Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8B5016D64A8BBF10B52DDF15458908578A8F9418D5076DA06FD0081F472F9FAA
HistoryJun 16, 2018 - 9:42 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection

2018-06-1621:42:51
www.ibm.com
24

EPSS

0.495

Percentile

97.5%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by IBM Security Network Protection. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-3427**
DESCRIPTION:** An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-3449**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-3443**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0687**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112455 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0686**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Serialization component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112456 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0695**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and JRockit related to the Security component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112458 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-3426**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-0264**
DESCRIPTION:** A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-3425**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java, SE Embedded and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112460 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2016-3422**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112454 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.2

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Network Protection| Firmware version 5.3.1| Download Firmware 5.3.1.9 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.
IBM Security Network Protection| Firmware version 5.3.2| Install Firmware 5.3.2.3 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.

Workarounds and Mitigations

none

Related

nessus 58
redhat 13
kaspersky 1
openvas 46
ibm 42
gentoo 1
amazon 3
suse 15
centos 5
ubuntu 3
oraclelinux 5
mageia 1
osv 1
debian 2
f5 2
aix 1
nessus
nessus
Oracle Java SE 6 < Update 115 / 7 < Update 101 / 8 < Update 92 Multiple Vulnerabilities
2016-08-08 00:00:00
RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:0677)
2016-04-22 00:00:00
Oracle Java SE Multiple Vulnerabilities (April 2016 CPU) (Unix)
2016-04-21 00:00:00
redhat
redhat
(RHSA-2016:0677) Critical: java-1.8.0-oracle security update
2016-04-21 14:26:11
(RHSA-2016:0679) Critical: java-1.6.0-sun security update
2016-04-21 14:26:55
(RHSA-2016:0678) Critical: java-1.7.0-oracle security update
2016-04-21 14:26:45
kaspersky
kaspersky
KLA10793 Multiple vulnerabilities in Oracle Java SE
2016-04-19 00:00:00
openvas
openvas
Oracle Java SE Multiple Vulnerabilities (Apr 2016) - Linux
2016-04-22 00:00:00
Oracle Java SE Multiple Vulnerabilities (Apr 2016) - Windows
2016-04-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1248-1)
2021-04-19 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Composite Application Manager for Transactions(Several CVEs)
2018-06-17 15:23:05
Security Bulletin: April 2016 Java Platform Standard Edition Vulnerabilities in N series Products
2018-06-18 00:34:32
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.
2019-12-18 14:26:38
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2016-06-27 00:00:00
amazon
amazon
Critical: java-1.8.0-openjdk
2016-04-21 16:00:00
Critical: java-1.6.0-openjdk
2016-05-11 11:00:00
Critical: java-1.7.0-openjdk
2016-04-27 16:15:00
suse
suse
Security update for java-1_8_0-openjdk (important)
2016-05-07 15:07:42
Security update for java-1_8_0-openjdk (important)
2016-05-04 16:11:55
Security update for java-1_8_0-openjdk (important)
2016-05-06 13:13:04
centos
centos
java security update
2016-04-21 14:19:29
java security update
2016-04-21 15:30:55
java security update
2016-04-21 15:42:31
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-05-05 00:00:00
OpenJDK 6 vulnerabilities
2016-05-10 00:00:00
OpenJDK 7 vulnerabilities
2016-05-05 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.7.0-openjdk security update
2016-04-21 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2016-04-25 10:57:21
osv
osv
openjdk-7 - security update
2016-04-26 00:00:00
debian
debian
[SECURITY] [DLA 451-1] openjdk-7 security update
2016-05-03 10:37:41
[SECURITY] [DSA 3558-1] openjdk-7 security update
2016-04-26 20:25:06
f5
f5
K77535578 : Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
SOL77535578 - Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55

EPSS

0.495

Percentile

97.5%

JSON
Related for 8B5016D64A8BBF10B52DDF15458908578A8F9418D5076DA06FD0081F472F9FAA
nessus58redhat13kaspersky1openvas46ibm42gentoo1amazon3suse15centos5ubuntu3oraclelinux5mageia1osv1debian2f52aix1