Lucene search

K
ibmIBMA4FCE8E3BCD934BCB39BB24840A500F86B5AC6689347B5E7CEAE5B93595682B8
HistoryFeb 19, 2020 - 12:08 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional

2020-02-1900:08:06
www.ibm.com
15

0.004 Low

EPSS

Percentile

73.4%

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.41 and 7.0.10.50 used by IBM Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in July 2019. IBM Cast Iron has addressed the applicable CVEs.

Vulnerability Details

CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

CVEID:CVE-2019-2975
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Scripting component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169281 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)

Affected Products and Versions

WebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0

WebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2

App Connect Professional v 7.5.2.0

App Connect Professional v 7.5.3.0

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
IBM Cast Iron 7.0.0.0
7.0.0.1
7.0.0.2 LI81304 7002 Fixcentral Link
IBM Cast Iron 7.5.0.0
7.5.0.1
7.5.1.0 LI81301 7510 fixcentral Link
App Connect Professional 7.5.2.0 LI81304 7520 Fixcentral link
App Connect Professional 7.5.3.0 LI81301 7530 Fixcentral link

Workarounds and Mitigations

None