Lucene search

IBM961D42BE66627879CA5CCCC5DB5B962C9F438BB06CE951279C1FA6A7D446AEB5

HistoryJun 18, 2018 - 1:41 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director.

2018-06-1801:41:50

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Systems Director. These issues were disclosed as part of the IBM Java SDK updates in October 2017.

Vulnerability Details

CVEID: CVE-2017-10348**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133777 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2017-10388**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Libraries component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/133813 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)

Affected Products and Versions

From the IBM System Director command line enter smcli lsver to determine the level of IBM System Director installed.

IBM Systems Director:

6.1.0.0
6.1.0.1
6.1.0.2
6.1.0.3
6.1.1.1
6.1.1.2
6.1.1.3
6.1.2.0
6.1.2.1
6.1.2.2
6.1.2.3
6.2.0.0
6.2.0.1
6.2.0.2
6.2.1.0
6.2.1.0
6.2.1.1
6.2.1.2
6.3.0.0
6.3.1.0
6.3.1.1
6.3.2.0
6.3.2.1
6.3.2.2
6.3.3.0
6.3.3.1
6.3.5.0
6.3.6.0
6.3.7.0

Remediation/Fixes

IBM Systems Director versions pre 6.3.5 are unsupported and will not be fixed. IBM recommends upgrading to a fixed, supported version of the product.

Follow the instructions mentioned in Technote 841911444 to apply the fix for releases:

6.3.5.0
6.3.6.0
6.3.7.0

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm systems directoreqany

CPE	Name	Operator	Version
	ibm systems director	eq	any

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

JSON

Related for 961D42BE66627879CA5CCCC5DB5B962C9F438BB06CE951279C1FA6A7D446AEB5