There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0.5.41 and 7.0.10.50 used by IBM Cast Iron. These issues were disclosed as part of the IBM Java SDK updates in July 2019. IBM Cast Iron has addressed the applicable CVEs.
CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
CVEID:CVE-2019-2975
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Scripting component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169281 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
WebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0
WebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2
App Connect Professional v 7.5.2.0
App Connect Professional v 7.5.3.0
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Cast Iron | 7.0.0.0 | ||
7.0.0.1 | |||
7.0.0.2 | LI81304 | 7002 Fixcentral Link | |
IBM Cast Iron | 7.5.0.0 | ||
7.5.0.1 | |||
7.5.1.0 | LI81301 | 7510 fixcentral Link | |
App Connect Professional | 7.5.2.0 | LI81304 | 7520 Fixcentral link |
App Connect Professional | 7.5.3.0 | LI81301 | 7530 Fixcentral link |
None