4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
Multiple security vulnerabilities exist in the IBM SDK, Java™ Technology Edition that is shipped with IBM SmartCloud Provisioning (CVE-2014-4263, CVE-2014-4244).
CVEID: CVE-2014-4263**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVEID: CVE-2014-4244**
DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>_ for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
SmartCloud Provisioning 2.3, 2.3 Fix Pack 1 up to iFix 4
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
Fix:
Upgrade to IBM SmartCloud Provisioning 2.3 Fix Pack 1, iFix 6
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm service agility accelerator for cloud | eq | 2.3 |