Lucene search

IBM98C2019886FD04B648656399704B3EF6D6861C5CD50C0ABF958E75FF4A1F9F45

HistoryMar 29, 2021 - 10:16 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager (CVE-2020-14803, CVE-2020-27221)

2021-03-2910:16:39

www.ibm.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

There are multiple vulnerabilities in IBM® SDK, Java™ Technology Edition Version 8 used by IBM Tivoli Business Service Manager. IBM Tivoli Business Service Manager has addressed the applicable CVEs. These issues were disclosed in the Oracle January 2021 Critical Patch Update, plus CVE-2020-27221.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Principal Product and Version(s)	Affected Supporting Product and Version
Tivoli Business Service Manager 6.2	IBM® SDK, Java™ Technology Edition Version 8.0.0.0 ~ 8.0.6.20

Remediation/Fixes

Principal Product and Version(s)	Affected Supporting Product and Version
IBM Tivoli Business Service Manager 6.2	Security Bulletin: Multiple vulnerabilities may affect IBM® SDK, Java™ Technology Edition

Upgrade to IBM® SDK, Java™ Technology Edition Version 8 SR6 FP25. Please refer to How to upgrade JREs shipped with Tivoli Business Service Manager on how to upgrade the Java SDK.

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli business service managereq6.2.0

CPE	Name	Operator	Version
	tivoli business service manager	eq	6.2.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for 98C2019886FD04B648656399704B3EF6D6861C5CD50C0ABF958E75FF4A1F9F45