Lucene search

IBM9F4B757A00462A49F3FE3A71AEB1FFFDBA30E225A0E7815E72B0B88BEAF8F307

HistoryJun 12, 2020 - 10:09 p.m.

Security Bulletin: Vulnerability in IBM Java Runtime affects the IBM Spectrum Protect Server (CVE-2019-2989)

2020-06-1222:09:30

www.ibm.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Summary

A vulnerability exists in IBM Runtime Environment Java which is used by the IBM Spectrum Protect Server. This issue was disclosed as part of the IBM Java SDK updates in October 2019.

Vulnerability Details

CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Spectrum Protect Server	8.1.0.0-8.1.9.300
7.1.0.0-7.1.9.300

Remediation/Fixes

Spectrum Protect Server Release	First Fixing VRM Level	Platform
8.1	8.1.10.000	AIX
Linux
Windows	<http://www.ibm.com/support/pages/node/6229034>
7.1	7.1.10.000	AIX
HP-UX
Linux
Solaris
Windows

<https://www.ibm.com/support/pages/node/6028024>

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protecteq8.1
ibm spectrum protecteq7.1

CPE	Name	Operator	Version
	ibm spectrum protect	eq	8.1
	ibm spectrum protect	eq	7.1

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for 9F4B757A00462A49F3FE3A71AEB1FFFDBA30E225A0E7815E72B0B88BEAF8F307