6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
A vulnerability exists in IBM Runtime Environment Java which is used by the IBM Spectrum Protect Server. This issue was disclosed as part of the IBM Java SDK updates in October 2019.
CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Server | 8.1.0.0-8.1.9.300 |
7.1.0.0-7.1.9.300 |
Spectrum Protect Server Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
8.1 | 8.1.10.000 | AIX | |
Linux | |||
Windows | <http://www.ibm.com/support/pages/node/6229034> | ||
7.1 | 7.1.10.000 | AIX | |
HP-UX | |||
Linux | |||
Solaris | |||
Windows |
<https://www.ibm.com/support/pages/node/6028024>
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect | eq | 8.1 | |
ibm spectrum protect | eq | 7.1 |
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N