Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8DCC7140A387E7154F27F64E90631C5DA3883C0AD377B59927CCDCE064BD165F
HistoryJun 15, 2018 - 7:05 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool. (CVE-2016-0363, CVE-2016-0376, CVE-2016-3426, and CVE-2016-0264)

2018-06-1507:05:41
www.ibm.com
6

EPSS

0.071

Percentile

94.1%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 and 7, that is used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-0363** *DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges. This vulnerability was originally reported as CVE-2013-3009.
CVSS Base Score: 8.1
CVSS Temporal Score: See _https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 _for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0376 DESCRIPTION: A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager. This vulnerability was originally reported as CVE-2013-5456.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-0264** *DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM Image Construction and Composition Tool v2.3.2.0
IBM Image Construction and Composition Tool v2.3.1.0

Remediation/Fixes

The solution is to apply the following IBM Image Construction and Composition Tool version fixes.

· For IBM Image Construction and Composition Tool v2.3.2.0
IBM Image Construction and Composition Tool v2.3.2.0 Build 27

http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-27&includeRequisites=1&includeSupersedes=0

http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.2.0-27&includeRequisites=1&includeSupersedes=0

· For IBM Image Construction and Composition Tool v2.3.1.0
IBM Image Construction and Composition Tool v2.3.1.0 Build 49

http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-49&includeRequisites=1&includeSupersedes=0

http://www-933.ibm.com/support/fixcentral/swg/downloadFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=ICCT_IM_Repository_2.3.1.0-49&includeRequisites=1&includeSupersedes=0

Workarounds and Mitigations

None

Related

ibm 106
nessus 21
prion 8
cvelist 8
cve 8
nvd 8
suse 9
openvas 14
aix 1
redhat 6
threatpost 1
veracode 4
ubuntucve 1
debiancve 1
oraclelinux 1
ubuntu 1
amazon 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems, IBM OS Images for AIX, and Windows. (CVE-2016-0363, CVE-2016-0376, CVE-2016-3426, and CVE-2016-0264)
2018-06-15 07:05:41
Security Bulletin: IBM Java as used in IBM QRadar SIEM is vulnerable to information disclosure. (CVE-2016-3426)
2018-06-16 21:44:56
Security Bulletin:Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Content Collector(CVE-2016-0363 CVE-2016-0376 )
2018-06-17 12:15:25
nessus
nessus
IBM Java 6.0 < 6.0.16.25 / 6.1 < 6.1.8.25 / 7.0 < 7.0.9.40 / 7.1 < 7.1.3.40 / 8.0 < 8.0.3.0 Multiple Vulnerabilities (Apr 1, 2016)
2022-04-29 00:00:00
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2016:1300-1)
2016-05-16 00:00:00
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:1379-1)
2016-05-24 00:00:00
prion
prion
Design/Logic Flaw
2016-06-03 14:59:00
Design/Logic Flaw
2016-06-03 14:59:00
Deserialization of untrusted data
2013-11-24 18:55:00
cvelist
cvelist
CVE-2016-0363
2016-06-03 14:00:00
CVE-2016-0376
2016-06-03 14:00:00
CVE-2013-5456
2013-11-24 18:00:00
cve
cve
CVE-2016-0376
2016-06-03 14:59:02
CVE-2016-0363
2016-06-03 14:59:01
CVE-2013-5456
2013-11-24 18:55:04
nvd
nvd
CVE-2016-0363
2016-06-03 14:59:01
CVE-2016-0376
2016-06-03 14:59:02
CVE-2013-5456
2013-11-24 18:55:04
suse
suse
Security update for java-1_6_0-ibm (important)
2016-05-21 02:08:31
Security update for IBM Java 1.6.0 (important)
2016-05-24 14:08:01
Security update for java-1_7_1-ibm (important)
2016-05-13 16:08:16
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1388-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1379-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1299-1)
2021-04-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55
redhat
redhat
(RHSA-2016:0716) Critical: java-1.8.0-ibm security update
2016-05-03 18:23:40
(RHSA-2016:0702) Critical: java-1.7.0-ibm security update
2016-04-29 00:00:00
(RHSA-2016:0701) Critical: java-1.7.1-ibm security update
2016-04-29 12:26:13
threatpost
threatpost
Broken IBM Java Patch Disclosure
2016-04-13 11:30:13
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 05:29:23
Arbitrary Code Execution
2019-01-15 09:11:23
Sandbox Restrictions Bypass
2019-05-02 05:29:23
ubuntucve
ubuntucve
CVE-2016-3426
2016-04-21 00:00:00
debiancve
debiancve
CVE-2016-3426
2016-04-21 11:00:20
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-04-20 00:00:00
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-05-05 00:00:00
amazon
amazon
Critical: java-1.8.0-openjdk
2016-04-21 16:00:00

EPSS

0.071

Percentile

94.1%

JSON
Related for 8DCC7140A387E7154F27F64E90631C5DA3883C0AD377B59927CCDCE064BD165F
ibm106nessus21prion8cvelist8cve8nvd8suse9openvas14aix1redhat6threatpost1veracode4ubuntucve1debiancve1oraclelinux1ubuntu1amazon1