Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8D2CAFDEE89BCD85DEC9B04AD5D26B04F298F3B8C2A9AF1E8ED321B0A78DB71A
HistoryJun 17, 2018 - 12:14 p.m.

Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Content Classification (CVE-2016-0494, CVE-2016-0466 and CVE-2016-0603)

2018-06-1712:14:28
www.ibm.com
5

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 that is used by IBM Content Classification. These vulnerabilities have different impacts and different levels of risk.

Vulnerability Details

CVEID: CVE-2016-0494**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109944 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0466**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/109948 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2016-0603**
DESCRIPTION:** Oracle Java SE could allow a remote attacker to execute arbitrary code on the system, caused by an error during the installation process. By persuading a victim to visit a specially crafted web site and downloading files prior to installation, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110446 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected Products and Versions

IBM Content Classification 8.8

IBM InfoSphere Classification Module 8.7

Remediation/Fixes

For Content Classification 8.8, download iFix 5 from Fix Central. For instructions, see:
<http://www.ibm.com/support/docview.wss?uid=swg24041763&gt;

For IBM InfoSphere Classification Module 8.7, download iFix 6 from Fix Central. For instructions see:
<http://www.ibm.com/support/docview.wss?uid=swg24041764&gt;

Workarounds and Mitigations

None

Related

thn 1
ibm 46
cve 3
nessus 48
ubuntucve 3
openvas 43
prion 3
cisa 1
debiancve 3
centos 5
amazon 3
oraclelinux 5
ubuntu 2
redhat 9
debian 4
veracode 5
mageia 1
f5 4
osv 2
suse 8
thn
thn
Oracle Issues Emergency Java Update for Windows
2016-02-07 23:46:00
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK affects IBM Decision Optimization Center (CVE-2016-0603)
2018-06-16 13:39:03
Security Bulletin: Vulnerability in IBM Java Runtime affect Rational Host On-Demand (CVE-2016-0603)
2018-08-03 04:23:43
Security Bulletin: Vulnerability in IBM Java SDK affects IBM Fabric Manager (CVE-2016-0603)
2019-01-31 02:25:02
cve
cve
CVE-2016-0603
2016-02-08 16:59:00
CVE-2016-0466
2016-01-21 03:00:00
CVE-2016-0494
2016-01-21 03:00:00
nessus
nessus
Oracle Java SE Installer on Windows Arbitrary Code Execution
2016-02-16 00:00:00
Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2016-0067)
2016-01-27 00:00:00
CentOS 5 / 6 / 7 : java-1.6.0-openjdk (CESA-2016:0067)
2016-01-27 00:00:00
ubuntucve
ubuntucve
CVE-2016-0603
2016-02-08 00:00:00
CVE-2016-0466
2016-01-20 00:00:00
CVE-2016-0494
2016-01-20 00:00:00
openvas
openvas
Oracle Java SE Privilege Escalation Vulnerability - Windows
2016-02-12 00:00:00
Oracle Java SE Privilege Escalation Vulnerability - Linux
2016-02-12 00:00:00
CentOS Update for java CESA-2016:0067 centos6
2016-01-27 00:00:00
prion
prion
Design/Logic Flaw
2016-02-08 16:59:00
Code injection
2016-01-21 03:00:00
Design/Logic Flaw
2016-01-21 03:00:00
cisa
cisa
Oracle Releases Security Updates for Java
2016-02-08 00:00:00
debiancve
debiancve
CVE-2016-0603
2016-02-08 16:59:00
CVE-2016-0466
2016-01-21 03:00:00
CVE-2016-0494
2016-01-21 03:00:00
centos
centos
java security update
2016-01-26 13:28:19
java security update
2016-01-21 17:19:22
java security update
2016-01-21 16:24:45
amazon
amazon
Important: java-1.6.0-openjdk
2016-02-19 15:48:00
Important: java-1.7.0-openjdk
2016-02-09 13:30:00
Important: java-1.8.0-openjdk
2016-02-09 13:30:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2016-01-26 00:00:00
java-1.8.0-openjdk security update
2016-01-20 00:00:00
java-1.8.0-openjdk security update
2016-01-20 00:00:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2016-02-01 00:00:00
OpenJDK 7 vulnerabilities
2016-02-01 00:00:00
redhat
redhat
(RHSA-2016:0067) Important: java-1.6.0-openjdk security update
2016-01-26 00:00:00
(RHSA-2016:0054) Important: java-1.7.0-openjdk security update
2016-01-21 00:00:00
(RHSA-2016:0053) Critical: java-1.7.0-openjdk security update
2016-01-21 00:00:00
debian
debian
[SECURITY] [DSA 3458-1] openjdk-7 security update
2016-01-27 21:00:48
[SECURITY] [DSA 3465-1] openjdk-6 security update
2016-02-02 21:31:52
[SECURITY] [DLA 410-1] openjdk-6 security update
2016-02-04 14:03:48
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
Sandbox Restrictions Bypass
2019-05-02 05:20:30
mageia
mageia
Updated java-1.8.0-openjdk/copy-jdk-configs/lua-lunit/lua-posix packages fix security vulnerability
2016-02-05 20:26:09
f5
f5
K50118123 : Java vulnerabilities CVE-2016-0466 and CVE-2016-0483
2016-04-05 00:00:00
SOL50118123 - Java vulnerabilities CVE-2016-0466 and CVE-2016-0483
2016-04-05 00:00:00
SOL65342329 - Java vulnerabilities CVE-2016-0494, CVE-2016-0448, and CVE-2016-0402
2016-03-03 00:00:00
osv
osv
openjdk-6 - security update
2016-02-04 00:00:00
icu - security update
2016-07-07 00:00:00
suse
suse
Security update for java-1_8_0-openjdk (critical)
2016-01-27 21:11:29
Security update for java-1_7_0-openjdk (critical)
2016-01-27 21:13:32
Security update for Java7 (important)
2016-01-28 01:11:27

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for 8D2CAFDEE89BCD85DEC9B04AD5D26B04F298F3B8C2A9AF1E8ED321B0A78DB71A
thn1ibm46cve3nessus48ubuntucve3openvas43prion3cisa1debiancve3centos5amazon3oraclelinux5ubuntu2redhat9debian4veracode5mageia1f54osv2suse8