Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAADF2186BA72A2E91B91158302FEE43643FE2BE553EDD944CEE4FAAC74BA6507
HistoryJan 31, 2019 - 2:25 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager (IFM)

2019-01-3102:25:02
www.ibm.com
7

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM Fabric Manager (IFM). These issues were disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7 that is used by IBM Fabric Manager (IFM). These issues were disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

CVE-ID: CVE-2015-4844

Description: An unspecified vulnerability in Oracle Java SE related to the 2D component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107346&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4843

Description: An unspecified vulnerability in Oracle Java SE related to the Libraries component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107342&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4805

Description: An unspecified vulnerability in Oracle Java SE related to the Serialization component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107345&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4860

Description: An unspecified vulnerability in Oracle Java SE related to the RMI component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107344&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4883

Description: An unspecified vulnerability in Oracle Java SE related to the RMI component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107343&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4835

Description: An unspecified vulnerability in Oracle Java SE related to the CORBA component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 10
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107340&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4810

Description: An unspecified vulnerability in Oracle Java SE related to the Deployment component has complete confidentiality impact, complete integrity impact, and complete availability impact.

CVSS Base Score: 6.9
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107349&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVE-ID: CVE-2015-4806

Description: An unspecified vulnerability in Oracle Java SE related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 6.4
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107350&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVE-ID: CVE-2015-4871

Description: An unspecified vulnerability in Oracle Java SE related to the Libraries component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5.8
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107351&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE-ID: CVE-2015-4902

Description: An unspecified vulnerability in Oracle Java SE related to the Deployment component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107352&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-ID: CVE-2015-4872

Description: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107361&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-ID: CVE-2015-4893

Description: An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107359&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2015-4840

Description: An unspecified vulnerability in Oracle Java SE related to the 2D component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107353&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-ID: CVE-2015-4842

Description: An unspecified vulnerability in Oracle Java SE related to the JAXP component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107355&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-ID: CVE-2015-4882

Description: An unspecified vulnerability in Oracle Java SE related to the CORBA component could allow a remote attacker to cause a denial of service.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107354&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2015-4903

Description: An unspecified vulnerability in Oracle Java SE related to the RMI component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107357&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE-ID: CVE-2015-4803

Description: An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to cause a denial of service.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107358&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE-ID: CVE-2015-4734

Description: An unspecified vulnerability in Oracle Java SE related to the JGSS component could allow a remote attacker to obtain sensitive information.

CVSS Base Score: 5
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/vulnerabilities/107356&gt; for current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected products and versions

Product Affected Version
IBM Fabric Manager 4.1

Remediation/Fixes

Firmware fix versions are available on Fix Central: <http://www.ibm.com/support/fixcentral/&gt;

Product Fix Version
IBM Fabric Manager
ibm_sw_ifm-4.1.04.0048_windows_32-64
ibm_sw_ifm-4.1.04.0048_linux_32-64 4.1.04.0048

You should verify applying this fix does not cause any compatibility issues.

Workarounds and Mitigations

None.

References

Related Information
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement

None.

Change History
17 May 2016: Original Version Published

  • The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

CPENameOperatorVersion
ibm fabric managereq4.1

Related

redhat 12
nessus 52
ibm 26
veracode 19
archlinux 6
openvas 46
debian 3
suse 17
oraclelinux 4
centos 4
aix 1
amazon 3
ubuntu 2
mageia 1
freebsd 1
f5 2
redhat
redhat
(RHSA-2015:2506) Critical: java-1.7.1-ibm security update
2015-11-23 00:00:00
(RHSA-2015:2509) Critical: java-1.8.0-ibm security update
2015-11-23 12:28:59
(RHSA-2015:2507) Critical: java-1.7.0-ibm security update
2015-11-23 00:00:00
nessus
nessus
RHEL 5 : java-1.7.0-ibm (RHSA-2015:2507)
2015-11-24 00:00:00
RHEL 6 / 7 : java-1.7.1-ibm (RHSA-2015:2506)
2015-11-24 00:00:00
RHEL 7 : java-1.8.0-ibm (RHSA-2015:2509)
2015-11-24 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Web and IBM Tivoli Access Manager for e-business
2018-06-16 21:38:37
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Flex System Manager (FSM)
2018-06-18 01:33:35
Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time
2018-06-15 07:03:53
veracode
veracode
Information Disclosure
2019-05-02 05:19:47
Unspecified Vulnerability
2019-05-02 05:19:47
Information Disclosure
2019-05-02 05:19:32
archlinux
archlinux
jre7-openjdk: multiple issues
2015-10-23 00:00:00
jre7-openjdk-headless: multiple issues
2015-10-23 00:00:00
jdk7-openjdk: multiple issues
2015-10-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:2268-1)
2021-04-19 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-02 (Oct 2015) - Windows
2015-10-27 00:00:00
CentOS Update for java CESA-2015:1920 centos7
2015-10-22 00:00:00
debian
debian
[SECURITY] [DSA 3381-1] openjdk-7 security update
2015-10-27 21:21:20
[SECURITY] [DSA 3381-2] openjdk-7 security update
2015-11-01 22:21:57
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:26
Security update for java-1_7_0-openjdk (important)
2015-11-12 14:18:13
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:35:18
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.8.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:24:30
java security update
2015-11-18 19:46:16
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2015-12-10 08:51:54
amazon
amazon
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Important: java-1.8.0-openjdk
2015-10-27 16:39:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
OpenJDK 7 vulnerabilities
2015-10-28 00:00:00
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48
freebsd
freebsd
java -- multiple vulnerabilities
2015-10-20 00:00:00
f5
f5
Multiple Java vulnerabilities
2015-11-26 18:23:00
SOL05200155 - Multiple Java vulnerabilities
2015-11-26 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for AADF2186BA72A2E91B91158302FEE43643FE2BE553EDD944CEE4FAAC74BA6507
redhat12nessus52ibm26veracode19archlinux6openvas46debian3suse17oraclelinux4centos4aix1amazon3ubuntu2mageia1freebsd1f52