEB7B907DF0DBFC357218F10F3FAC8D1786C159", "href": "https://www.ibm.com/support/pages/node/960276", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-24T01:40:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM Monitoring. IBM Monitoring has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155766> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Monitoring 8.1.3 \nIBM Application Diagnostics 8.1.3 \nIBM Application Performance Management 8.1.3 \nIBM Application Performance Management Advanced 8.1.3 \nIBM Cloud Application Performance Management, Base Private 8.1.4 \nIBM Cloud Application Performance Management, Advanced Private 8.1.4 \nIBM Cloud Application Performance Management\n\n## Remediation/Fixes\n\nProduct | Product VRMF | Remediation \n---|---|--- \n \nIBM Application Performance Management, Base Private\n\nIBM Application Performance Management, Advanced Private\n\n| 8.1.4 | \n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0009 server patch to the system where the Cloud APM server is installed: <http://www.ibm.com/support/docview.wss?uid=ibm10961578>[ ](<https://www.ibm.com/support/docview.wss?uid=ibm10874776>)\n\nThe vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0007 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/docview.wss?uid=ibm10961656> \n \nIBM Cloud Application Performance Management | N/A | The vulnerabilities can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0007 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/docview.wss?uid=ibm10961656> \n \nIBM Monitoring\n\n \nIBM Application Diagnostics\n\nIBM Application Performance Management\n\nIBM Application Performance Management Advanced \n\u200b\n\n| 8.1.3 | \n\nThe vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-SERVER-IF0016 server patch to the system where the APM server is installed: <https://www.ibm.com/support/pages/ibm-application-performance-management-813-8130-ibm-ipm-server-if0016-readme>\n\nThe vulnerabilities can be remediated by applying the following 8.1.3.0-IBM-IPM-GATEWAY-IF0012 Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/ibm-application-performance-management-813-8130-ibm-apm-gateway-if0012-readme> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-11-05T21:58:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2019-2422", "CVE-2019-2426", "CVE-2019-2449"], "modified": "2019-11-05T21:58:51", "id": "6230D3333146C413BF31F6BD1F5D5D2C29CC03D912507845E6E89B48C08D07B3", "href": "https://www.ibm.com/support/pages/node/1098267", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:46:43", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 6, 7 and 8 used by IBM MQ and IBM MQ Appliance. IBM MQ and IBM Appliance have addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** _[CVE-2019-2449](<https://vulners.com/cve/CVE-2019-2449>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Deployment component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155766>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155741](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155741>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2018-12549](<https://vulners.com/cve/CVE-2018-12549>)_ \n**DESCRIPTION:** Eclipse OpenJ9 could allow a remote attacker to execute arbitrary code on the system, caused by the failure to omit a null check on the receiver object of an Unsafe call when accelerating it. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157513](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157513>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n_**IBM MQ and IBM MQ Appliance 9.1 Long Term Support (LTS)**_ \nMaintenance levels 9.1.0.1 and earlier\n\n_**IBM MQ and IBM MQ Appliance 9.1 Continuous Delivery (CD)**_ \nContinuous delivery update 9.1.1\n\n_**IBM MQ 9.0.0.x Long Term Support (LTS)**_ \nMaintenance level 9.0.0.5 and earlier\n\n_**IBM MQ and IBM MQ Appliance 8.0**_ \nMaintenance levels 8.0.0.11 and earlier\n\n## Remediation/Fixes\n\n_**IBM MQ and IBM MQ Appliance 9.1 Long Term Support (LTS)**_ \nApply Fix Pack [v9.1.0.2](<https://www-01.ibm.com/support/docview.wss?uid=ibm10879379>)\n\n_**IBM MQ and IBM MQ Appliance 9.1 Continuous Delivery Release (CDR)**_ \nApply Continuous Delivery Update [v9.1.2](<https://www-01.ibm.com/support/docview.wss?uid=swg24043463>)\n\n_**IBM MQ 9.0.0.x Long Term Support (LTS)**_ \nApply Fix Pack [v9.0.0.6](<https://www-01.ibm.com/support/docview.wss?uid=ibm10876306>)\n\n_**IBM MQ and IBM MQ Appliance V8.0**_ \nApply Fix Pack [v8.0.0.12](<http://www-01.ibm.com/support/docview.wss?uid=ibm10884142>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-16T16:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ and IBM MQ Appliance", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12549", "CVE-2019-2422", "CVE-2019-2449"], "modified": "2019-05-16T16:55:01", "id": "6FDADE5461155D2CDDB85C464C176EBE5FC7852093D8BFF04320925FF519BC1D", "href": "https://www.ibm.com/support/pages/node/884286", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0.10.40 and Version 8.0.5.30 used by Rational Functional Tester (RFT) versions 8.3.0 - 8.6.0.6 and 8.6.0.7 - 9.5. RFT has addressed the applicable CVEs.\n\n## Vulnerability Details\n\nRational Functional Tester has addressed the following:\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"**IBM Java SDK Security Bulletin**\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)\n\n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n * Rational Functional Tester: 8.3.0 - 8.6.0.6\n * Rational Functional Tester: 8.6.0.7 - 9.5\n\n## Remediation/Fixes\n\nApply the correct fix pack or iFix for your version of the Rational Functional Tester :\n\n**Product** | **Version** | **APAR** | **Remediation/ First Fix** \n---|---|---|--- \nRFT | 8.3.0 - 8.3.0.x, 8.5.0 - 8.5.0.x, 8.5.1 - 8.5.1.x, and 8.6.0 - 8.6.0.6 | None | Download IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 40 _[**iFix**](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Functional+Tester&release=8.6.0.6&platform=All&function=fixId&fixids=Rational-RFT-Java7SR10FP40-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) _ from the Fix Central and apply it. \nRFT | 8.6.0.7 - 8.6.0.10, 9.1 - 9.1.1.1, and 9.2 - 9.5 | None | Download IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 30 **_[iFix](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Functional+Tester&release=9.5.0&platform=All&function=fixId&fixids=Rational-RFT-Java8SR5FP30-ifix&includeRequisites=1&includeSupersedes=0&downloadMethod=http>) _ **from the Fix Central and apply it. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-02T09:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affecting Rational Functional Tester", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2019-2426"], "modified": "2019-05-02T09:55:01", "id": "40EE901855508B0474D0597FC389C5F0065E813B947C73BEFBDEB18F8CFC886F", "href": "https://www.ibm.com/support/pages/node/876096", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: ** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**Description: **libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \n**CVSS Base Score: **3.3 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L \n \n**CVEID: ** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**Description: **Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \n**CVSS Base Score: **9.8 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H \n \n**CVEID: ** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**Description: **An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \n**CVSS Base Score: **3.7 \n**CVSS Temporal Score: ** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \n**CVSS Environmental Score: ***Undefined \n**CVSS Vector: **CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N \n\n\n## Affected Products and Versions\n\n\u00b7 IBM QRadar 7.3 to 7.3.2 Patch 1\n\n\u00b7 IBM QRadar 7.2 to 7.2.8 Patch 15\n\n## Remediation/Fixes\n\n[_IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 2_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.2-QRADAR-QRSIEM-20190522204210&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true>)\n\n[_IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 16_](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=7.2.0&platform=All&function=fixId&fixids=QRadarFix-728-QRSIEM-20190703194519&includeRequisites=1&includeSupersedes=0&downloadMethod=http>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-10T18:40:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2019-2426"], "modified": "2019-07-10T18:40:02", "id": "95A89096D6A3775522F71BC5811D2B9C48B5E4C0D9092D7AC3FA13E24E89C85F", "href": "https://www.ibm.com/support/pages/node/957349", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T21:40:30", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by IBM Rational Software Architect and Rational Software Architect for WebSphere Software has addressed the applicable CVEs (CVE-2018-11212 , CVE-2019-2426 ,CVE-2018-12547).\n\n## Vulnerability Details\n\n**CVEID:** _[CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>)_ \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/143429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/143429>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nRational Software Architect 9.7 and earlier \n\nRational Software Architect for WebSphere Software 9.7 and earlier\n\n## Remediation/Fixes\n\nUpdate the IBM SDK, Java Technology Edition of the product to address this vulnerability: \n**Product** | **VRMF** | **Remediation/First Fix** \n---|---|--- \nRational Software Architect Designer (RSAD) | \n\n9.5 to 9.5.0.3 \n9.6 to 9.6.1\n\n9.7\n\n| [IBM Java SDK/JRE 8 SR5 FP30 IFixes](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Software+Architect&fixids=Rational-RSA-Java8SR5FP30_RAD_RSA-ifix&source=SAR>) \nRational Software Architect Designer for WebSphere Software (RSAD4WS) | \n\n9.5 to 9.5.0.3 \n9.6 to 9.6.1\n\n9.7\n\n| [IBM Java SDK/JRE 8 SR5 FP30 IFixes](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Software+Architect+for+WebSphere+Software&fixids=Rational-RSA4WS-Java8SR5FP30_RAD_RSA-ifix&source=SAR>) \nRational Software Architect (RSA) | 9.0 to 9.0.0.1 \n9.1 to 9.1.2.3 | [IBM Java SDK/JRE 7 SR10 FP40 IFixes](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Software+Architect&fixids=Rational-RSA-Java7SR10FP40_RAD_RSA-ifix&source=SAR>) \nRational Software Architect for WebSphere Software | 9.0 to 9.0.0.1 \n9.1 to 9.1.2.3 | [IBM Java SDK/JRE 7 SR10 FP40 IFixes](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Software+Architect+for+WebSphere+Software&fixids=Rational-RSA4WS-Java7SR10FP40_RAD_RSA-ifix&source=SAR>) \n \n**Installation Instructions:** \n \nFor instructions on installing this update using Installation Manager, review the topic [Updating Installed Product Packages](<http://www.ibm.com/support/knowledgecenter/SS8PJ7_9.1.0/com.ibm.xtools.installation.rsaws.doc/topics/t_update.html>) in the IBM Knowledge Center. \n \n**Instructions to download and install the update from the compressed files:**\n\n 1. Download the update files from Fix Central by following the link listed in the download table above \n\n 2. Extract the compressed files in an appropriate directory. \n \nFor example, choose to extract to `C:\\temp\\update` \n\n 3. Start IBM Installation Manager. \n\n 4. On the Start page of Installation Manager, click **File &gt; Preferences**, and then click **Repositories**. The Repositories page opens. \n\n 5. On the Repositories page, click **Add Repository**. \n\n 6. In the Add repository window, browse to or enter the file path to the repository.config file, which is located in the directory where you extracted the compressed files and then click OK. \n \nFor example, enter `C:\\temp\\update\\repository.config`. \n\n 7. Click **OK** to close the Preference page. \n\n 8. Install the update as described in the the topic [Updating Installed Product Packages](<http://www.ibm.com/support/knowledgecenter/SS8PJ7_9.1.0/com.ibm.xtools.installation.rsaws.doc/topics/t_update.html>) in the IBM Knowledge Center for your product and version.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-10T17:03:14", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Software Architect and Rational Software Architect for WebSphere Software", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2019-2426"], "modified": "2020-09-10T17:03:14", "id": "68FE27A404603F6BC15C9A946BBD279E122CB2A228269BA4C8E5830431C8A565", "href": "https://www.ibm.com/support/pages/node/715413", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:42", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 which is used by the IBM Spectrum Protect (formerly Tivoli Storage Manager) Server. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L) \n \n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability affects the following IBM Spectrum Protect (formerly Tivoli Storage Manager) Server levels:\n\n * 8.1.0.0 through 8.1.7.xxx\n * 7.1.0.0 through 7.1.9.200\n\n## Remediation/Fixes\n\n_**IBM Spectrum Protect \nServer Release**_ | _**First Fixing \nVRM Level**_ | _**Platform**_ | _**Link to Fix**_ \n---|---|---|--- \n8.1 | 8.1.8 | AIX \nLinux \nWindows | \n\n<https://www.ibm.com/support/docview.wss?uid=ibm10888463> \n \n7.1 \n\n\n| \n\n7.1.9.300\n\n| AIX \nHP-UX \nLinux \nSolaris \nWindows | \n\n[ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/server/ ](<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/server/>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-28T21:20:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect the IBM Spectrum Protect Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-06-28T21:20:01", "id": "910790AFE2AD27449B2A620E21CA673A2E81BED5524BCB4B402935560E52D421", "href": "https://www.ibm.com/support/pages/node/882632", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:42", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 which is used by IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center and IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L) \n \n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Operations Center are affected:\n\n * 8.1.0.000 through 8.1.7.xxx\n * 7.1.0.000 through 7.1.9.200\n\nThe following levels of IBM Spectrum Protect (formerly Tivoli Storage Manager) Client Management Service (CMS) are affected:\n\n * 8.1.0.000 through 8.1.7.xxx\n * 7.1.0.000 through 7.1.9.200\n\n## Remediation/Fixes\n\n_**IBM Spectrum Protect \nOperations Center Release**_ | _**First Fixing \nVRM Level**_ | _**Platform**_ | _**Link to Fix**_ \n---|---|---|--- \n8.1 | 8.1.8 | AIX \nLinux \nWindows | \n\n<https://www.ibm.com/support/docview.wss?uid=ibm10888465> \n \n7.1\n\n| \n\n7.1.9.300\n\n| AIX \nLinux \nWindows | \n\n<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/opcenter/7.1.9.300> \n \n_**IBM Spectrum Protect \nClient Management Service (CMS) Release**_ | _**First Fixing \nVRM Level**_ | _**Platform**_ | _**Link to Fix**_ \n---|---|---|--- \n8.1 | 8.1.8 | Linux \nWindows | <ftp://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1> \n \n7.1\n\n| \n\n7.1.9.300\n\n| Linux \nWindows | \n\n<ftp://public.dhe.ibm.com/storage/tivoli-storage-management/patches/cms/7.1.9.300> \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-28T21:50:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-06-28T21:50:01", "id": "B4816627A76C3594EEA5390203C84A31076F0205605E2CAECFCE5886E6D51EE4", "href": "https://www.ibm.com/support/pages/node/883144", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:26", "description": "## Summary\n\nWebSphere Application Server is shipped with Tivoli Netcool Performance Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\nCVE | Product | Versions | OS \n---|---|---|--- \nCVE-2019-2426 | Tivoli Netcool Performance Manager | 1.4.4, 1.4.3.2, 1.4.3, 1.4.2, 1.4.1, 1.4.0 | Linux, Solaris, AIX \nCVE-2018-12547 | 1.4.4, 1.4.3.2, 1.4.3 | Linux, AIX \nCVE-2018-1890 | 1.4.4, 1.4.3.2, 1.4.3 | AIX \n \n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with Tivoli Netcool Performance Manager.\n\n<https://www-01.ibm.com/support/docview.wss?uid=ibm10873042>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-27T11:15:02", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager (CVE-2019-2426, CVE-2018-12547, CVE-2018-1890)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-03-27T11:15:02", "id": "49E638EA8DC763C4A720AC82A063EC2AAD306BBC9896E4498C4A75F086639A96", "href": "https://www.ibm.com/support/pages/node/876418", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:47", "description": "## Summary\n\nThere are multiple vulnerabiltities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in January 2019. \n\n## Vulnerability Details\n\nFor information on the IBM Java SDK that is now bundled with WebSphere Application Server Version 8.5.5 refer to the Knowledge Center link in the References section. \n \nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information.\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>)_ \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.2.5.3\n\n## Remediation/Fixes\n\nPlease see the [IBM Java SDK Security Bulletin for WebSphere Application Server](<http://www.ibm.com/support/docview.wss?uid=ibm10873042>) to determine which WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix 1.0.0.0-WS-WASPATTERNS-JDK-1901 can be used to apply the January SDK iFixes in a PureApplication Environment.\n\nDownload and apply the interim fix [1.0.0.0-WS-WASPATTERNS-JDK-1901. ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-1901&includeSupersedes=0>)\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-07T21:35:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affects WebSphere Application Server January 2019 CPU that is bundled with IBM WebSphere Application Server Patterns", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-03-07T21:35:01", "id": "3CCD2B0475A901B1974F77FC07C260EB8E3C19C87D782B2F9AD4968B844B98F8", "href": "https://www.ibm.com/support/pages/node/874750", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:45:40", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7.0.10.35 and earlier, 7.1.4.35 and earlier, 8.0.5.27 and earlier used by IBM\u00ae Db2\u00ae. These issues were disclosed as part of the IBM Java SDK updates in January 2019.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAll fix pack levels of IBM Db2 V9.7, V10.1, V10.5, and V11.1 editions on all platforms are affected.\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the appropriate fix for this vulnerability. \n \nThe fix for this vulnerability is in the latest version of IBM JDK. Customers running any vulnerable fixpack level of an affected Program, V10.1, V10.5 or V11.1 can download the latest version of IBM JDK from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Information+Management&product=ibm/Information+Management/DB2&release=All&platform=All&function=fixId&fixids=*Java*&includeSupersedes=0%20>). \n\n\nAffected IBM SDK, Java Technology Edition, Version:\n\n * 7.0.10.35 and earlier\n * 7.1.4.35 and earlier\n * 8.0.5.27 and earlier\n\n \nFixes for applicable vulnerabilities are included in IBM SDK, Java Technology Edition:\n\n * 7.0.10.40\n * 7.1.4.40\n * 8.0.5.30\n\nRefer to the table below to determine the IBM JDK level that contains the fix. Then follow the instructions below to perform the JDK installation.\n\n**Db2 Release** | **Fixed IBM Release** \n---|--- \n**V10.1.x** | 7.0.10.40 or later \n**V10.5.x** | 7.0.10.40 or later \n**V11.1.x** | 8.0.5.30 or later \n \nInstructions for IBM JDK Installation can be found here: \n<http://www.ibm.com/support/docview.wss?uid=swg27050993>\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-01T01:35:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM\u00ae Db2\u00ae.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-07-01T01:35:01", "id": "980C17AFA89872C74755CDA953866616DAF86CE3D3D34780383D289340B988F0", "href": "https://www.ibm.com/support/pages/node/875132", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:41:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 \nused by IBM Sterling Secure Proxy. These issues were disclosed as part of the IBM Java SDK updates in January 2019. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling Secure Proxy 6.0.0.0 through 6.0.0.0 iFix 1\n\nIBM Sterling Secure Proxy 3.4.3.0 through 3.4.3.2 iFix 4\n\nIBM Sterling Secure Proxy 3.4.2.0 through 3.4.2.0 iFix 17\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_iFix_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nIBM Secure Proxy\n\n| \n\n6.0.0.0\n\n| \n\n_MFT10242_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=6.0.0.0&platform=All&function=all>) \n \nIBM Sterling Secure Proxy\n\n| \n\n3.4.3.2\n\n| \n\n_MFT10242_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.3.0&platform=All&function=all>) \n \nIBM Sterling Secure Proxy\n\n| \n\n3.4.2.0\n\n| \n\n_MFT10242_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Sterling+Secure+Proxy&release=3.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T01:13:16", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Secure Proxy", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2020-02-05T01:13:16", "id": "8211994399E04C789FC76AB9DC595C5EF96DE232487BC65F21231E5D2A2FF50A", "href": "https://www.ibm.com/support/pages/node/885937", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:41:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed as part of the IBM Java SDK updates in March 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Rational ClearQuest version 9 in the following components:\n\n * ClearQuest Web/CQ OSLC server/CM Server component, when configured to use SSL.\n * ClearQuest Eclipse clients that use Report Designer, run remote reports on servers using secure connections, or use the embedded browser to connect to secure web sites. If you do not use the ClearQuest Eclipse client in this way, then you are not affected.\n\n**ClearQuest version**\n\n| \n\n**Status** \n \n---|--- \n9.0.1.7 on linux_x86 (32-bit) | Affected \n \n9.0.1 through 9.0.1.6\n\n| \n\nAffected \n \n9.0 through 9.0.0.6\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS).\n\n**ClearQuest Eclipse Clients** \nApply the relevant fixes as listed in the table below.\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n9.0.1.7 on linux_x86 (32-bit) | Install [Rational ClearQuest Fix Pack 8 (9.0.1.8) for 9.0.1](<http://www.ibm.com/support/docview.wss?uid=ibm11072268>) \n \n9.0.1 through 9.0.1.6 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearQuest Fix Pack 7 (9.0.1.7) or higher for 9.0.1](<http://www.ibm.com/support/docview.wss?uid=ibm10885010>) \n \n_For 8.0, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**ClearQuest Web/CQ OSLC Server/CM Server Component**\n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n[Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2019 CPU](<https://www-01.ibm.com/support/docview.wss?uid=ibm10873042>) \nand apply the latest available fix for the version of WAS used for CM server.\n\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link above (in the section \"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-20T08:41:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-09-20T08:41:15", "id": "0D5F825ED9520B20F9EBA7E352BCB56AE8888832540B9F56B61B76962E8236F9", "href": "https://www.ibm.com/support/pages/node/887167", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK update in January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nOMNIbus | 8.1.0.19 | IJ14266 | <https://www.ibm.com/support/docview.wss?uid=ibm10791851> \n \n## Workarounds and Mitigations\n\nUpgrading the JRE is the only solution.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-17T16:20:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-05-17T16:20:02", "id": "FB85CEEAD8C48AF70AA7AD629250F45A6ACA126505AA16EF4F81388630286AF3", "href": "https://www.ibm.com/support/pages/node/874656", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-21T01:39:00", "description": "## Summary\n\nMultiple vulnerabilities in Apache Commons exists in IBM Sterling B2B Integrator\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2016-3092](<https://vulners.com/cve/CVE-2016-3092>)** \nDESCRIPTION:** Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/114336> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID:** [CVE-2014-0050](<https://vulners.com/cve/CVE-2014-0050>)** \nDESCRIPTION:** Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90987> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2013-0248](<https://vulners.com/cve/CVE-2013-0248>)** \nDESCRIPTION:** Apache Commons FileUpload could allow a local attacker to launch a symlink attack. Temporary files are created insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a temporary file to various files on the system, which could allow the attacker to overwrite arbitrary files on the system with elevated privileges. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82618> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P) \n\n## Affected Products and Versions\n\nIBM Sterling B2B Integrator 5.2\n\n## Remediation/Fixes\n\n**Product &amp; Version **\n\n| \n\n**Remediation/Fix** \n \n---|--- \n \nIBM Sterling B2B Integrator 5.2.0 - 5.2.6.3\n\n| Apply fix pack 5020603 then interim fix 5020603_1 on [_Fix Central_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Sterling+B2B+Integrator&release=5.2.6.3&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-05T00:53:36", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in Apache Commons Affect IBM Sterling B2B Integrator (CVE-2016-3092, CVE-2014-0050, CVE-2013-0248)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0248", "CVE-2014-0050", "CVE-2016-3092"], "modified": "2020-02-05T00:53:36", "id": "DBEEBEA67BF53D06F2B67D1EC250BC6DC481E7E1D95538F33DA149848FB8D480", "href": "https://www.ibm.com/support/pages/node/291151", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:47:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Java Development kit, Version 7 which is used by IBM Rational Method Composer (RMC). These issues were disclosed as part of the IBM Java SDK updates in March 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-11212](<https://vulners.com/cve/CVE-2018-11212>) \n**DESCRIPTION:** libjpeg is vulnerable to a denial of service, caused by divide-by-zero error in the alloc_sarray function in jmemmgr.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143429> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nRational Method Composer 7.5.3.1\n\nRational Method Composer 7.5.3\n\nRational Method Composer 7.5.2.4\n\n## Remediation/Fixes\n\nFor Rational Method Composer 7.5.3.1 , upgrade the IBM Java development kit used with Rational Method Composer to version 7.1.4.40, which can be downloaded from: \n[Rational-RMC-7.5.3.1-JavaSE-JDK-7.1SR4FP40](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Method+Composer&fixids=Rational-RMC-7.5.3.1-JavaSE-JDK-7.1SR4FP40&source=SAR>)\n\nFor Rational Method Composer 7.5.3.0 , upgrade the IBM Java development kit used with Rational Method Composer to version 7.1.4.40, which can be downloaded from: \n[Rational-RMC-7.5.3.0-JavaSE-JDK-7.1SR4FP40](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Method+Composer&fixids=Rational-RMC-7.5.3.0-JavaSE-JDK-7.1SR4FP40&source=SAR>)\n\nFor Rational Method Composer 7.5.2.4 , upgrade the IBM Java development kit used with Rational Method Composer to version 7.0.10.40, which can be downloaded from: \n[Rational-RMC-7.5.2.4-JavaSE-JDK-7.0SR10FP40](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Method+Composer&fixids=Rational-RMC-7.5.2.4-JavaSE-JDK-7.0SR10FP40&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-26T15:35:01", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK affect Rational Method Composer March 2019 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-11212", "CVE-2018-12547", "CVE-2019-2426"], "modified": "2019-04-26T15:35:01", "id": "106D0E0242F9F11C43519DD328F67C92614CE10FA2393899EC0A8E42714BA834", "href": "https://www.ibm.com/support/pages/node/882536", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:20", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 and 8 used by WebSphere eXtreme Scale. The issues were disclosed as part of the IBM SDK, Java\u2122 Technology Edition updates in January 2019.\n\n## Vulnerability Details\n\nIf you run your own Java code using the Java Runtime that IBM provides with this product, then evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the IBM SDK, Java Technology Edition Security Bulletins located in the \u201cReferences\u201d section for more information.\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Extreme Scale: 8.6.0 \nWebSphere Extreme Scale: 8.6.1\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nWebSphere eXtreme Scale | 8.6.0.8 | PH11543 | Refer to the **Version 8.6** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \nWebSphere eXtreme Scale | 8.6.1.3 | PH11543 | Refer to the **Version 8.6.1** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-31T05:10:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Java runtime environment that IBM provides affect WebSphere eXtreme Scale", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-05-31T05:10:01", "id": "419A619AE78461BDB68B706E6DDB0AB356BB4AE9E4FBBAB609A35077CEE0EA9E", "href": "https://www.ibm.com/support/pages/node/884066", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:31", "description": "## Summary\n\nIBM Tivoli Security Policy Manager (TSPM) is affected through IBM WebSphere Application Server. Information about a security vulnerability affecting WebSphere Application Server has been published in a bulletin.\n\n## Vulnerability Details\n\nPlease consult the security bulletin [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2019 CPU](<https://www-01.ibm.com/support/docview.wss?uid=ibm10873042>) for vulnerability details and information about fixes.\n\n## Affected Products and Versions\n\n**Product Version**\n\n| **WebSphere version** \n---|--- \nTSPM 7.1 | WAS V7.0 \nRTSS 7.1 | WAS V7.0, V8.0 \n \n**Note:** TSPM is comprised of TSPM and Runtime Security Services (RTSS).\n\n## ", "cvss3": {}, "published": "2019-03-25T18:20:02", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been identified in IBM Java shipped with IBM Tivoli Security Policy Manager(CVE-2019-2426, CVE-2018-12547, CVE-2018-1890)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-03-25T18:20:02", "id": "B64C5AEFB23816BB6B78045BFB1186C9C02B8A6CA2CFF257712C70D2CE3F865E", "href": "https://www.ibm.com/support/pages/node/875384", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-23T21:41:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 1.8 used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java SDK updates in January 2019. \n\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>) for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Sterling External Authentication Server 6.0.0.0 through 6.0.0.0. iFix 1\n\nIBM Sterling External Authentication Server 2.4.3.0 through 2.4.3.2 iFix 4\n\nIBM Sterling External Authentication Server 2.4.2.0 through 2.4.2.0 iFix 14\n\n## Remediation/Fixes\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_Fix_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nIBM Sterling External Authentication Server\n\n| \n\n6.0.0.0\n\n| \n\n_MFT10243_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=6.0.0.0&platform=All&function=all>) \n \nIBM Sterling External Authentication Server\n\n| \n\n2.4.3.2\n\n| \n\n_MFT10243_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.3.0&platform=All&function=all>) \n \nIBM Sterling External Authentication Server\n\n| \n\n2.4.2.0\n\n| \n\n_MFT10243_\n\n| \n\n[Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EOther+software&product=ibm/Other+software/Sterling+External+Authentication+Server&release=2.4.2.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-02-05T01:13:16", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM java Runtime Affect IBM Sterling External Authentication Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2020-02-05T01:13:16", "id": "8549BEFE35A1E8E9752F83A04F4768B5247E84BA31BACE43EA96DA8C255B1940", "href": "https://www.ibm.com/support/pages/node/885939", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:44:33", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. \n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \nHP fixes are on a delayed schedule.\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>)_ \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nIBM SDK, Java Technology Editions used with WebSphere Application Server Liberty through 19.0.0.1.\n\nIBM SDK, Java Technology Editions used with IBM WebSphere Application Server Traditional Version 9.0.0.0 through 9.0.0.10, 8.5.0.0 through 8.5.5.15.\n\nIBM SDK, Java Technology Editions shipped in Application Client for IBM WebSphere Application Server Version 9.0.0.0 through 9.0.0.10, 8.5.0.0 through 8.5.5.15.\n\n## Remediation/Fixes\n\nDownload and apply the interim fix APARs below, for your appropriate release\n\n**For the IBM Java SDK updates:**\n\n \n**For WebSphere Application Server Liberty:** \nFor the IBM SDK, Java Technology Version that you use, upgrade to WebSphere Application Server Liberty Fix Packs as noted below or later fix pack level and apply one of the interim fixes below:\n\n * Apply Interim Fix [PH07629](<https://www-01.ibm.com/support/docview.wss?uid=ibm10874358>): Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 40\n * Upgrade to IBM SDK, Java Technology Edition Version 7R1 SR4 FP40 or IBM SDK, Java Technology Edition Version 8 SR5 FP30, please refer to [_IBM Java SDKs for Liberty _](<http://www-01.ibm.com/support/docview.wss?uid=swg27049903>)\n\n**For Version 9 WebSphere Application Server Traditional:**\n\nUpdate to the IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 30 using the instructions in the IBM Knowledge Center [_Installing and updating IBM SDK, Java Technology Edition on distributed environments_](<http://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.0/com.ibm.websphere.installation.base.doc/ae/tins_installation_jdk.html>) then use the IBM Installation manager to access the [_online product repositories _](<http://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.0/com.ibm.websphere.installation.base.doc/ae/cins_repositories.html>) to install the SDK or use IBM Installation manager and access the [_packages from Fixcentral_](<http://www-01.ibm.com/support/docview.wss?uid=swg24042430>) .\n\n \n**For V8.5.0.0 through 8.5.5.14 WebSphere Application Server Traditional and WebSphere Application Server Hypervisor Edition:**\n\nFor the IBM SDK, Java Technology Version that you use, upgrade to WebSphere Application Server Fix Packs as noted below or later fix pack level and apply the interim fixes as noted below: \n\n\nFor IBM SDK Java Technology Edition Version 7 \n\n * Apply Interim Fix [PH07629](<https://www-01.ibm.com/support/docview.wss?uid=ibm10874358>): Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 40\n \nFor IBM SDK Java Technology Edition Version 7R1 \n\n * Apply Interim Fix [PH07628](<https://www-01.ibm.com/support/docview.wss?uid=ibm10874254>): Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 40\n \nFor IBM SDK Java Technology Edition Version 8 \n\n * Apply Interim Fix [PH07626](<https://www-01.ibm.com/support/docview.wss?uid=ibm10874250>): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 30\n * For environments that have been upgraded to use the new default IBM SDK Version 8 bundled with WebSphere Application Server Fix Pack 8.5.5.11 or later: Apply Interim Fix [PH07627](<https://www-01.ibm.com/support/docview.wss?uid=ibm10874252>): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 30\n\n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 16 (8.5.5.16) or later (targeted availability 3Q 2019).\n\n**For Application Client for WebSphere Application Server:**\n\nFollow instructions above for the WebSphere Application Server to download the Interim Fix needed for your version of the Application client.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-22T17:38:42", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2019 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-08-22T17:38:42", "id": "93412E9C4F588B3648BA0C87C261B49B4B30EE62ABE0C050B7D0A4AF89AE9561", "href": "https://www.ibm.com/support/pages/node/873042", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:40:29", "description": "## Summary\n\nSummary \nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8.0.5.27 &amp; Versions 7.0.10.35 used by IBM Integration Bus &amp; IBM App Connect Enterprise V11. These issues were disclosed as part of the IBM Java SDK updates in January 2019 \n\n## Vulnerability Details\n\n**CVEID:** _[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>)_ \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** _[CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>)_ \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/157512](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157512>)_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM App Connect Enterprise V11 , V11.0.0.0 - V11.0.0.4\n\nIBM Integration Bus V10.0.0.0 - V10.0.0.16\n\nIBM Integration Bus V9.0.0.0 - V9.0.0.11\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| APAR | \n\n**Remediation / Fix** \n \n---|---|---|--- \nIBM App Connect Enterprise V11 | V11.0.0.0 - V11.0.0.4 | IT28316 | \n\nThe APAR is available in fix pack 11.0.0.5\n\n[IBM App Connect Enterprise Versionv11-Fix Pack 11.0.0.5](<https://www-01.ibm.com/support/docview.wss?uid=ibm10886037>) \n \nIBM Integration Bus | V10.0.0.0 - V10.0.016 | IT28316 | \n\nThe APAR is available in fix pack 10.0.0.17\n\n[IBM Integration Bus V10.0 - Fix Pack 10.0.0.17](<https://www-01.ibm.com/support/docview.wss?uid=ibm10886021>) \n \nIBM Integration Bus | V9.0.0.0 - V9.0.0.11 | IT29366 | Interim fix available here --&gt;[ ](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=9.0.0.11&platform=All&function=aparId&apars=IT29366>)[ IBM Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=9.0.0.11&platform=All&function=aparId&apars=IT29366>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-23T20:41:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2020-03-23T20:41:52", "id": "8860D61812BA2746CDC66A20C94871C7EB5DE58C44F69D4B1B75B29F8862A05B", "href": "https://www.ibm.com/support/pages/node/956417", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-06T19:05:42", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped and used by IBM Spectrum Control (formerly Tivoli Storage Productivity Center). These issues were disclosed as part of the IBM Java SDK updates for January 2019.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\n**Affected Product** | **Affected Versions** \n---|--- \nIBM Tivoli Storage Productivity Center | 5.2.0 - 5.2.7.1 \nIBM Spectrum Control | 5.2.8 - 5.2.17.2 \nIBM Spectrum Control | 5.3.0 - 5.3.2 \n \nThe versions listed above apply to all licensed offerings of IBM Spectrum Control. \n\n## Remediation/Fixes\n\nThe solution is to apply an appropriate IBM Spectrum Control fix. Click on the download link and follow the Installation Instructions. The solution should be implemented as soon as practicable.\n\nStarting with 5.2.8, Tivoli Storage Productivity Center has been renamed to IBM Spectrum Control.\n\n**Release** | **First Fixing \nVRM Level** | **Link to Fix/Fix Availability Target** \n---|---|--- \n5.2 | 5.2.17.3 | <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n5.3 | 5.3.3 | <http://www.ibm.com/support/docview.wss?uid=swg21320822#53_0> \n \n**Note:** It is always recommended to have a current backup before applying any update procedure. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T19:59:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-2426, CVE-2018-12547, CVE-2018-1890)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2022-02-22T19:59:01", "id": "20246C71413D377B874441ECE1E99415826F2FD43DE24D58ADDBA450CAF4115D", "href": "https://www.ibm.com/support/pages/node/883086", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T05:46:32", "description": "## Summary\n\nIBM has announced a release for IBM Security Identity Governance and Intelligence (IGI) in response to security vulnerability. The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. Also, excessive resource consumption (while processing SACK blocks or for TCP connections with low MSS) allows remote denial of service.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n** DESCRIPTION: **Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n** DESCRIPTION: **Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n** DESCRIPTION: **Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\n[AffectedProduct](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=All&platform=Linux&function=fixId&fixids=5.2.6.0-ISS-SIGI-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"AffectedProduct\" )(s)| Version(s) \n---|--- \nIBM Security Identity Governance and Intelligence| 5.2.4 \nIBM Security Identity Governance and Intelligence| 5.2.5.1 \n \n\n\n## Remediation/Fixes\n\nAffected Product(s)| Version(s)| First Fix \n---|---|--- \nIBM Security Identity Governance and Intelligence| 5.2.4| [5.2.6.0-ISS-SIGI-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=All&platform=Linux&function=fixId&fixids=5.2.6.0-ISS-SIGI-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.6.0-ISS-SIGI-FP0000\" ) \nIBM Security Identity Governance and Intelligence| 5.2.5| [5.2.6.0-ISS-SIGI-FP0000](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Tivoli/IBM+Security+Identity+Governance&release=All&platform=Linux&function=fixId&fixids=5.2.6.0-ISS-SIGI-FP0000&includeRequisites=1&includeSupersedes=0&downloadMethod=http> \"5.2.6.0-ISS-SIGI-FP0000\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-01-29T16:27:06", "type": "ibm", "title": "Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2020-01-29T16:27:06", "id": "7C2A05057946026DBC9006EF1252457CB65C377AFE4304087DA2D09DDCE779B9", "href": "https://www.ibm.com/support/pages/node/1284760", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-24T06:15:29", "description": "## Summary\n\nPower Hardware Management Console is affected by security vulnerabilities in the Linux Kernel. Power Hardware Management Console has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162664> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162665> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nPower HMC V8.7.0.0 \nPower HMC V9.1.910.0\n\n## Remediation/Fixes\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV8.1.870.0 SP3 ppc\n\n| \n\nMB04223\n\n| \n\n[MH01835](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm/hmc/9100HMCppc&release=V8R8.7.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.1.870.0 SP3 x86\n\n| \n\nMB04222\n\n| \n\n[MH01834](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMC&release=V8R8.7.0&platform=All>) \n \nPower HMC\n\n| \n\nV9.1.930.0 SP1 ppc\n\n| \n\nMB04220\n\n| \n\n[MH01832](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMCppc&release=V9R1&platform=All>) \n \nPower HMC\n\n| \n\nV9.1.930.0 SP1 x86\n\n| \n\nMB04219\n\n| \n\n[MH01831](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm%7Ehmc%7E9100HMC&release=V9R1&platform=All>) \n \n## \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-22T23:38:15", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console (CVE-2019-11479,CVE-2019-11477 and CVE-2019-11478)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2021-09-22T23:38:15", "id": "8DC903A346E8471DF3913A1DE175732295280CEB7BC6847373CE4F7856276E98", "href": "https://www.ibm.com/support/pages/node/1072250", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:46:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.8 used by IBM Content Collector for SAP Applications. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2422](<https://vulners.com/cve/CVE-2019-2422>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.1 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155741> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications 4.0.0\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_** | **_Remediation/First Fix_** \n---|---|--- \nIBM Content Collector for SAP Applications | 4.0.0 | Apply Interim Fix 4.0.0.2 IF005, available from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/IBM+Content+Collector+for+SAP+Applications&release=4.0.0.2&platform=All&function=all>) \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-06-13T14:30:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2019-2422", "CVE-2019-2426"], "modified": "2019-06-13T14:30:02", "id": "43F6E0B56F7C1F7E66F047DCB4B7E6C4F21A0C543921FDA2575BB9020F92BFC7", "href": "https://www.ibm.com/support/pages/node/880993", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-24T01:40:19", "description": "## Summary\n\nThe IBM RackSwitch firmware products listed below have addressed the following TCP denial of service vulnerabilities. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION: **Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION: **Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n** CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION: **Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\n**Product **\n\n| \n\n**Version** \n \n---|--- \n \nIBM RackSwitch G8052\n\n| \n\n7.11 \n \nIBM RackSwitch G8124/G8124E\n\n| \n\n7.11 \n \nIBM RackSwitch G8264\n\n| \n\n7.11 \n \nIBM RackSwitch G8264CS\n\n| \n\n7.8 \n \nIBM RackSwitch G8264T\n\n| \n\n7.9 \n \nIBM RackSwitch G8316\n\n| \n\n7.9 \n \nIBM RackSwitch G8332\n\n| \n\n7.7 \n \n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: [http://www.ibm.com/support/fixcentral/](<http://www.ibm.com/support/fixcentral/>)\n\n**Product **\n\n| \n\n**Fix Version ** \n \n---|--- \n \nIBM RackSwitch G8052 \n(G8052_Image_7.11.16.0)\n\n| \n\n7.11.16.0 \n \nIBM RackSwitch G8124/G8124E \n(G8124_G8124E_Image_7.11.16.0)\n\n| \n\n7.11.16.0 \n \nIBM RackSwitch G8264 \n(G8264_Image_7.11.16.0)\n\n| \n\n7.11.16.0 \n \nIBM RackSwitch G8264CS \n(G8264CS_Image_7.8.24.0)\n\n| \n\n7.8.24.0 \n \nIBM RackSwitch G8264T \n(G8264T_Image_7.9.26.0)\n\n| \n\n7.9.26.0 \n \nIBM RackSwitch G8316 \n(G8316_Image_7.9.26.0)\n\n| \n\n7.9.26.0 \n \nIBM RackSwitch G8332 \n(G8332_Image_7.7.32.0)\n\n| \n\n7.7.32.0 \n \n## Workarounds and Mitigations\n\nNone \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-05T22:28:10", "type": "ibm", "title": "Security Bulletin: IBM RackSwitch firmware products are affected by TCP denial of service vulnarabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2019-11-05T22:28:10", "id": "09C3CD9A603BBCA07E7C38D8E8F2C12C8D70F4E6D1C69AEFC2384E5E0868F9D7", "href": "https://www.ibm.com/support/pages/node/1103565", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T05:44:12", "description": "## Summary\n\nThe following vulnerabilities in TCP have been addressed by IBM Integrated Management Module II (IMM2).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n** DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Integrated Management Module II (IMM2) for System x and Flex| 1AOO \nIBM Integrated Management Module II (IMM2) for BladeCenter| 1AOO \n \n\n\n## Remediation/Fixes\n\nFirmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/>\n\nAffected Product(s)| Version(s) \n---|--- \n \nIBM Integrated Management Module II (IMM2) for System x and Flex\n\n(ibm_fw_imm2_1aoo90b-7.40_anyos_noarch)\n\n| 1AOO90B-7.40 \n \nIBM Integrated Management Module II (IMM2) for BladeCenter\n\n(ibm_fw_imm2_1aoo90b-7.40-bc_anyos_noarch)\n\n| 1AOO90B-7.40-bc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-02-27T18:58:53", "type": "ibm", "title": "Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerabilities in TCP (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2020-02-27T18:58:53", "id": "E78F8769E3C6FC94835A03FDC3E9DB0C47396C80E02CF8741F425B3CD4CCF404", "href": "https://www.ibm.com/support/pages/node/3609081", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T18:21:43", "description": "## Summary\n\nThere are vulnerabilities in the Linux kernel to which the IBM FlashSystem\u2122 840 and FlashSystem 900 are susceptible (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479). An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION: **Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION: **Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION: **Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nStorage Node machine type and models (MTMs) affected:\n\n * 9846-AE1 and 9848-AE1\n * 9846-AE2 and 9848-AE2\n * 9846-AE3 and 9848-AE3\n\nSupported storage node code versions which are affected\n\n * VRMFs prior to 1.5.2.6\n * VRMFs prior to 1.6.1.1\n\n## Remediation/Fixes\n\nMTMs | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \n**FlashSystem 840 MTMs:**\n\n9840-AE1 and 9843-AE1\n\n**FlashSystem 900 MTMs:**\n\n9843-UF3, 9840-AE2, 9843-AE2, 9840-AE3, and 9843-AE3\n\n| \n\nCode fixes are now available, the minimum VRMF containing the fix depending on the code stream: \n\nFixed Code VRMF: \n\n1.6 stream: 1.6.1.1\n\n1.5 stream: 1.5.2.6 \n\n| N/A | [FlashSystem 840](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all> \"FlashSystem 840\" ) and [FlashSystem 900](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+900&release=All&platform=All&function=all> \"FlashSystem 900\" ) fixes are available at IBM's Fix Central website. \n \n## Workarounds and Mitigations\n\nUpgrade to a remediated code level.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models 840 and 900", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2023-02-18T01:45:50", "id": "1989BAC9A13E5810D01857F15117C91D64E6FBCC682878B71C8C21C6F19CBFF5", "href": "https://www.ibm.com/support/pages/node/1137802", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:39:58", "description": "## Summary\n\nThere are vulnerabilities in the Linux kernel to which the IBM FlashSystem\u2122 V840 and FlashSystem V9000 are susceptible (CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479). An exploit of these vulnerabilities could allow a remote attacker to cause a denial of service condition.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n** DESCRIPTION: **Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n** DESCRIPTION: **Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n** CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n** DESCRIPTION: **Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nSVC| 7.8.1.10 \nFlash| 1.6.1.0 \nFlash| 1.5.2.5 \nSVC| 8.2.1.5 \n \n\n\n## Remediation/Fixes\n\n** MTMs**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nStorage Nodes: \n\n9846-AE1, 9848-AE1, 9846-AE2, 9848-AE2, 9846-AE3, &amp; 9848-AE3\n\nController nodes:\n\n9846-AC0, 9846-AC1, 9848-AC0, 9848-AC1, 9846-AC2, 9848-AC2, 9846-AC3, &amp; 9848-AC3\n\n| \n\nCode fixes are now available, the minimum VRMF containing the fix depending on the code stream:\n\nStorage enclosure VRMF:\n\n1.6 stream: 1.6.1.1\n\n1.5 stream: 1.5.2.6\n\nController Node VRMF: \n\n8.2 stream: 8.2.1.6\n\n7.8 stream: 7.8.1.11\n\n| N/A | [FlashSystem V840](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%2Bhigh%2Bavailability%2Bsystems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=1.0&platform=All&function=all> \"FlashSystem V840\" ) or [FlashSystem V9000](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all> \"FlashSystem V9000\" ) fixes for storage and controller node are available at IBM's Fix Central website. \n \n## Workarounds and Mitigations\n\nUpgrade to a remediated code level. \n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-17T21:40:22", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in the Linux kernel affect the IBM FlashSystem models V840 and V9000", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2019-12-17T21:40:22", "id": "C922B78F46A64AD0FB35C7DF588DCF903AEAB73A707E7ED1894E4F503B6D0F4A", "href": "https://www.ibm.com/support/pages/node/1137796", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:42:56", "description": "## Summary\n\nIBM QRadar Network Security is affected by Linux kernel vulnerabilities\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION: ** Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162665> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION: ** Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162664> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION: ** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4.0\n\nIBM QRadar Network Security 5.5.0\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security | 5.4.0 | Install Firmware 5.4.0.9 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.9 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \nIBM QRadar Network Security | 5.5.0 | Install Firmware 5.5.0.4 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.5.0.4 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-07T06:57:28", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities (CVE-2019-11479, CVE-2019-11478, CVE-2019-11477)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2019-10-07T06:57:28", "id": "34BE1F5D90EBA86497E03267BFF29F5BD0C962B83596A2F57ED9D34F82159799", "href": "https://www.ibm.com/support/pages/node/959523", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:45:15", "description": "## Summary\n\nIBM Cloud Kubernetes Service is vulnerable to CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479 Linux Kernel security vulnerabilities which could result in a denial of service attack.\n\n## Vulnerability Details\n\nCVE-ID: [CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \nDescription: Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/162662> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \nDescription: Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/162664> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\nCVE-ID: [CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \nDescription: Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: <https://exchange.xforce.ibmcloud.com/vulnerabilities/162665> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM Cloud Kubernetes Service 1.14.0-1.14.2 \nIBM Cloud Kubernetes Service 1.13.0-1.13.6 \nIBM Cloud Kubernetes Service 1.12.0-1.12.8 \n\n\n## Remediation/Fixes\n\nIBM Cloud Kubernetes Service clusters at versions 1.12 and later have been updated to address this vulnerability. To resolve any existing exposure to this vulnerability, you must reboot or update your worker nodes. See [Updating worker nodes](<https://cloud.ibm.com/docs/containers/cs_cluster_update.html#worker_node>) for details on updating worker nodes. To verify your clusters have been updated, use the following IBM Cloud CLI commands to confirm the currently running versions:\n \n \n ibmcloud ks clusters\n ibmcloud ks workers --cluster <cluster name or ID>\n\nIf your master and worker node versions are at one of the following levels or later, you are no longer exposed to this vulnerability:\n\n[1.12.9](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1129_1559>) \n[1.13.7](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1137_1528>)\n\n[1.14.3](<https://cloud.ibm.com/docs/containers?topic=containers-changelog#1143_1525>)\n\nIf one or more of your clusters is at version 1.12, 1.13 or 1.14 and has not been automatically updated then use the following IBM Cloud CLI command to complete the update, replacing \"1.##\" with the target version. After the update is complete, you must also reboot or update your worker nodes. See [Updating worker nodes](<https://cloud.ibm.com/docs/containers/cs_cluster_update.html#worker_node>) for details on updating worker nodes.\n \n \n ibmcloud ks cluster-update --cluster <cluster name or ID> --kube-version 1.##\n \n\nCustomers running IBM Cloud Kubernetes Service clusters at version 1.11 must update their affected clusters to version 1.12 or 1.13. Customers running IBM Cloud Kubernetes Service clusters at version 1.7, 1.8, 1.9 or 1.10 must update first to version 1.11 and then to version 1.12 or 1.13. Please review the [update documentation](<https://cloud.ibm.com/docs/containers?topic=containers-update#update>) for more information.\n\nCustomers running IBM Cloud Kubernetes Service clusters at version 1.5 must create a new cluster and migrate their apps to it.\n\nNote: IBM Cloud Kubernetes Service versions 1.5, 1.7, 1.8, 1.9 and 1.10 are no longer supported, and version 1.11 is deprecated. See the IBM Cloud Kubernetes Service [Version information and update actions documentation](<https://cloud.ibm.com/docs/containers/cs_versions.html#cs_versions>) for more information about Kubernetes versions and version support policies.\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJTBP\",\"label\":\"IBM Cloud Kubernetes Service\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-07-19T18:05:02", "type": "ibm", "title": "Security Bulletin: IBM Cloud Kubernetes Service is affected by Linux Kernel security vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2019-07-19T18:05:02", "id": "9A11E9C1788C35B823E5B21CF64FA97CE70F198AB080F85388D146AECE6FA763", "href": "https://www.ibm.com/support/pages/node/958863", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-06T18:17:12", "description": "## Summary\n\nVulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V5100, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. The applicable vulnerabilities are CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION: **Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION: **Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n \n**CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION: **Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V5100 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \nIBM FlashSystem 9100 Family \nIBM Spectrum Virtualize Software \nIBM Spectrum Virtualize for Public Cloud\n\nAll products are affected when running supported versions 7.5 to 8.2.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family to the following code levels or higher:\n\n7.8.1.11\n\n8.2.1.6\n\n8.3.0.0\n\n[Latest IBM SAN Volume Controller Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Storage%20virtualization&product=ibm/StorageSoftware/SAN+Volume+Controller+%282145%29&release=All&platform=All&function=all>) \n[Latest IBM Storwize V7000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V7000+%282076%29&release=All&platform=All&function=all>) \n[Latest IBM Storwize V5000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000&release=All&platform=All&function=all>) \n[Latest IBM Storwize V3700 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3700&release=All&platform=All&function=all>) \n[Latest IBM Storwize V3500 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3500&release=All&platform=All&function=all>) \n[Latest IBM FlashSystem V9000 Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>) \n[Latest IBM FlashSystem 9100 Family Code](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+9100+family&release=All&platform=All&function=all>) \n[Latest IBM Spectrum Virtualize Software](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+software&release=8.1&platform=All&function=all>) \n[Latest IBM Spectrum Virtualize for Public Cloud](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>)\n\nFor the Storage Nodes of IBM FlashSystem V9000, please apply the fixes recommended in the [IBM FlashSystem security bulletin](<https://www.ibm.com/blogs/psirt/?s=FlashSystem+V9000>) for this issue.\n\nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of code.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the Linux kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2023-03-29T01:48:02", "id": "978DB6EAC57C34FE713942896851877CCA664AC56B061164D57844C796AD9F31", "href": "https://www.ibm.com/support/pages/node/1164286", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-07T22:08:05", "description": "## Summary\n\nIBM DataPower Gateway has addressed the following vulnerabilities: \nCVE-2019-11479 \nCVE-2019-11478 \nCVE-2019-11477\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n**DESCRIPTION: ** Linux Kernel is vulnerable to a denial of service, caused by a flaw when processing minimum segment size (MSS). By sending specially-crafted MSS traffic, a remote attacker could exploit this vulnerability to cause excess usage of system resources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162665> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n**DESCRIPTION: ** Linux Kernel is vulnerable to a denial of service, caused by an issue with fragmenting the TCP retransmission queue when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause an excess of system resource usage. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162664> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n**CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n**DESCRIPTION: ** Linux Kernel is vulnerable to a denial of service, caused by an integer overflow when processing TCP Selective Acknowledgement (SACK) capabilities. By sending specially-crafted SACKs requests, a remote attacker could exploit this vulnerability to cause a kernel panic condition. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/162662> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected IBM DataPower Gateway | Affected Versions \n---|--- \nIBM DataPower Gateway | 2018.4.1.0-2018.4.1.7 \nIBM DataPower Gateway | 7.6.0.0-7.6.0.16 \n \n## Remediation/Fixes\n\nProduct | VRMF | APAR | Remediation / First Fix \n---|---|---|--- \nIBM DataPower Gateway | 7.6.0.17 | [I](<https://www-01.ibm.com/support/docview.wss?uid=swg1IT29703>)[T30264](<https://www.ibm.com/support/docview.wss?uid=swg1IT30264>) | Apply the fixpack \nIBM DataPower Gateway | 2018.4.1.8 | [I](<https://www-01.ibm.com/support/docview.wss?uid=swg1IT29703>)[T30264](<https://www.ibm.com/support/docview.wss?uid=swg1IT30264>) | Apply the fixpack \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-08T21:47:38", "type": "ibm", "title": "Security Bulletin: IBM DataPower Gateway is affected by Denial of Service vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2021-06-08T21:47:38", "id": "0D6741D3E748A958EDB23F61FCE87910BAE0A43DDF4467209940DCC757354B1D", "href": "https://www.ibm.com/support/pages/node/1078521", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-24T01:36:54", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerability\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-11478](<https://vulners.com/cve/CVE-2019-11478>) \n** DESCRIPTION: **Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162664](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162664>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-11477](<https://vulners.com/cve/CVE-2019-11477>) \n** DESCRIPTION: **Jonathan Looney discovered that the TCP_SKB_CB(skb)-&gt;tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162662](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162662>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n** CVEID: **[CVE-2019-11479](<https://vulners.com/cve/CVE-2019-11479>) \n** DESCRIPTION: **Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162665](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162665>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Security Guardium| 10.0 -10.6 \nIBM Security Guardium| 11 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**Remediation / First Fix** \n \n---|---|--- \nIBM Security Guardium| 10.6| [https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&amp;product=ibm](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Security&product=ibm>)/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p630_Bundle_Sep-25-2019&amp;includeSupersedes=0&amp;source=fc \nIBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm>)/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_11.0p10_Bundle_Oct-24-2019&amp;includeSupersedes=0&amp;source=fc \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-10-06T20:36:57", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by a TCP SACK PANIC -Kernel vulnerability", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479"], "modified": "2020-10-06T20:36:57", "id": "BA26481027AF6429B5D0591E1B64697FA26DACFE8B5A520E01934500A36BAFAE", "href": "https://www.ibm.com/support/pages/node/1102065", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-23T21:45:18", "description": "## Summary\n\nThis bulletin discloses three vulnerabilities that affect IBM Watson\u2122 Compare and Comply for IBM Cloud Private for Data: \n\\- A high-severity vulnerability in Eclipse OpenJ9 \n\\- A medium-severity vulnerability in IBM WebSphere\u00ae Application Server \n\\- A low-severity vulnerability in Oracle\u00ae Java SE\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2019-4046](<https://vulners.com/cve/CVE-2019-4046>) \n**DESCRIPTION:** IBM WebSphere Application Server is vulnerable to a denial of service, caused by improper handling of request headers. A remote attacker could exploit this vulnerability to cause the consumption of Memory. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156242> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect IBM Watson Compare and Comply for IBM Cloud Private for Data V1.1.3 through V1.1.4 (with IBM Cloud Pak for Data Release 1.2).\n\n## Remediation/Fixes\n\nAffected product | Affected versions | Fix \n---|---|--- \nIBM Watson Compare and Comply for ICP for Data | V1.1.3-V1.1.4 | \n\nUpgrade to IBM Watson Compare and Comply for IBM Cloud Pay for Data V1.1.5. To download the software, go to [ Passport Advantage](<https://www-01.ibm.com/software/passportadvantage/pao_customer.html>), search for \"watson compare and comply\", then select **IBM Watson Compare and Comply for ICP for Data V1.1.5 Linux English eAssembly**, part number CJ5MJEN.\n\nFor information about this version, download the software, extract the content of IBM_WAT_COM_AND_COMPLY_ICPDATA_V1.zip, and open the resulting README.md file. \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-07-17T15:35:01", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Eclipse OpenJ9, Oracle Java SE, and IBM WebSphere Application Server affect IBM Watson Compare and Comply for IBM Cloud Private for Data", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2019-2426", "CVE-2019-4046"], "modified": "2019-07-17T15:35:01", "id": "E9808A15687AF20D79A62EA874C01D3604932EA3D7A28423BA6E7D72E608071B", "href": "https://www.ibm.com/support/pages/node/958929", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:47:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6, 8 used by IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable CVEs. These issues were also addressed by IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Tivoli Business Service Manager 6.1.0 all Fixpacks \nIBM Tivoli Business Service Manager 6.1.1 all Fixpacks \nIBM Tivoli Business Service Manager 6.2.0 GA\n\n## Remediation/Fixes\n\n_Product_ | _VRMF_ | _APAR_ | _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Business Service Manager | _6.2.0.1_ | _None_ | [IBM Tivoli Business Service Manager 6.2.0 FP1](<https://www-01.ibm.com/support/docview.wss?uid=ibm10876634>) \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server shipped with IBM Tivoli Business Service Manager.\n\nPrincipal Product and Version(s) | Affected Supporting Product and Version | Affected Supporting Product Security Bulletin \n---|---|--- \nIBM Tivoli Business Service Manager 6.1.0 \nIBM Tivoli Business Service Manager 6.1.1 | IBM WebSphere Application Server 7.0 | \n\n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2019 CPU ](<https://www-01.ibm.com/support/docview.wss?uid=ibm10873042>)\n\n_Since WebSphere Application Server V7 are no longer in full support; IBM recommends upgrading to _IBM Tivoli Business Service Manager 6.2.0. \n \nIBM Tivoli Business Service Manager 6.2.0 | IBM WebSphere Application Server 8.5 | [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2019 CPU ](<https://www-01.ibm.com/support/docview.wss?uid=ibm10873042>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-04-30T19:25:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-04-30T19:25:01", "id": "414AA62F2132B26533B2AF5C16D43749413F0250F9334FA46E8FC116E27628C1", "href": "https://www.ibm.com/support/pages/node/882820", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:45", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These may affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities please refer to the link for \u201cIBM Java SDK Security Bulletin\" located in the References section for more information. \nHP fixes are on a delayed schedule.\n\n**CVEID:** _[CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>)_ \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/155744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155744>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** _[CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>)_ \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See _[https://exchange.xforce.ibmcloud.com/vulnerabilities/152081](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152081>)_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n## Affected Products and Versions\n\nThis vulnerability affects all versions of Liberty for Java in IBM Cloud up to and including v3.29.\n\n## Remediation/Fixes\n\nTo upgrade to Liberty for Java v3.30-20190325-1301 or higher, you must re-stage or re-push your application. \n\nTo find the current version of Liberty for Java in IBM Cloud being used, from the command-line Cloud Foundry client by running the following commands:\n\ncf ssh &lt;appname&gt; -c cat \"staging_info.yml\"\n\nLook for the following lines:\n\n{\"detected_buildpack\":\"Liberty for Java(TM) (WAR, liberty-18.0.0_3, buildpack-v3.25-20180918-1034, ibmjdk-1.8.0_20180214, env)\",\"start_command\":\".liberty/initial_startup.rb\"} \n\nTo re-stage your application using the command-line Cloud Foundry client, use the following command:\n\ncf restage &lt;appname&gt;\n\nTo re-push your application using the command-line Cloud Foundry client, use the following command:\n\ncf push &lt;appname&gt;\n\n## Monitor IBM Cloud Status for Future Security Bulletins\n\nMonitor the [security notifications](<https://cloud.ibm.com/status?selected=security>) on the IBM Cloud Status page to be advised of future security bulletins.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n29 April 2019: original document published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS4JBE\",\"label\":\"Liberty for Java for IBM Cloud\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB21\",\"label\":\"Public Cloud Platform\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-05-13T19:45:01", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect Liberty for Java for IBM Cloud January 2019 CPU", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-05-13T19:45:01", "id": "B44A42E92C12F9B89E3EB875825F79C77029437AE91823E2EF3A201B554A7342", "href": "https://www.ibm.com/support/pages/node/882818", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:48:36", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Versions 7 &amp; 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVEs.\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2018-1890](<https://vulners.com/cve/CVE-2018-1890>) \n**DESCRIPTION:** IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 5.6 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)\n\n**CVEID:** [CVE-2018-12547](<https://vulners.com/cve/CVE-2018-12547>) \n**DESCRIPTION:** Eclipse OpenJ9 is vulnerable to a buffer overflow, caused by improper bounds checking by the jio_snprintf() and jio_vsnprintf() functions. By sending an overly long argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/157512> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-2426](<https://vulners.com/cve/CVE-2019-2426>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE Networking component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base Score: 3.7 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155744> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server 12.9 and earlier releases \n \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 35 and earlier releases\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 5 Fix Pack 27 and earlier releases\n\n**Note 1**: CVE-2018-12547 do not apply to IBM SDK, Java Technology Edition on Solaris, HP-UX and macOS. \n**Note 2**: CVE-2018-1890 only applies to IBM SDK, Java Technology Edition on AIX.\n\n## Remediation/Fixes\n\nThe recommended solution is to download and install the appropriate version of IBM JRE as soon as practicable. \nPlease note that **Java 6 is no longer supported anymore**. IBM recommends upgrading to COS 12.9 and subsequent releases.\n\nBefore installing a newer version of IBM JRE, please ensure that you:\n\n * Close any open programs that you may have running;\n * Rename the initial directory of the IBM JRE (for example: with a .old at the end),\n * Download and install the appropriate IBM JRE version.\n\n**IBM ILOG CPLEX Optimization Studio** and** IBM ILOG CPLEX Enterprise Server**\n\nFrom v12.5: [IBM JRE Version 7 Service Refresh 10 Fix Pack 40](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+CPLEX+Optimization+Studio&release=All&platform=All&function=fixId&fixids=JRE7sr10fp40-DO-COS-*+&includeSupersedes=0>) and subsequent releases \nFrom v12.7: [IBM JRE Version 8 Service Refresh 5 Fix Pack 30](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Decision%20Optimization&product=ibm/WebSphere/IBM+ILOG+CPLEX+Optimization+Studio&release=All&platform=All&function=fixId&fixids=JRE8sr5fp30-DO-COS-*&includeSupersedes=0>) and subsequent releases\n\nYou must verify that applying this fix does not cause any compatibility issues. \n[Here are the detailed instructions](<http://www.ibm.com/support/docview.wss?uid=swg21691504>) for updating IBM JRE. \n \n_For HP-UX and Solaris, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-03-15T15:20:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12547", "CVE-2018-1890", "CVE-2019-2426"], "modified": "2019-03-15T15:20:01", "id": "1372DF8A8C9085511DF116F18C17F8F9ECF59BF01AADC20DDADB49ABF003AF8F", "href": "https://www.ibm.com/support/pages/node/875674", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-23T21:46:41", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 &amp; 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs.These issues were disclosed as part of the IBM Java SDK updates in January 2019