Lucene search

K
ibmIBMACF0F1F92955D253FE8D9A17FABBDE19665D165C1026886A0612F8B6186AA5A2
HistoryJun 16, 2018 - 2:08 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server (CVE-2016-3426 CVE-2016-3427)

2018-06-1614:08:19
www.ibm.com
1

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6 and 7 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2016-3427**
DESCRIPTION:** An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Affected Products and Versions

The following product, running on all supported platforms, is affected:
IBM InfoSphere Information Server: versions 8.5, 8.7, 9.1, 11.3 and 11.5

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
InfoSphere Information Server| 11.5| JR55811| --Follow instructions in the README
InfoSphere Information Server| 11.3| JR55811| --Follow instructions in the README
InfoSphere Information Server| 9.1| JR55811| --Apply JR55811 on all tiers
InfoSphere Information Server| 8.7| JR55811| --Apply IBM InfoSphere Information Server version 8.7 Fix Pack 2
--Apply JR55811 on all tiers
InfoSphere Information Server| 8.5| JR55811| --Apply IBM InfoSphere Information Server version 8.5 Fix Pack 3
--Apply JR55811 on all tiers

For IBM InfoSphere Information Server version 8.1, IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for ACF0F1F92955D253FE8D9A17FABBDE19665D165C1026886A0612F8B6186AA5A2