Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9C3CAFB5742400AAC9286EB9089506FEA84581BB4A12DAB6BB996F50EB47E45E
HistoryDec 18, 2019 - 2:26 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM i.

2019-12-1814:26:38
www.ibm.com
20

EPSS

0.495

Percentile

97.5%

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM i.

Vulnerability Details

CVEID: CVE-2016-3427 DESCRIPTION: An unspecified vulnerability in Oracle Java, SE Java SE Embedded and JRockit related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-3449 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 7.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112453 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-3425 DESCRIPTION: An unspecified vulnerability in Oracle Java SE Java, SE Embedded and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112460 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2016-3422 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112454 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2016-0695 DESCRIPTION: An unspecified vulnerability in Oracle Java SE Java SE Embedded and JRockit related to the Security component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 2.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112458 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-3426 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-0636 DESCRIPTION: Oracle Java SE could allow a remote attacker to execute arbitrary code on the system, caused by an error in the desktop and browser plug-in versions of the software. By persuading a victim to visit a specially crafted web site, an attacker could exploit this vulnerability to gain complete control of the system.
CVSS Base Score: 9.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/111731 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0363 DESCRIPTION: IBM SDK, Java Technology Edition contains a vulnerability in the IBM ORB implementation that may allow untrusted code running under a security manager to elevate its privileges.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112016 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0376 DESCRIPTION: A vulnerability in IBM Java SDK could allow a remote attacker to execute arbitrary code on the system. This vulnerability allows code running under a security manager to escalate its privileges by modifying or removing the security manager.
CVSS Base Score: 8.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112152 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2016-0264 DESCRIPTION: A buffer overflow vulnerability in the IBM JVM facilitates arbitrary code execution under certain limited circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/110867 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2016-3443 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112452 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0687 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112455 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-0686 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Serialization component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112456 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are affected.

Remediation/Fixes

The issue can be fixed by applying a PTF to the IBM i Operating System.

Releases 6.1, 7.1, 7.2 and 7.3 of IBM i are supported and will be fixed.

Please see the Java document at this URL for the latest Java information for IBM i:
http://www.ibm.com/developerworks/ibmi/techupdates/java

The IBM i Group PTF numbers are:

Release 6.1 – SF99562 level 36 ** Release 7.1 – SF99572 level 25** ** Release 7.2 – SF99716 level 10** Release 7.3 – SF99725 level 2

_Important note: _IBM recommends that all users running unsupported versions of affected products upgrade to supported and fixed version of affected products.

Workarounds and Mitigations

None

Related

ibm 42
nessus 58
openvas 46
redhat 13
suse 15
gentoo 1
kaspersky 1
debian 2
f5 2
osv 1
aix 1
centos 5
ubuntu 3
oraclelinux 5
mageia 1
amazon 3
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM eDiscovery Analyzer
2018-06-17 12:15:53
Security Bulletin: April 2016 Java Platform Standard Edition Vulnerabilities in N series Products
2018-06-18 00:34:32
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection
2018-06-16 21:42:51
nessus
nessus
RHEL 5 : java-1.7.0-ibm (RHSA-2016:0702)
2016-05-02 00:00:00
RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2016:0701)
2016-05-02 00:00:00
RHEL 5 / 6 : java-1.6.0-ibm (RHSA-2016:0708)
2016-05-03 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2016:1475-1)
2021-04-19 00:00:00
Oracle Java SE Multiple Vulnerabilities (Apr 2016) - Windows
2016-04-22 00:00:00
Oracle Java SE Multiple Vulnerabilities (Apr 2016) - Linux
2016-04-22 00:00:00
redhat
redhat
(RHSA-2016:0702) Critical: java-1.7.0-ibm security update
2016-04-29 00:00:00
(RHSA-2016:0716) Critical: java-1.8.0-ibm security update
2016-05-03 18:23:40
(RHSA-2016:1039) Critical: java-1.8.0-ibm security update
2016-05-11 13:57:44
suse
suse
Security update for java-1_6_0-ibm (important)
2016-05-31 22:08:27
Security update for java-1_8_0-ibm (important)
2016-06-02 11:08:13
Security update for java-1_7_1-ibm (important)
2016-05-13 16:08:16
gentoo
gentoo
IcedTea: Multiple vulnerabilities
2016-06-27 00:00:00
kaspersky
kaspersky
KLA10793 Multiple vulnerabilities in Oracle Java SE
2016-04-19 00:00:00
debian
debian
[SECURITY] [DLA 451-1] openjdk-7 security update
2016-05-03 10:37:41
[SECURITY] [DSA 3558-1] openjdk-7 security update
2016-04-26 20:25:06
f5
f5
K77535578 : Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
SOL77535578 - Multiple Java SE client-side vulnerabilities
2016-05-26 00:00:00
osv
osv
openjdk-7 - security update
2016-04-26 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-05-06 09:00:55
centos
centos
java security update
2016-04-21 14:19:29
java security update
2016-04-21 15:30:55
java security update
2016-04-21 14:18:59
ubuntu
ubuntu
OpenJDK 8 vulnerabilities
2016-05-05 00:00:00
OpenJDK 6 vulnerabilities
2016-05-10 00:00:00
OpenJDK 7 vulnerabilities
2016-05-05 00:00:00
oraclelinux
oraclelinux
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.8.0-openjdk security update
2016-04-20 00:00:00
java-1.7.0-openjdk security update
2016-04-21 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2016-04-25 10:57:21
amazon
amazon
Critical: java-1.8.0-openjdk
2016-04-21 16:00:00
Critical: java-1.6.0-openjdk
2016-05-11 11:00:00
Critical: java-1.7.0-openjdk
2016-04-27 16:15:00

EPSS

0.495

Percentile

97.5%

JSON
Related for 9C3CAFB5742400AAC9286EB9089506FEA84581BB4A12DAB6BB996F50EB47E45E
ibm42nessus58openvas46redhat13suse15gentoo1kaspersky1debian2f52osv1aix1centos5ubuntu3oraclelinux5mageia1amazon3