Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMA2BB386319876CC1D2DB48B0DF4DB81C4777FAFA88C7E4C55C89FA9443246988
HistoryJun 17, 2018 - 12:17 p.m.

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect IBM Content Collector for File Systems

2018-06-1712:17:33
www.ibm.com
7

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Java™ Version 6 and Java™ Version 7 that is used by Content Collector for File Systems

Vulnerability Details

CVEID: CVE-2016-5582 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Hotspot component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118069 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2016-5568 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the AWT component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118068 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2016-5556 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the 2D component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 9.6
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118067 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2016-5573 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Hotspot component has high confidentiality impact, high integrity impact, and high availability impact.
CVSS Base Score: 8.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118070 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2016-5597 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Networking component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118071 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID: CVE-2016-5554 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the JMX component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118072 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)

CVEID: CVE-2016-5542 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the Libraries component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 3.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/118073 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM Content Collector for File Systems v3.0
IBM Content Collector for File Systems v4.0
IBM Content Collector for File Systems v4.0.1

Remediation/Fixes

Product

| VRM| Remediation
—|—|—
IBM Content Collector for File Systems| 3.0| _Use _Content Collector for File Systems 4.0.0.3 Interim Fix 005 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for File Systems| 4.0| _Use _Content Collector for File Systems 4.0.1.3 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/
IBM Content Collector for File Systems| 4.0.1| _Use _Content Collector for File Systems 4.0.1.4 Interim Fix 001 available at https://www.ibm.com/support/fixcentral/

Workarounds and Mitigations

N/A

Related

ibm 69
suse 9
nessus 52
f5 1
gentoo 2
aix 1
openvas 30
redhat 10
kaspersky 1
centos 3
ubuntu 3
mageia 1
amazon 3
oraclelinux 3
debian 2
photon 1
debiancve 2
cve 2
prion 2
ubuntucve 2
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Classification
2018-06-17 12:17:38
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect Content Collector for IBM Connections (CVE-2016-5582,CVE-2016-5568,CVE-2016-5556,CVE-2016-5573,CVE-2016-5597,CVE-2016-5554,CVE-2016-5542)
2018-06-17 12:16:36
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Oct 2016 - Includes Oracle Oct 2016 CPU affect IBM Content Collector for Microsoft SharePoint
2018-06-17 12:17:33
suse
suse
Security update for java-1_8_0-openjdk (important)
2016-11-19 16:06:26
Security update for java-1_8_0-openjdk (important)
2016-11-23 14:07:25
Security update for java-1_7_1-ibm (important)
2016-12-07 20:07:14
nessus
nessus
Oracle Java SE 6 < Update 131 / 7 < Update 121 / 8 < Update 112 Multiple Vulnerabilities
2016-11-04 00:00:00
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2016-1335)
2016-11-21 00:00:00
IBM Java 6.0 < 6.0.16.35 / 6.1 < 6.1.8.35 / 7.0 < 7.0.9.60 / 7.1 < 7.1.3.60 / 8.0 < 8.0.3.20 Multiple Vulnerabilities
2022-04-29 00:00:00
f5
f5
K63427774 : Multiple Oracle Java SE vulnerabilities
2017-01-12 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2016-11-04 00:00:00
IcedTea: Multiple vulnerabilities
2017-01-19 00:00:00
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2016-12-21 14:38:46
openvas
openvas
Oracle Java SE Multiple Unspecified Vulnerabilities-01 (Oct 2016) - Windows
2016-10-21 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2862-1)
2016-11-20 00:00:00
openSUSE: Security Advisory for java-1_8_0-openjdk (openSUSE-SU-2016:2985-1)
2016-12-03 00:00:00
redhat
redhat
(RHSA-2016:2088) Critical: java-1.8.0-oracle security update
2016-10-20 12:23:06
(RHSA-2016:2090) Important: java-1.6.0-sun security update
2016-10-20 12:23:28
(RHSA-2016:2089) Critical: java-1.7.0-oracle security update
2016-10-20 12:23:17
kaspersky
kaspersky
KLA10887 Multiple vulnerabilities in Oracle Java SE
2016-10-19 00:00:00
centos
centos
java security update
2017-01-12 15:48:29
java security update
2016-11-12 06:29:49
java security update
2016-10-19 14:40:38
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2016-11-17 00:00:00
OpenJDK 8 vulnerabilities
2016-11-03 00:00:00
OpenJDK 6 vulnerabilities
2016-12-08 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerability
2016-10-26 02:11:42
amazon
amazon
Critical: java-1.8.0-openjdk
2016-10-27 17:00:00
Important: java-1.6.0-openjdk
2017-02-06 18:00:00
Important: java-1.7.0-openjdk
2016-11-18 12:30:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2016-11-09 00:00:00
java-1.6.0-openjdk security update
2017-01-12 00:00:00
java-1.8.0-openjdk security update
2016-10-19 00:00:00
debian
debian
[SECURITY] [DLA 704-1] openjdk-7 security update
2016-11-06 23:22:35
[SECURITY] [DSA 3707-1] openjdk-7 security update
2016-11-07 18:31:05
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0015
2016-12-29 00:00:00
debiancve
debiancve
CVE-2016-5573
2016-10-25 14:30:00
CVE-2016-5582
2016-10-25 14:30:00
cve
cve
CVE-2016-5582
2016-10-25 14:30:00
CVE-2016-5573
2016-10-25 14:30:00
prion
prion
Design/Logic Flaw
2016-10-25 14:30:00
Design/Logic Flaw
2016-10-25 14:30:00
ubuntucve
ubuntucve
CVE-2016-5582
2016-10-25 00:00:00
CVE-2016-5573
2016-10-25 00:00:00

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for A2BB386319876CC1D2DB48B0DF4DB81C4777FAFA88C7E4C55C89FA9443246988
ibm69suse9nessus52f51gentoo2aix1openvas30redhat10kaspersky1centos3ubuntu3mageia1amazon3oraclelinux3debian2photon1debiancve2cve2prion2ubuntucve2