5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There are multiple vulnerabilities in IBM SDK Java™ Technology Edition, Version 7 that is used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in April 2015.
CVEID:CVE-2015-0488
DESCRIPTION: An unspecified vulnerability related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102336> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVEID:CVE-2015-0478
DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102339> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVEID:CVE-2015-1916
DESCRIPTION: Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101995> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
IBM MessageSight 1.2 and earlier
Product
|
VRMF|
APAR|
Remediation/First Fix
—|—|—|—
IBM MessageSight|
1.1|
IT09580|
1.1.0.1-IBM-IMA-IFIT09152
IBM MessageSight|
1.2|
IT09580|
1.2.0.1-IBM-IMA-Physical-IFIT09580
1.2.0.1-IBM-IMA-VirtualEdition-IFIT09580
1.2.0.1-IBM-IMA-SoftLayerVirtual-IFIT09580
1.2.0.1-IBM-IMA-BareMetal-IFIT09580
CPE | Name | Operator | Version |
---|---|---|---|
ibm messagesight | eq | 1.1 | |
ibm messagesight | eq | 1.2 |