Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9C1CA6F7E23A896B6D1234E6D1016D7106B5B6C3FA1C64191355C772DD2B575D
HistoryJun 25, 2018 - 5:54 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

2018-06-2505:54:54
www.ibm.com
24

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in October 2016. The IBM Development Package for Apache Spark has addressed the only CVE that might affect the task controller for application deployment.

Vulnerability Details

CVEID: CVE-2016-5597 DESCRIPTION: An unspecified vulnerability related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/118071&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the “IBM Java SDK Security Bulletin" located in the References section for more information.

Other CVEs that affect IBM SDK, Java Technology Edition, Version 8.0 are CVE-2016-5568, CVE-2016-5556, CVE-2016-5573, CVE-2016-5554, and CVE-2016-5542.

Affected Products and Versions

IBM Development Package for Apache Spark 2.0.1.0, or 1.6.2.1 and earlier releases, employing IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 3 Fix Pack 11 or earlier releases.

Remediation/Fixes

Principal Product and Version(s)

| Remediated IBM Java SDK Version
—|—
IBM Development Package for Apache Spark 1.6.3.0 and subsequent releases| IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 3 Fix Pack 20 and subsequent releases
IBM Development Package for Apache Spark 2.0.2.0 and subsequent releases| IBM SDK, Java Technology Edition, Version 8.0 Service Refresh 3 Fix Pack 20 and subsequent releases

Workarounds and Mitigations

None

Related

suse 9
ibm 70
nessus 51
redhat 10
openvas 20
kaspersky 1
f5 1
gentoo 2
aix 1
amazon 3
mageia 1
ubuntu 3
centos 3
oraclelinux 3
debian 2
photon 1
redhatcve 4
ubuntucve 2
debiancve 3
zdi 1
prion 3
cve 3
veracode 2
suse
suse
Security update for java-1_7_1-ibm (important)
2016-12-07 18:08:22
Security update for java-1_6_0-ibm (important)
2016-12-05 18:07:46
Security update for java-1_7_1-ibm (important)
2016-12-07 20:07:14
ibm
ibm
Security Bulletin: Multiple vulnerabilities may affect IBM® WebSphere Real Time
2018-06-15 07:06:29
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager.
2019-01-31 02:25:02
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management
2022-09-22 03:02:31
nessus
nessus
SUSE SLES11 Security Update : java-1_6_0-ibm (SUSE-SU-2016:3040-1)
2016-12-07 00:00:00
SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2016:3078-1)
2016-12-12 00:00:00
SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2016:3068-1)
2016-12-12 00:00:00
redhat
redhat
(RHSA-2016:2137) Critical: java-1.7.1-ibm security update
2016-11-02 10:42:12
(RHSA-2016:2138) Critical: java-1.7.0-ibm security update
2016-11-02 00:00:00
(RHSA-2016:2659) Critical: java-1.6.0-ibm security update
2016-11-07 00:00:00
openvas
openvas
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2985-1)
2016-12-03 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2862-1)
2016-11-20 00:00:00
Oracle Java SE Multiple Unspecified Vulnerabilities-01 Oct 2016 (Linux)
2016-10-21 00:00:00
kaspersky
kaspersky
KLA10887 Multiple vulnerabilities in Oracle Java SE
2016-10-19 00:00:00
f5
f5
K63427774 : Multiple Oracle Java SE vulnerabilities
2017-01-12 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-11-04 00:00:00
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-12-21 14:38:46
amazon
amazon
Critical: java-1.8.0-openjdk
2016-10-27 17:00:00
Important: java-1.6.0-openjdk
2017-02-06 18:00:00
Important: java-1.7.0-openjdk
2016-11-18 12:30:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-10-26 02:11:42
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2016-12-08 00:00:00
OpenJDK 8 vulnerabilities
2016-11-03 00:00:00
OpenJDK 7 vulnerabilities
2016-11-17 00:00:00
centos
centos
java security update
2017-01-12 15:48:29
java security update
2016-10-19 14:40:38
java security update
2016-11-12 06:29:49
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2017-01-12 00:00:00
java-1.7.0-openjdk security update
2016-11-09 00:00:00
java-1.8.0-openjdk security update
2016-10-19 00:00:00
debian
debian
[SECURITY] [DSA 3707-1] openjdk-7 security update
2016-11-07 18:31:05
[SECURITY] [DLA 704-1] openjdk-7 security update
2016-11-06 23:22:35
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0015
2016-12-29 00:00:00
redhatcve
redhatcve
CVE-2016-5568
2016-10-18 20:17:49
CVE-2016-5556
2016-10-18 21:18:26
CVE-2016-5554
2016-10-18 20:18:20
ubuntucve
ubuntucve
CVE-2016-5568
2016-10-25 00:00:00
CVE-2016-5554
2016-10-25 00:00:00
debiancve
debiancve
CVE-2016-5568
2016-10-25 14:30:00
CVE-2016-5556
2016-10-25 14:30:00
CVE-2016-5554
2016-10-25 14:30:00
zdi
zdi
Oracle Java Runtime Environment java.awt.Menu Use-After-Free Remote Code Execution Vulnerability
2016-11-01 00:00:00
prion
prion
Buffer overflow
2016-10-25 14:30:00
Buffer overflow
2016-10-25 14:30:00
Buffer overflow
2016-10-25 14:30:00
cve
cve
CVE-2016-5568
2016-10-25 14:30:00
CVE-2016-5542
2016-10-25 14:30:00
CVE-2016-5556
2016-10-25 14:30:00
veracode
veracode
Privilege Escalation
2019-05-02 05:51:05
Sandbox Restrictions Bypass
2019-05-02 05:50:42

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for 9C1CA6F7E23A896B6D1234E6D1016D7106B5B6C3FA1C64191355C772DD2B575D
suse9ibm70nessus51redhat10openvas20kaspersky1f51gentoo2aix1amazon3mageia1ubuntu3centos3oraclelinux3debian2photon1redhatcve4ubuntucve2debiancve3zdi1prion3cve3veracode2