DATABASE RESOURCES PRICING ABOUT US

{"id": "B0549540072FC1BB0D803052330E32E656605B46C7EDC1BE259FE2273831E00B", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletins for Emptoris Strategic Supply Management Platform.", "description": "## Question\n\nSecurity Bulletins for Emptoris Strategic Supply Management Platform.\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris?Strategic Supply Management Platform.** \n \nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm\">)\" for details.? Please use this information to take the appropriate actions. \n \nWe recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here.\n\nNovember 6th 2017\n\n * [**_Security Bulletin: IBM Emptoris Strategic Supply Management is affected by a Cross-Site Request Forgery vulnerability (CVE-2017-1097)?_**](<http://www.ibm.com/support/docview.wss?uid=swg22006963>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities addressed in IBM Emptoris Strategic Supply Management (CVE-2016-6021 CVE-2016-6029 CVE-2017-1190)_**](<http://www.ibm.com/support/docview.wss?uid=swg22006799>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22004442>)**\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22003479>)**\n \n \nJune 13th 2017?\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004642>)**\n \n \nJune 13th 2017\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1121](<http://www.ibm.com/support/docview.wss?uid=swg22004706>)**\n \n \nJune 12th 2017\n\n * **[Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1137)](<http://www.ibm.com/support/docview.wss?uid=swg22004666>)**\n \n \nJan 18th 2017\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement **](<http://www-01.ibm.com/support/docview.wss?uid=swg21996820>)\n \n \nMay 2nd 2016\n\n * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)**\n \nMarch 7 2016\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply **](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[Management](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[** and IBM Emptoris Services Procurement (CVE-2015-7575 CVE-2016-0466 CVE-2015-7417)?**](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)\n \nDecember 1st 2015\n\n * [**Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)\n \n \nNovember 06 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<http://www-01.ibm.com/support/docview.wss?uid=swg21969875>)**\n \nSeptember 18?2015\n\n * [**Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21966754>)\n \nAugust 26 2015\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.** ](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)\n \nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n \nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n \nJanuary 272015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n \nDecember 312014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n \nSeptember 17 2014\n\n * **[Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_emptoris_strategic_supply_management_ibm_emptoris_rivermine_telecom_expense_management_and_ibm_emptoris_services_procurement_cve_2014_4263_cve_2014_4244?lang=en_us>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU051\",\"label\":\"N\\/A\"},\"Product\":{\"code\":\"SUPPORT\",\"label\":\"IBM Worldwide Support\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB33\",\"label\":\"N\\/A\"}}]", "published": "2020-11-02T19:28:22", "modified": "2020-11-02T19:28:22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.ibm.com/support/pages/node/783525", "reporter": "IBM", "references": [], "cvelist": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7575", "CVE-2016-0466", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-6021", "CVE-2016-6029", "CVE-2016-8919", "CVE-2017-1097", "CVE-2017-1121", "CVE-2017-1137", "CVE-2017-1190", "CVE-2017-1380", "CVE-2017-1382"], "immutableFields": [], "lastseen": "2021-12-30T21:40:18", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_FEB2015_ADVISORY.ASC", "JAVA_JAN2016_ADVISORY.ASC", "JAVA_JUL2014_ADVISORY.ASC", "JAVA_OCT2014_ADVISORY.ASC", "NETTCP_ADVISORY.ASC", "NETTCP_ADVISORY2.ASC", "OPENSSL_ADVISORY11.ASC", "OPENSSL_ADVISORY16.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-383", "ALAS-2014-387", "ALAS-2014-426", "ALAS-2014-429", "ALAS-2014-430", "ALAS-2014-431", "ALAS-2014-432", "ALAS-2015-471", "ALAS-2015-472", "ALAS-2015-480", "ALAS-2016-643", "ALAS-2016-645", "ALAS-2016-647", "ALAS-2016-651", "ALAS-2016-654", "ALAS-2016-661", "ALAS-2016-736"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-11-01"]}, {"type": "archlinux", "idList": ["ASA-201410-6", "ASA-201412-18", "ASA-201501-14", "ASA-201501-15", "ASA-201501-16", "ASA-201501-18", "ASA-201501-19", "ASA-201501-20", "ASA-201601-29", "ASA-201602-16"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-8977", "ATLASSIAN:JRA-61885", "ATLASSIAN:JRASERVER-61885", "JRASERVER-61885"]}, {"type": "attackerkb", "idList": ["AKB:BC293A26-1A78-4F0D-B4CE-04E218BA7440"]}, {"type": "centos", "idList": ["CESA-2014:0889", "CESA-2014:0890", "CESA-2014:0907", "CESA-2014:1620", "CESA-2014:1633", "CESA-2014:1634", "CESA-2014:1636", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085", "CESA-2016:0007", "CESA-2016:0008", "CESA-2016:0012", "CESA-2016:0049", "CESA-2016:0050", "CESA-2016:0053", "CESA-2016:0054", "CESA-2016:0067", "CESA-2016:2599"]}, {"type": "cert", "idList": ["VU:577193"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2014-1909", "CPAI-2015-1337", "CPAI-2016-0684"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2015-7450"]}, {"type": "cisco", "idList": ["CISCO-SA-20141015-POODLE", "CISCO-SA-20141211-CVE-2014-8730"]}, {"type": "citrix", "idList": ["CTX200238", "CTX216642"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:1DFE9585B9C1AAABE38F2402F4352EFD", "CFOUNDRY:ACE3C7E4A01EEFAC1C8D47279076DC77"]}, {"type": "cve", "idList": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2014-8730", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-2774", "CVE-2015-3642", "CVE-2015-4078", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-5537", "CVE-2015-6593", "CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7575", "CVE-2016-0466", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-6021", "CVE-2016-6029", "CVE-2016-7575", "CVE-2016-8919", "CVE-2017-1000394", "CVE-2017-1097", "CVE-2017-1121", "CVE-2017-1137", "CVE-2017-1190", "CVE-2017-1380", "CVE-2017-1382"]}, {"type": "debian", "idList": ["DEBIAN:DLA-157-1:370F5", "DEBIAN:DLA-282-1:F03D5", "DEBIAN:DLA-400-1:76CCE", "DEBIAN:DLA-410-1:EF000", "DEBIAN:DLA-443-1:91EA1", "DEBIAN:DLA-528-1:BE307", "DEBIAN:DLA-528-1:C8771", "DEBIAN:DLA-529-1:758C3", "DEBIAN:DLA-529-1:DC84D", "DEBIAN:DLA-81-1:C60A9", "DEBIAN:DLA-96-1:BD7DB", "DEBIAN:DSA-2980-1:9C2E3", "DEBIAN:DSA-2987-1:DAA89", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3077-1:D6D12", "DEBIAN:DSA-3080-1:2336D", "DEBIAN:DSA-3144-1:1ABE5", "DEBIAN:DSA-3147-1:2E393", "DEBIAN:DSA-3253-1:0C444", "DEBIAN:DSA-3436-1:AA225", "DEBIAN:DSA-3436-1:E5B07", "DEBIAN:DSA-3437-1:2CB31", "DEBIAN:DSA-3437-1:59807", "DEBIAN:DSA-3457-1:35F23", "DEBIAN:DSA-3458-1:53966", "DEBIAN:DSA-3465-1:584E2", "DEBIAN:DSA-3489-1:1F09B", "DEBIAN:DSA-3489-1:3D620", "DEBIAN:DSA-3491-1:35440", "DEBIAN:DSA-3500-1:1A27F", "DEBIAN:DSA-3504-1:764CA", "DEBIAN:DSA-3504-1:AD20F", "DEBIAN:DSA-3609-1:174EB", "DEBIAN:DSA-3611-1:6D627", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:2E149", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-3688-1:3F736"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3529", "DEBIANCVE:CVE-2014-3566", "DEBIANCVE:CVE-2014-3574", "DEBIANCVE:CVE-2014-6457", "DEBIANCVE:CVE-2014-6593", "DEBIANCVE:CVE-2015-0410", "DEBIANCVE:CVE-2015-2774", "DEBIANCVE:CVE-2015-7575", "DEBIANCVE:CVE-2016-0466", "DEBIANCVE:CVE-2016-2510", "DEBIANCVE:CVE-2016-3092"]}, {"type": "f5", "idList": ["F5:K02201365", "F5:K10065173", "F5:K15702", "F5:K15745", "F5:K15882", "F5:K16352", "F5:K16353", "F5:K50118123", "F5:K82392041", "SOL02201365", "SOL15702", "SOL15745", "SOL15882", "SOL16352", "SOL16353", "SOL50118123", "SOL82392041"]}, {"type": "fedora", "idList": ["FEDORA:0309060CF36E", "FEDORA:0FE8860E4374", "FEDORA:13EED60DC938", "FEDORA:1BCBD6087EFA", "FEDORA:2DDF56087EFC", "FEDORA:30C4560E4589", "FEDORA:30C4A60C450A", "FEDORA:361B46048FC9", "FEDORA:40D44605DFE4", "FEDORA:4227660CA765", "FEDORA:4329260E587A", "FEDORA:4413E6087D61", "FEDORA:4467B60E6CE0", "FEDORA:44AA5603A529", "FEDORA:45EA7605A34A", "FEDORA:4EF2660E458B", "FEDORA:50E7D60F2C0C", "FEDORA:561B260CE121", "FEDORA:58A826087D72", "FEDORA:668136087902", "FEDORA:6D7C12253B", "FEDORA:77E4F6087EA4", "FEDORA:7903222D89", "FEDORA:7B6DA60CB977", "FEDORA:955A2608A1F0", "FEDORA:997B660D68A4", "FEDORA:9E5776087B1A", "FEDORA:A8CDA60E1392", "FEDORA:ABDD7608A209", "FEDORA:AC832604E903", "FEDORA:B1D43608A1FC", "FEDORA:B758360EE970", "FEDORA:C4392608A4B4", "FEDORA:CA868607A1CD", "FEDORA:CF0AC608B5E3", "FEDORA:CF2EC6087E4E", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5", "FEDORA:E523360D8734", "FEDORA:E67696087B8D", "FEDORA:ED7C56087EF2", "FEDORA:F38FB60CBEE0"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["03175E62-5494-11E4-9CC1-BC5FF4FB5E7B", "03532A19-D68E-11E6-9171-14DAE9D210B8", "0DAD9114-60CC-11E4-9E84-0022156E8794", "10F7BC76-0335-4A88-B391-0B05B3A8CE1C", "384FC0B2-0144-11E5-8FDA-002590263BF5", "61B8C359-4AAB-11E6-A7BD-14DAE9D210B8", "76C7A0F5-5928-11E4-ADC7-001999F8D30B", "9E5BBFFC-D8AC-11E5-B2BD-002590263BF5", "CBCEEB49-3BC7-11E6-8E82-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201411-10", "GLSA-201502-12", "GLSA-201507-14", "GLSA-201603-14", "GLSA-201605-06", "GLSA-201606-11", "GLSA-201607-17", "GLSA-201610-08", "GLSA-201701-46", "GLSA-201705-09", "GLSA-201706-18", "GLSA-201801-15", "GLSA-202107-39"]}, {"type": "github", "idList": ["GHSA-5WFP-8643-C58X", "GHSA-F7F6-XRWC-9C57", "GHSA-FVM3-CFVJ-GXQQ", "GHSA-GXG6-RC6C-V673", "GHSA-Q56H-JJJ6-52MF"]}, {"type": "hackerone", "idList": ["H1:216271", "H1:288966", "H1:318594"]}, {"type": "hp", "idList": ["HP:C04720842"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141215-01-POODLE"]}, {"type": "ibm", "idList": ["002FDF1996A1F8AE22AB4EDA4016102371CF4507D9043BDF345F9697E8F43C02", "004A55EC5AFFF9F8642699A1B717B83364A3D2020F683FFBF6C8A3EF22CAC3EB", "00CCE1573777F42ABE99718CA356421C893500F8774B2D76599D43AB2118F4F2", "0103A083EFE13BB0A09409F189EB554977F5A87C2021E473616564E5346F1AEC", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "03B6C658330D9ED7D3D5C516018194DBD42F5AA0466A1BAFC87309A8A438D756", "04726C927358DE7C79B84007A8A671E0959A19D6D59C8E488498409C125E3D34", "056E96784A0F2E360E8FFDD6166940DB126DC42CD8EE29A4F56654C90AA3DBAE", "061475F6E2C8D0A658F516F9A0D424318A271E2D29949317187FCBEFD3AB74A2", "06457DA2FE08EC56407EF05C2EAAA9080634D44807C2A8ABBDEA18DCD9364BAC", "065043A4F97D98BC08FD9CAA5BD98D88FD7572B7D4428A44CB505172C0223BB0", "06B457F7339BCCC23DA8DF77B3A4D0C81A2ADB588E02898CD44F146C3A9B22BF", "06C07D32B3694B9428DF66A58E914A3888518AA422ACA9C0FBE65C7D07FCACCA", "0751573D2E98D41D9FD5C53D769B2CC3007CDAB9443F2AB513D613437AF611AC", "07A7B6460487838EA6D909CF7053D5F8655D2911E06DDDDB16F801ECCC972111", "07D4FB7502461B455170EC4A3723A261E0A884D8FD1326DEA1F8F1ECBB88F061", "085C6CA90DE627C71EE8BA457815CC459880B3A5A2A0DA73EADE9469DD73B572", "089A22DF45A6A61A3FF97373F238500A1D91A110E51A6F34A717E9D0666652FC", "08A60A414C2F101E8FBC77A91D981603CBCDA6F17B941F98E4CF7DDFE8C5D702", "097E8E8B9C8FB57FD1CCFBF085291BC78FE58074DFC5F49EBDCE2E02F680E0E6", "098E1724D0D22BD8E0B54429E8D6B7A2A5B2B8403A792BB9788E96F4B4565340", "09B1CD3EDCD90FCD6DC97ABE199599811157B76EAA540A12E3455560901FCD6C", "09EDE4E0CD7DF2699F28363782319D7EBC282776D733D8DA6183FF69A1E1027A", "0B07543807D8B64D9B02E12CC51FB9074F51F67994149069B340AD14463598F0", "0B6B5447B33E56CF5B4322D00486B4377DC98D1379E334026C0032B8C80F0033", "0B927E1702481FEC8CCDB9826D258657CDA0F0D0C5801F6132AE7B15FC60685D", "0BFFC8DA3D20D61485D3B937CF8B08468DB94C6B523B29DE9871511B28C3EEAE", "0C2BB43DF89AB651EB4868C14225E174A83EBF22C74E30A0801125F7BAB5FEA4", "0CCEC8ABD558DD7449BDDAB9E84F5DFA8520B9A0B5853305AF14F28B174BE11F", "0CD3C55D23EF6A3854413D6B77B0308F73405F8CB242F8337158678FAB58DBC5", "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "0D043BCB3600EB69133F2A2ECA85A40A4EBD2F839DEE5DC3A4C8E8CE8ADEC066", "0E00AA8941EDBCF93DDDD7088D2C303613B72667D550A884AF92B427590B6626", "0F73246124CA58D05064BB5D07082DCA6F2A1D48630CAAC82BCFFB4A71F45CA7", "10A1C628C399C86E24C9D6A9B3952A5B25FBBB7072A52C80458F472DD864A956", "10B412598BD1C6860D10A6B4E53FE9E13EEE886F46048363F6C6BBF249459DBE", "10B4A1ECB227E231649BE8E4A32C8374549DAC9A952EBB0FCFB544E37F9A647A", "11045A23050DD787D28987E154E3966CEACA31FD5FAFC1E0C7EDFDA27E72A808", "116CC00D5265D0FFFA8CE1B360264EF9FF95784E6C2C3F0019DE1DB74C6E9A89", "11850D4935C59F6F9B6E5C5A80BAF8C5490B646F230553654E07EC29A53AE9E3", "11A48BDEC7C322728D5C38E2A65C6152345555E3DC5223860FFCEB2424F46D5E", "121AD16C8E6DC137F59BC7099DCBB94073B1DAF243EA01F065B73DC33C59F7CD", "124BC5B239FE67EC0AE43A8E0F0918B0BA544E977E72754946EBD146C916D64C", "126537C1F8F0F30E3E1F51F743F09DF0CD7BE1FC4C806F6317B231F16161C1D7", "1346B5802E1B15CAF71A1410B1FADFC9B05CE9AA4894F4F90F987EB39E8CFC74", "1381B98ABA6B880EAF88AF4EF55B330BFD425893F93C59EA19BE8351ADF9DDE4", "13C3D53BA54035028BA8B6CCC92D57C0C0AFB5754F2A746073C2E64512AF302A", "1421474503A03C31EB50268E172E3CD3BC05947AEFD88084C756A171F6BA9781", "142BCF9DFE12C8120D0F10EB7F7C4EF6289BDECEFE22E9A922E1921894B7DD22", "14D6BD9FB21D986F7A7372B530E1023CD0FF42323E4743E166603718FA4482AC", "154959AD312743D0405AEAA761D472891EC4AB0DB42D62DF98414A64862177AA", "1552258BC602B501CB144C17FE55DEC12CEDE82B9F4351E9E4F47BE8C7003BA9", "159D15015A041EA5EFA6FE85663F44A48D3FD8F7BFC0631512B9DEB34EB3436A", "163B562F5AFC1A99F9A2701D0E47704B52714A334C626B2B0BFE651FAD6898B8", "166067D8A3B965DC90ED6FA0CD889846C59C6C0C7F12DD279F1904083A4BE87B", "16851167A6E7D383CF52D5B447DED7E09886CA93B8A9A92A25FD7998659A49D8", "1696E1D8792540E46785AF5C86F8AD0F77D5F716A56F15223E99344280FB380A", "17415BC48E86A98D5F410E3B171AB671765EC41C0E582F1F781BE5F0813B2A38", "17778B43D8F84CA62AA64E76208DDA152AA82F96A219944D7B74EB069542AA67", "17AD7BAA4B4B92B376991EA6E2FDE807376B44743890E9D9B34CC80855CC7FB1", "17B08F6F44F4DFD4020907C209D995B8B4BE03B83FAA709EEF0B6474E13631F8", "182B7E2B619361F12F4ED5FC874487EFED77E355247E741885559BD37BCBA877", "184641991862DFB0F35C971BFCC1EB32CFDF27D59F9F654051C8A321ABA5D4EA", "191ED0FC710CC29D37F2021F055C5B6E215B0D429C955179B8D16255149183CC", "19FAFF710B3E3738F8567DADBCF7C6BE9748A2C12CD349CA0B858BA9A26AB606", "1B7D434E2F1C8DB76634F8CA2E3ABB8CF42C847FA670A06F5CA0DCC0AE9301F5", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "1C637E6084D0D71F962838FD3ABAE2EB0AD3F2EA6D45B6F434C07350A671EB47", "1CC7A3B18C6A6840C27A5AD471020D77EDB5E679DE0DE0349AD85905B0A529BC", "1D2EB2EC38E4DB6C0CD2883CA6D9C794795FF7CA8083B7028EA7A644113427D7", "1D7A9620014C4105B221C6CDF92C1FEE1B525AEE56A16CA716E6FAE637E873E0", "1DEC7FD30C92434624557BDD1128B37921411BD17E6CDC7FBA2302EF3CDB8DDF", "1F85DC40CCAC6193560C222233AFB88DDF301441A0F168CFDF21B3B88DF3BD1F", "2020ECD006208047A6BEA328FD4492CCBCE205CBA9B159EECFA5284D682EDB89", "21446E7BD60AF25A929641E2E18704321FB557C135FBBC6956A6264A3FCDF4B2", "222346B9710ED525F19CF0E5B8B42B38A67694F070D5F5B1E7D7F8C977993E4D", "2380AC5446A837687B94C80B43FDB2DEB52843ED074547C82BEAA12261E29C16", "23ACC7BB2569417276597C257401F3783EB07FD152C4689F7E77CADFC4EDD536", "24154670B8CC3EB03C11F4CFFCD12D680AF81E5BF7B5E295FE2642969C84E9B2", "256D69C6A8C49FA921BFF6BD50DAECC1F4BFD09962DC3AA698602171A4AF9305", "257FE3C03DF1EAAF4C91B06A98D64FF55D1CBD8F44963992BA87CE378431E9ED", "25FD18258A26691264DEBBCCBA1D7490F913AE13FC136566A3F1377AB0AFBD37", "2615D49AA1D86D093101D40F07BA730C603BE4F77E99074A58A59F94744136F0", "26381738404F7B6DE24D6998858764B65A9EB4B83330310F854A9041D835DD8D", "2650AFBF84F5A110BE543D866E405B2673736E39406B209BB493BC69B63C62F5", "26A1F6A8D3BAC2EA4C4C84E5F0A1288EFAAAFAB5F04F6434CDD540E150458587", "27B8E9FC98BA91ABC2C10006CF43B0739BDA7A3213E6F5DEF3851A7D59959B97", "286F906018056591F4A9027FC1AD845C489369D42499BEA30D89978EDA680EBE", "28B8DF9831CBE73F8343FFDD2D474F54B9183199B8325F3939FEFE6EFB27811F", "28CC49FB103280BB14EF3B3C2643BB48718832E42B21E80C929F84D323F98BEE", "2909E108CC11D1534AEB2FA86A0301389E6AE2CF916951D7288B9507C4B4A871", "29BFF097F764F2E2870C5D0DC577733C5EEBC573E7B3FE466D280FD91D64FD0A", "2A0289568A16E75438F062DD5447BEE8F462BCBB11E9154045B8CB577F2DD29B", "2AD55644A16B08DC4CD7D5B0074C944128455FA5FB38A6CCCF95596E90E15198", "2B1433F19093121457472DA5DF5E52AE542DBD8F435969C34F49B9AE9E8A2D1C", "2BE9140C38522B6603DE40CBE860081AB9B8829B43238734C750961AB19A2022", "2D47C04E6DC96C33D762A696D877470267709B318694B545F251F97379605B87", "2DF4487CB3C4D7660AFDC280F9C0E84F0C2D6C5F4A2207259A023074EA35AD70", "2E9BC1AFBA9F34E20E313BA5B8B5B6C1AEEC0E8F6EC0B353125AA17460789A62", "2E9D4568B743B9BD75F8462B4F4198F10C55ACF509C02151171249327D3AA277", "2F5E9F58C5211E4D42487F7A140F36650CEBDEBD701BADBE4FFD04B577E43B91", "2F816069CAA66A54C42E49ED29CB63DF268919E76E80D54190EC3F850E0D535A", "301B538BBFC46479C631567610002A3C90A71686F341C9C711106324BEB1487D", "305CFF54D1B74278AA889780BABE7E0790314E9D321B6262C0EA59170C7721E6", "3087E890AD1B34329596C16C2C76C102E962CDA62DC06323CFC97E0BC299949A", "308E7990CF653F320A779F892C70403DC99B4531DCBA2478F2E961436956D465", "30CE29210480BEEC2EB282BC15979827A9D22FD02B9CEC9C7CA1BFF2E6B78BD1", "3173436321C56EFE717CD3157343D8881EA1EE61D9FFA6FAA9912F1C744A3245", "3295A5B404301FFFBCC0048CA18EC9488AE38BD5B689038192F853720B4FCF1F", "32EB8BE682985EED6CDB1D2FE6AAA4C3E1F475A6C6763236F416CF5D1908DDD8", "3365EAA84713F04AAC91BEF235DE8AC3AACE7A80B2A73FCD9739E24AA18C5AF4", "340A193C6D9215C452A9968C52237C32323D9B93CB2BA2A43552E814B1CE9684", "34140B27A5D1A59AF1705275CDC6C3D56125ED159A93155B5AADAD5E28A13E2D", "3484930B9D1D577B443F9B6823E8F4CFC7578B80B89E16866C07AC9046A0F330", "34AB6D6D15816E142F80D91517900A17DDA91DDBA48EE54CE98D3BB991F889F6", "3571B420A072DEE76E37DA221B03342365B3036A912A7CE6A01A988190A8F62D", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "36B9584E17AA5AF2507B4055D315F6471C0FAEB4DA5E11B3981F0D14B6267101", "376881B708EE709A23D7CF26BB3E3EFE99A529E7B07BD86A464ECD42C2CA569D", "38BC00D7FF3545C436AC4533805630DD0B45CDB4B97F36F6ADAE8817F3A655C7", "38E3695C5B3EE4D15780660A89F4D26019A58543CF739F5287F581F2B2B6A7D3", "38EA893B1CB49114E3D8196A772DD2EACB1D68746AC3215F7DC912F30D4B3635", "3918C76EC7F53EFDF9D130FFCD6246ECA57AF2056C25E6C5539574FCFF5D00AA", "3996F61A39895C8BF5DB89481CC4F649E2B90762965374C8A32E5395AE4CF526", "3B9F6F5E9D79A8020104EEF5D0CC94C720D4533CBD170B94B66F7CFE87D9D97F", "3BD924AB1914D06D60F032CE4061B3FB0D5473ECAA7B3D99C2DF77F4E5E7546B", "3C86E9E9B80CE61FF34A70463FC2C9E86F96058B677B896D64601306CA1E6DE0", "3DA37A2135E24CE9AEC3312A8E1396DE8B2AB6EF30778E96DEA7E40061027371", "3DFE6203DB59955492FEFDC3D6D48EBB07936D0F880BA3893D07DEEAC6EC7CD2", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "3EF919878669EE41DD08409B9AA0E2DAA0F0DBC40CFE18712D5924A93F1806CF", "3F0A86B9112F51C3B6A64183B5DCE227004E4FE8195B2CB6E060CDFA713A7026", "3F57B28A333795FE99F15204541692079D5FC8DC7D021B800C34913644FFC319", "3F999F2698196B709133A31BFC040FECB99D04939110D66AF4407381FB44FD43", "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "40143F0DA50617F5EA31C30CAE6F6341059E3F031BCE0BC7DBD9F120A3C1F432", "4072C39942198FA288CA301A6C2F9213A715552B7A9DD1177F87322136D13270", "40AF05CBD3BBA604933F6C61D164EE39373BD16E9C951A8CF9EE0D2970B196AB", "411DE209066A00259E38D292C22264C2EDA3B961B523920D589433F42FB534BC", "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "42312F10B1658E98D243F69333FFF10B2BDEDA9D5663B5D9DA8AA5CCFABD9196", "42946BAF31C0444C897C0A48568A4C1513C9FE6F988EFED3C4F36F863AA03625", "42CD8D3219EBB2F9262228248E591AEF8A347AA1D644C8C78B1E5CF0F08F3525", "433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21", "43EA7D9D017D774D32A0D197F345A2CCB9AC632F5A3F17E7D34A94C65782172D", "4429AE393D14D9DD1BA1A49D42CB67BB5D731909307AF189B937C047DFFB1943", "448B36431D70C2FF876FBEC8D7CD3B51B5042A64B4AF7EEA7903D392CD01A757", "4522A227EB971BB2248AEAE79E5A7A218D021F04BBA4DD6C720792ADDF5F902C", "45287357CDFF0CBDD9F6FBC98FE84205AFD006DFB984C6B589393F8B09465C66", "4532C7DA73DC2406AD4939A367B9E0C64E210793FA8F9E24679585A36617A133", "45598BFB4E8D67B515A9DEBBBF4CF71F882A6EC2E045D148C250DA38513CBFC2", "45A3D9451D9A042B4B823F72CB8D2728FECCB3D99F3D358EB95D984F7675F955", "4600571F6CE1CC296F684423035AFED51CBAFA3DBC1C24C76426526C65C05901", "47644FAFD6F6ABB09C9F2440BAAC192C1002C567818AF5F51FCF8952AB3DBEBE", "47854739A78D340A07A1A22935ECE0D3E40F068349563A968BDFFB20132370BE", "47EA320BD697B3B3A010CEFFA26D721AAEFB370CE3B13E7AFAD938F617DCA5F0", "4809400533FD6C30023AE955C69A543142E0C7DF76FF919FD4AE1E2A5EE20F64", "48D167835825E836FE66A7052F77935A84FFAD6E331A57B458A717782E497AFA", "48DB399741E0DA1E35C266025D20ED1FC016914E485624FF4AEFF3D98BEF912A", "494EAC6DED2AE35E21EE2CDDCCEF3D9DC2E0A6224046209E48AE5CA445191511", "4A325EAEADE0B2570B74B5CC599F3C1975F694E5A8FF485F9EF08D83AF509833", "4A95B1896DEDD8AF3CE304090A4953DAFAA77A9A536EEFFDA7A7CFB186AB1198", "4AAD2BFC5837F0CD9E63B31CC9644C3A90E942FA13F398384C4E1FBA2E175E09", "4B658A4E1DD9BEBA4FC01E63048598E09F50CB1F3DF1425149B30054D8A86861", "4B7EBAB09AB01A6A2993819DB2589A79B0751770B2E5A63287320AA02BEF3420", "4B8B028335F38A81B875EEDB76A203E73DFD0F84677B9AAD2F4DCDE90DD3AC4E", "4B91F54351C8E2A7EB94FFBA49ABCF65F3B89CE008205B01064C1D209D4E3196", "4BC6D30CFD09083CDC5151EE89041D55BA6A3D117C87B28CD19B676AA7F1B10E", "4BD0DFC4EA5C8F35DAE1CAB11062FBDF5B950423CAC42536F2727916ED8065D5", "4C3A7AF69520F85628AA81BD0558FE9A6C0B1D261F918B38C8DEA77475FD6DF2", "4CBB4033AC337E83AD3EA3A3DEC8A422E391B20F569BDE525FE1C1D993732484", "4D77034014EA28691F31F1A1AD3A78E0638E8CE056EBC57C6A804415C796E31B", "4E03B5B740C92279AC8C147BED2256A592F9E9668D22F421EC3C26ADF5BA60DE", "4E0CF71A698515A29D0ACA1BB71EC6A8B109B50F539EF3517671ABF65450A55C", "4E170B8FD5682769ED75972FAE0552F568BCBFC890B02D2B0B3E378720026C6B", "4E5F7B8657FCADABFB09345EC5CB315D63A27143FD60609837945547A9FDA17F", "4E95B5EB959CBE5490B90287812FD445A690A3158E83D37882EADCE4A7BCD44F", "4EA215B3645DDAC4FD37F8734C45AA03E711B96215D9E5BD79734DA548CB9D4D", "4ED2415E866AA27E2339351646BE68575D6DE777D3DA7E7EB9AC12F916F1C0DD", "4EF982C974766057C7B93AEAB363E572E77E92BC1EDE757D6871ACBFAED6158D", "4FA9A48861BE9F8F3B720182D35126E64A74A6C71351AC2063C9DE8662C621A6", "5007847C128F9E3D31BFC95E261F4152F6B9DD1551B91A8CBFE6C1F12E8909A7", "5049E0390F7FB17FC4FB6FCDA949E23241366872E7987B7D22194E73DA48367A", "517ED6B46A2D3B0E04DDB4B6B9CD4302B2390BD38C3C1127A87B5CADA67CA8DF", "523AA94D1E10269FAF98CA05CDCD7A695FB6F29B64D25ABFB286FC0B6B450921", "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "525C6BD08A7DEAC797E73609EA859FEB9C8E9C33062F7D8E6C8761C8DF6F813B", "527AEB02DC4029326B0DDB6C7A93716F28D3B32A5D2FFCEAC8C4A9ACE4F8F863", "527B5E90CAB7DAC1C518A59BF77CDE34841C309262297FB18D36716B2A007A6D", "527C030C003106EDF08727B98AC10682E8DE0D0F67A43A4BBB5A977ECA249116", "529738DA56E39D786AE750710FE217BA8C730289CB3B2DF92E820F0305BC6957", "52BB0D1CF9E678E216D235F48151D232EC3E3224C07ECBA1A4139D390CBEE54D", "5318057D0471B508E9FE524F8B5349EA7FCFE8601407991A6972E6752252FC79", "537C6D5AB87E83C60FB14762388F0A746DFE1C4977ECE943492A36A3E17E504D", "53DE79EA36CC70E39ED3ADEDDF7B03288CE0A5AA43A75E91EB31074E052AF91C", "54C81579611ADF090D2AF0FE832F96B44E0B4A797097BA6456C22FC6756AE38A", "55DACA18AFE52B9657ED6763ECD6310E15A2B6AF470F5EA9C7BA6E971FD15B5B", "5650B581CC8825AC08D824C43E45D5DA6B9E168CF24E67CB80A5D3E2A616B96E", "574963699AB3ED548B8F2BBDFA0A64E37DC3ECC429A87421A2C373CB9405AEA1", "581C275093B683BB779DBFE1995D5CE6F40E4DDF3105B319DBB43DD3270F0131", "58FD1DDCB55CCDF528A44B993538A2A81B510E99C4CDFFC005903C0A1A55C134", "5902A41E6B193100253C43987CCC82D3DCB47681EEACDC1CD8E3887329ED5E19", "590F7AA732D08AE8302AF68434D55F5CCF9EF2B0DB532FDC7A2041F706C5FFFC", "59D56E551F0858C15C0370A2B00AFEC30A4E07DDD4B419BAFCB87897BEF93C3D", "5AC842C76A38BA7E6961E8ACD0BA85FA50688DCA05B04D73F870154778C0B550", "5B41DEBCF5F49169640E9C46254A5581FA9E8066E153CFC073F7BCB78C863D65", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5D0CC6456D2278646647F1A4FEFECEB673F2B5D1F99FBBC5755735CEF5AA6268", "5D232E30AB5C93919EF580AFBE6D2ECEA897D47EF039A381A71CB4D189990CFC", "5DAC43403A6D99FD575B46543303C4AE9DDB38B3F55FBF172BDEA1936A1DF2A2", "5DCFD439936E2F8A52E5C8672372D872D6A4B217ABE8891AB553B9118FD960DE", "5DE8B3EDE10727E701D4521B68C43392913E7992400F9779163E6AE7193811BC", "5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998", "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "5F07312D1C5E6FE8181D631352EDDAC9A1D6DA80B24005A4700B576A3B30DB78", "6097D8015AFBEEA139CD04B0695213519AE407C70058F9CA2120CAD2E9367C6A", "61D420CBF525B0B0F7B6F0B31E19E818B9B55694EB5923E5A2AA5F80361EF5B8", "62439DA1685C8834EE8D742776B2A816E2F759488A37A2E67FAF819FB474771F", "624E8F1573BB8241300915543004B586A0A1F859A348DEEEF65436141D4AE4B5", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "63BA91B4612104EB8E2D55CEC2DCDE8AA7F8D44E79BC791C78F79931691CECF4", "657606DB2CDDBBDF0E70FA07AB470C83F9CD3C70323D4ED1E7DB1979A6B5DDE6", "65CCE741A79909EEA8CCDF87D99B902E3722DEA5437374949A3D3ACCC7F6F48A", "65D2023CA7B86139BF24CEEFE9E5ABD3F31BC8FB55B2BE141C6D0E3FC7228888", "65DB2DF1E5DFCD77CCBBB618503600B226ECB723619232D76182A80D58890F9D", "6609091280A6265ACF23CC819056F828A2821488E85E726131FA51BDBE28BD88", "67578E30259856437D267C1A3D6E2CF49BDE0DF9BE42CAA71809801A7935BE9A", "689070AB4C011A979BBA5848242A400944D849D04225B611EB1D2B6DEFE03427", "691A7F683AC2496D21C51C44AD02D677C2E591E44FCEE5B5CB44D3527127C663", "6943EBF756F3E60DFD08A92A9555CEFCB7E709C96CF139AF025DB30FC1740DB0", "6A04D5E4C99A2F50DCD4C5B4FAF20AD2C3B16AD9EA922F5FEE4DF718AE506672", "6A2DA1714DF56AB2FA9266DEE0E60C0909DF1F23FA7DD657461079248F078C7E", "6B1FE6B87F5632D0E3A2DF3894D6A87F2FF4EDBFA3CCDA8DACEEFCD473F77904", "6B43D849CF02C2C56C98AE74FFEA7666C4B326166515DDC2A9E18E2F7CCF729C", "6BD8A28B17576E05E0B974C262EB42ADF09E98ACEB21D1D8CF08B3D64F137C36", "6BD8E3DAEA6988B5ECFA9DE1BCC8F44BBFD4AC94E0B6BAB1B72FAC68AE3397B2", "6BFA62BC112FABFA05C6C5C47562FC2C7D3EECB9F385BFCD8A861FE181F02933", "6C099EB2D7A6A7FB08F677C5022E99A80942C8B6F6F4DD59D6C967A34499E8CB", "6C7EF094F5ADC8D9F28ABF3F2EB18A600C9A1FFD5B394603509AB166F1A6FEE3", "6CEF08A1A5A2589C6B108019F507F85264A6994B29790BC8B95F25B7959C7A69", "6CF712EC46E650EA0B3532ABACC5EB4ED5C9F8F8B5F77D0B96DCFD88A9040D1E", "6D535A3AEF65DAA651A7961CBD4354AE631F476BC694CF73D20623E7518799AB", "6DFC02A34D3BB730D9CBA6C97A8D3284FFD1FB8F5F3DD7D9B65FE6CA089C2006", "6EE1809EEC7F8E899D29A5D629693347DEF4BE3A98140451F3CFB1F6F3D44734", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "7046138B9599A1C4F494C484A9BB676F47CE5DB50FD7EC9400CB6F191317A8B0", "705280D237DEDB26D3D68396BC2097819ADC8127D93D08AF8CFC027E9A703179", "709E27E3685930B945F2FBC357A30EA55914B7F6AA51DED371226AB763C07085", "70D598FB0EC5B16C61F969E93550D01E02981B6F45DF9C62FFECF6A39D205317", "7196C8D1335ADFCDC76659DB37704C37F43BFC5EAAC5070B6B965CB49E2ED826", "71AA5C5E904974496D176E355A4DE8D09CA0D9EDF250F624E674107DAB718E9C", "71BD98D15863867D1955C6BE20CE38B1FCD81182C4462C5AD7B097E20B1704EE", "721E6575EC4195C159F3DFAD38C6122D1576DA30768EE56292CD196BFE358988", "72EF00C4B35D9599E1A58E00685282A8A55FD82A122F9FA814B19FB08B691740", "72F388362AF41C5685D24932E9104E4D10F2F34B4CB1D6A825C5735F1D4D2178", "73F295E4CA98A62DC32C3F4805623BBE6C4CCCD3F58645888D4CF9A556BEE309", "73FFF67D19D642018607CFBAF160BDD98E9BD5C2E6261CCDACF5A27C279444B7", "74076B236C6D5E1ADBBD56B5F7295074E99E48D62D66B33FFF3A6DC56689B9B6", "74703F913A5521ED32B7192E664187A2672BA346C48F8CAD66D4E9AD8D48F992", "749B6A6B6D38F5F07BF39330C93789453228E074FE9CD70890C9F69C2C3B6BBE", "7655E911C4B5C15A4CCD0F1A20473B81F6CC77E75CE6CF711D4B46EC3E025649", "76A453BCD047723CA1CC19571C2519F1D2D86C3F1ACD8A2638C598517C05E173", "774447A42E7584CA310C1D881A1B9F22575B31868A10B3206AEFDCC52F166509", "7867594F3F661628BC072448F76C9D640CC551AA7B923B0ECA02D677F1DD75F3", "789948D6E2D3214CF6D14873F1BE91C91BC7007F1ACE3F9DD9D9CBFBB98592A9", "78CFFC4D2D270C24EEDC9DA3C157BE051A6915432AF4FACB8946F44274B08376", "7939E3127B55B3B411285CE6E6FFE396E96A0EC351F6CD5E416BA1F9DBFBDA7C", "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "79F7EB62DB5A8ECC70229B81AD83CA7190E2B816E6FC1DBE08ACE303AA36320B", "7A930E692B42F0E6068A68ED67582BB683B61EBB2E232EFA08FD301A8BF0874B", "7AD451AFF17F2B4F6EB9CD3090185A0E80620336B204FFA21179DB7F339B9F8F", "7AE79CBB38C9B30F603A5F44A9B8F142162D6B14888148AC3503AD993B81C776", "7B6A0EC4B0BDE7D3CCC734AA346757CF04E0ACCB853B4076CEA5505A64B850B6", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7CA25B1EC003F3EC4251CC48661D2C1C1605AB32921651FD207AFBA860EF2063", "7CB5C30B18A19EE98ACC8D66D181A33C3D847CA83CFE7700118C80C3DB0850CE", "7CC639A842FFCB87CEB4C497DB1ABD24DBBACF8C16556A04B5249D0904F59838", "7D1FF9AF4197ACD2DE094C701C639AB3A23C0D00385B605D461CC2415A391FD9", "7DB6C62E3DC8D14093067BD5875A863A8CE74E7D3D322F6342A9C74138ECF9B1", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E1AD56C932EE6022D560B647F3D701B90E917C8D245F2619F30EAFAE93014A2", "7E2F62106B895325A750D4AC20BF018E0EF2AE3D85B9685ADBC3048C8D7487CA", "7E327BBFF3C6248340BB4D02D0AED4CFA65A1C13329D0793D3B72E11E963D084", "7E38B5647935277831AF11707573416EC8955A15BB564098AE854AC8BD0AA00C", "7EDEEBC61F6BFC0FE12C8D103ADD7598538E4818C0A635851318C53F2171DC88", "808466038C0E6A9D6277192338DF41535AF3F030D86409338429391D7DFBCB8E", "80CBA97D4C339564CDD3571C5AAD9B39B1141264FBCE736F56AFF8266EA88A1B", "80CE5AE28CB63EA9C59DCD3341ADFAF9A6896143362A5AFED51EA3A67C5B5A29", "80F0700C72911776959FE504065DD82D18080F7C144E3ED2EAEB33082E18A72D", "814968E8DA38BD4EDC807F81466A9CB916F361B3980B9334A6F6CBDE0DD07FFC", "82D72845B48E29F382E3CB32198A7458539BFAEC832BAC6D7B23609003A86C76", "8325E2E8632F22E10CD653162D8EFC2BD56BD809EC2298B08EF585D287E1CFA8", "838ABDA0AD5BAD7A418654E286EA8417E5463A5202CC7E5CF587241BDE82B377", "84ADA1A0F9193EF446D20A2AE6CBA8AD78BD934525DE84341357005D9E20113E", "84D2B6AAB4BBBF7A71EDDA602CFAE3C281479B9C53A36735C61F9CA5C55A781A", "8532AD1C55503FF56DC3398C3EBD7DF43A159B31C56E1AB52687FA4654D3FECB", "8550C30C4A56D3070A2109BE13555117FD37487C131991DA553C8B5CDFAE2259", "8566BD5ED9DDE4A30397E9B8DB1B50B3904BFF15F087A9F1B8F47F9C8E60E4FA", "858AE0814B0606CAAD401114471EC230976E8E9BB8C23DEF159F31D3F5DBB1CE", "85A0C504FF92CDB72A7CC6F51AB8821174675753CC976BCF65DA11E30A38515F", "860EED3D9CEA7E95A62905473DB727412A3D17D7F13C770B6FB6D63CC3CAD663", "86342A16183C947600A2D12FE2134D8199BF66CC53E099BBBD76E9F235DE5D41", "86DB132AD151A8E40020A0B23000EE7EBA54ED84C7245575EF0890BC153DB650", "8702C386F98F6C97AD0CF2FAFC26BBD511DB58D3BE7F5F72BE419C2A81A0076D", "88EA896D99872F01F51690D372F7C62BE59380776AB1C1319EA3472BEF677AC8", "88F727F191CFFC37044A03CB83B1BC4AD832285EA66FE76EABF1CD38612CA6F6", "8937CBA3426FCE31295ADA0BA5DCA9E051C3D3F6491200BA2153E80CAABAFBCC", "8940FB7E7C545913A0ABBBABC6E8D82CC5BC34296FED2536B4C21810CD26D433", "899EB53FF6D7EF5FCBB2C9D9531FFAF9D68313191F09BD0D43CD9D8F32F900AB", "89BA66958BF3EF0D1B8FD951254B5E52E497E5982616522BC59B41D8908B2D3C", "89DB701FDA8D57E716DB17DC1D2B06DF3EA63347FFD5556F145651826A5D4927", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A9198697F8388FC75E2DA73A2811AC8903D8787718F479A630B9674D8C0DC03", "8B09C9492941B8B6C6FB844862484437C6E439C77EC2B6E2EA1BC5C87B890DBB", "8B152CDC9A53DF1C3A7E1D3C9E764839F5ED8E125E207AE55304C80E5625D456", "8B39CCA8EF43329CA20B108705252E9FAABD68BC0E04A0D89EA2CEF5FC811037", "8B8C66A4898A077124BBB8B80AF8131F97AB4CE33B457487C6EF966698FD1EC8", "8BB028E943A30864E5B923644DC6C0D0F02DF3A93C32F3073F32274A1694BF13", "8C189A4A1E730005F1F6728800F9EEB4D76D43743AEC3B91CE47044F6F13EBE4", "8D03478BE637F2274E0A5C19A86AF028F9DC5D2D251BC13A43ABED4675413859", "8DD72BF6B48CC7E3A22134A69D2AE261895AD3165F7ABE79CDBBFB7F9422199F", "8DD909FE24E39D5874505166B8D4DCA106ADD7E41CD084DD454194B37E8998DB", "8EE72E8CA9356EACD897B0AE9E0921956BE9AE31189C579F552223847F5A3B9B", "8F39456B689B7B3239345CEE3BB6882722E86B4B05278F4F8EB15DF59EFBCAFC", "9089C63EA075732A2F18A9DEF551E15CB6F40EA0AE9BD8F8C0605D12A3FBDE92", "91B6BA027BFC49F4F23C4AB3FE83336E62B2EA9F0FC3AB35DBCA8F664E8F55C3", "9227F44B98DC730956D88AC42AE8B46EBF9254814F76864F68F9AD89E78F40E1", "928B26714FC24270FC86337E21BBA3EB76F0E528762596275CC586405FE80B05", "930FC3DBD61B7E8555AF191AB7E1E95834FBDFDFC85B66000C95954661FFE18D", "9402A23A301ED61C04A3BA04E8F035A34519475984DC44EE96709E1042712C31", "9461B23DBDFCC9C45ACA7AE476827AD44ADBC6048F675F99FD8C0E00A94791FE", "94848C16029BFBFBE812A2B6CFCEE6411F037DEBD2A6C55A94A29047D7DE9759", "94B0133D91DD1AAA87A9EB1F82E658000D52DE57AFAFF6E711787FF54BEEB5D7", "961E95FA88FD7A8C30DFE02BACBFE022B20A70E973DBD5962B95C70771F0CF07", "963C97708947B650528DD5B2F10F30BE9D3A2416B5003B02BA2A01BDEA29D732", "964EDC6CD9B7F054F4C96F9A72758F0466AA9B78A7A3E8AA96F516DFD1AB1CFD", "96F7970728800B0EA1F359155E0D440D3914E976DFC09CEAD452C7D7EA6BE61B", "990A0947B346D27E9EFAFE9E60CD230F937AAFF139879297F40C6C040F57EB70", "9A0B377B539E9EB3DEAE72601B316AC39529FEB48D77BA9C2660AD88E7DF662B", "9A2D4C1EC195390B272F126E69E1B55B908EBE9D951C7D586FF0AE36740528B8", "9ACD7329FC1F831F1AB2B7D915AB63D8F111A7045260F93F9D9FAD2B89A76E99", "9AE27752CE61B7806165EEC477048C9431337F2A610460AB42D12020D03EF964", "9AEF7943FC15601E8764D0053EBD7C1FB2D252A0A9CD314B104D203C2E9C2EB1", "9B3FAF8E25D910B37ECDE9CDDF654F23BFDC8BF7D845184A2769393D46FD9EC9", "9C49B3B910ACAB3C030BC5586AFC34DCFAEE7EC64D7D8447E2AADA6C76053457", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9C9974897D9032CCE40784D8D39546999D4563EDB691A9F8F85E7C125665ACFD", "9CF7AFC641D593C078C001F6D73228861A95BD08ECC59A04A92C63E668ABAD78", "9D9F8496AA1AAAE7CF135E4A6F86B7D8F86173A0E558AD93AA10046F0ACAAE6D", "9E20D1855575208AB10D7A37A8F732F5FB0995B4D096646EBC735EE1706B18C6", "9E3FCEB3C8DC76AD3152DBCC2EFEFAB5F229FFCEF4CF1D756D45190726CF3D0D", "9EB1478AE17D3EDFE567B0697D2C2B0577C9714D05F5A2E7A80B66D0034D89D9", "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "9F7403E8AEF30FAFBBEDCAA947D855EF987E8FD49503FA56BAF29681570597A0", "9FD0A2153D7653CA93FDABF4A80D4F63FFD425F2201F266B744D51C1F6F9AB82", "A0ECE071B650D8F5EC02E601175D0E3683680641E4438CAB1D935DEB21EBDD49", "A1443A5159346F026B4AD311838BD38F0642FFB9585AD38025A4F1C9922845F0", "A1907953628F052A8D862BBA6332A8418C4E0C8826FD9B3064449756F7540110", "A1D0CE295E9257EABF11496E4A797CF7C164CD524E3E6EB07DE1E1D5DAE4AA1B", "A363FD5475E83037358698D66188D32D3ADE4F4EE7F733C5F897EC6702FEAB73", "A3B4F0967E0C1C1A487870FFF59E4497A585F02D0364C6E8B5D6CCFA2E2267F1", "A3E7F139B83D02E368212C442273BA9F7CF9DBDD45BD643B507B7F78D0BB47F6", "A41DD61CB741B6A4172AD3E7F0BE5B692C5DC2F9AAF2A501BDAED1C866852504", "A49F9EFECEFD840DBA180620BA6247AF2908F0E8D2F8C691E6322205046D5645", "A4AE0AF45FF24755B952291D5F049C1F1600B9586D7F2B414441DBEBE6AEFB53", "A524C83841372B2C7BB001C2CDF6FFC10CDB518EB622DE10EDC078C05F18FC87", "A53AB047D484B7CEFC288D2B4D810DAC537F3F75E6129B90A28D4BE9DA746C2D", "A6B089124F750729C2A5DCFDD551701AB74968E1A86A4C4BE83273F5F8E1BE38", "A6D627905BD66181BD363C0FB51F6E2406835F2FAE676E7F5BDB38D19625CFEF", "A7D9F0241BE2D9397AAE8F1DD88653C257DBC2B8DC7B78A8F90BC6A60F559255", "A8C4FAE86EAE65D0C1F3A30200BC3B099B396436A3DF948A48B8B78AEF01300E", "A977772B859A989C23F9D03F6BB1473FEB11831BF12F062842D32AC4B76E47DA", "A9CFDC9D4807EDD132C8A5C5CC10D1E0ED146D4064FDA44CF9F4A843B35576CC", "AAF0BEDBC015A01019E62C3F3EABFB77695C303802ABD26EA8E7CF7ADE986442", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AC33843924B6A7415E2B5520B228A4C48ECE79D3ED971F29EAFD5A574C45E7BF", "AC54A5DAFA15D91044EA9FE6159829752BCD0E35D53719860B2A80D7AB2DBBA9", "AD38C68A33876D18A0E209E76DAFFA93CF8EFC1C5A82EC9AE2AB672BCFBEE893", "AE35DD3190D7F7B4F0189A58D913837044A6F9D55C22C84819A0A39C1C6D16D5", "AED94AF4E315E8E7BDF06C8D34600CE00152FB92595F55C751AE44CD3C6AAFFA", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "AF41BE48B7388AC88C7B7B04DE51E720BFB46F49D0B57B55AF8F7E065CF0DA02", "AF42BD53008E43A8F60AC336AAB63B4B1D9D0A7242D5CAF18118E642576D4117", "AFC9403AC32DA755BDF787A3109DD90725B60FC88550DD0DCFCF727CE478E948", "B065D5FBEE0500048771DD5D4E96DB98DECBC1A60732689D056C62E95ACFD6A1", "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "B0AAC7449E65CF150357BBDBC9E1E599F67978148C750B2FCBAB2FAEDE3E2E45", "B24A96EC081A0578A55C688511BE4ED453BC2B72438C6DF0DD5135F5FC69F4AA", "B2AF94E4B4104CFC171D34D738F1AFC4758C45D61D537CBC43031028CB7E0EA4", "B2D738D495357B6A6F988B5B24AFC26D143E96F8175777E6CE2CE15CDCD2E8E0", "B314C20BF91C600149F279A906C6EBEE84E73ADFE2036985C9D6023680EB2CA8", "B3921AD53237CD309893EF9A4039A94178B245A6C3604A14153D2DAE483A41EC", "B4010B4E21B127AA0A6CACC8E96F2406EAE6CDF71E449DF6FCA304D4DC567ADE", "B40D857E4678AFBAA0D279385B59057EF53B1641B344366F9AEA6C042767821D", "B45ABED8BD58C33A07263A55AF5D4FCACA1D1D4D41B9076C9B3E26F4C663C536", "B4ACC50FB3EFBFCDCC381ED7E344E2F40C781747A414909444C31FECCA264613", "B4C324A6FD8EF22AF23E006EF9A141FD3EBA5B12341EF67665F1428E1D1AA71F", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "B5F14721CB3CF1C884B72C16A99A8A84B07CD516016A63172B73890E30DDF2B6", "B61AB1D0CA790E1ACAC9798122DF79FFCF9B8B2580CDC33E702C953B7EF6B140", "B634FF2E7FC1F3330432FBCA9743C474852276C64003951811F2A870EB1D6D85", "B7A424C873301A7A2B8EF8982C7A86BA1B41420745EA0B4F60A2CEC435E80AB2", "B80E857F01B07BE9A7EE60BFD8FF52F82A16A63194D34BC2560D982812DC6722", "B8BB28CB59403D76B2A95C8494CFB748BC173FFC4D90F4B4EC299DE20491DE0A", "B907DA0F3696F949D350768CF81A7E26D19494D84E8C4C72E66014F34E409C6B", "B92350DAAF295761666E616275C53B448D53547B60DB7478FE3FCCE518028947", "B9410A108CEB6D3C9DFE0C1617FB34D181E021D243C3FB7F5DB35969D7C4CE52", "BA641051633E4D947A94268037F8B8865B6EE865868B44CAAC2ACF192C454E89", "BAC0ECD094048AB5764245E3813A4B3FD7B15C38CF78917E44082B74A378C2E8", "BBC19469EB9B90D82D15BF345DE6BD2F2984CAE6A5427AAEAFBF0699FD85D085", "BCF51D77CBD205786D05C4D39C68EB7B11A8D4D268F03AEF88EC8A6D66DD05DF", "BD03EE478D44A7C4C899090C9FF328560060F0170A87F64F2E81D7DD96BC3A37", "BD6AE1C01578D2358D9720998260BF5FCA8B53021F548065995F3783AB704E64", "BD9659A4CCD34A1F85D3F43EBB69A1C01B35156D02EAF7816113431881473F82", "BDDBE42B21DF45097105022FFBB1D313AFDC210A48C4D8EBAD230F44D2E8CBE1", "BE40ACF27D8AE17579CFB2450280D344E32F14B5AFCC639EDB71C9D294778D10", "BE6E8380C13D1103EE23BA2477B40F90E44B32F9B46BF16533F8DB60DB918AA5", "BE87D18966385196530BB6A07EE9BF3065B662716A4AB5C263377658C0F01C51", "BE9D2D904E7CA83543DFC946C3B3E45C2D3BCF72E299A05839DBB505E1C6FE03", "BFE9D544106C1541B7344450CDC8AF62BBFF45143A15E7B97523F39086B55E9A", "C03FA5EBB009D6B1F8AADC24B78B9ABD8ADACBA78E030EBADE0D37E5B4B8531B", "C08849A00434A559EE1C5504DAE1CDDB28E9D46EDC400E95B2136AC317DFE7A3", "C0CB005D40918A594B485753D241E190431C99968BA683F118D3A0D5E3AF3231", "C0E0D2198BF99C1965DFAEC1C11F4784E7D189F41F262015ECEE9E5333D57537", "C10705F215DD80AE7021E90A9B42B1F8197CBB3C7121FB8AFE422081A74A11EC", "C1450674E414C248C8B4650F7BC6D613589F7A314921C62363FD799A2F1FD089", "C2176C99849CD1D5066FA3528DC99CF72650196833F987B090744BC9DC861D30", "C2589DFBD09C40CB0ED3C14A127AD44309E3A47D40C1ABCBAA157F4307C403C7", "C288772B66D1EE7D2548AB9893315A88EF37DAAA5903A74756970E199AE4A91C", "C2CFA1DEAD18B4FC9084975943B8A115F5E71494D750B9381BE8C69C13EDB700", "C4201BA18FD219F4998B9CD1F31247B019E4B70DABFE54578652DCDBE9377D5D", "C46BF4200B36B22461916E9FBF0EA67604946795AF498449A8067A89DEC8E5F4", "C4A25CF6BA3F6E71753F4E3FF5296DCAEA56B938BAE00EF5CB5BBAB12BD4FE3F", "C55D668E9DAA959DD19BE97127802F50A829DCC234E975F8050767FE8AEFE217", "C5DC7E3B34A4B9A3DC0E8C0FAFE2DA531B9CD3D402160B1BD2722664BB8814ED", "C5DFD6DDF0D044C736F3F1427CBB14FC5CF33A1F5084FA65609536B85A5FB9AF", "C62AB624FA8E71A4B6F2CD73B6999128ACB4E32E342A53788D5DE28061D561B5", "C6A2AFF0EF2B8E8391E208A26CC244DDAA37A79AE231F45EB2CC27F7B2D07758", "C6D4C52AA4E7913CACAB54006C31C0C0025E51FC81576DEDD3859AF6EAC20DC7", "C81F745CADFCC259B2A14EBD6E680E0A8600116D12D6EBCDB31D0E333B902F2E", "C9A06C4BC1ACE55A17C7DD2D9DD98AA6FDEE59C9586CAFC2375754D88139C6F2", "C9A0F83DA43F98BB8749F1E06867002E1C69DB325BE1EE6ED8D3F245105C2D03", "CB2F2FB1A01CACB87D1CC3E387A764FC971F598C809C6359C82E48AEE7425658", "CBAE0492C38AA01FC003E13DF32DD0C20AADD9BC2874AEBB77AEE27AB42027B1", "CC1740D85628549D6FAC223D34127F158CD233478F25DBA7737A26EE508DE9C0", "CC1827A64689B74570896388F9C886597BB1BF215F1D08F69BBBFD770F5275A3", "CCEAF07B3C4566A99FF7B58897BFB19B97162AD85DD6BF5ED2A4C5775FDE77EC", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CDD5D9308405924ECE0A1229361AFBD87209C1702DF29EF3203AB9751206A3B4", "CEB27E785E600294CBB232BE2A4F87611DCB20D91D768C5E4A4B5C3B0D8D1D3A", "D06CD755DD4308E07BA22E8E6BEB92F9E30EE716DE6494CE9CFFE8486337E1E3", "D23B506F373F085D0D95234FF39AA0BCD38839F8B4D1BDF9584496C6B93F1F28", "D25E542BA06847406F0771CE578D65B5B33DC2B6075998991AD1E4B5FFA08DF6", "D25FC5FB8A8B1C59AB072CD2FAFBE0E65B654246DF1F523B2F0760F380BBA57D", "D298FA6BEB1855A11B72B3942004181440E190878F6AEBEF802D8B5D57A6AF14", "D2A8B7FD0D3A20180EBF8484490243C0DC038E552B987004A03D622D69BBA611", "D2DA907CE61C2922B06B26A8703271C7160B8BC26FC2454A769A36370BDF8D45", "D2E48469AB3A6F2B1FEAEFDF00F68B8BC2F210C7E3BBABA5556DFDE4C6DB7ECD", "D311C4613E37B27918A0B9E5911867460F3D21D634C309E0D56DB7349F67B74E", "D3418B2E96E89CF57CA80D7EF71EB4B4A624C51867F542D04AC6C83CF95EA96D", "D3570BE110B3783A332CB217427414271B851FB390E6F1A5E4F69FBA81F8C175", "D40F4EBCFB3B9B87FEAF81679D29B29159EB7F73B00C10EA2566C6CA1BAE5EDF", "D5A86407A1E7524D3163EB6F0FB9FE8BC066F582785B3CB1732BC9225609855C", "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "D66F1CF05D4FAEAA1D2A1BD6C942DFBCEFA7698121E07EA674D81BA77E984AF6", "D6D01193465D0489CF18524A794AA59CC76D91403E1F923FB9E1F5CD46E21E8A", "D6EF0A354BC60FD9763CCD91736DAA8B1445C437C0A7B30389216581A9447D9D", "D7007531075E41C1737535FBA94EACB87DF83DC9DEB1EC87D8FA448D6205D4F3", "D71ECE9054A0423D2796261CBA40257762AA9E2D7719136781F2B173EA9107E9", "D7B1C15A62F7B531F511A5EF0469D5FE65B9DE7B0ECEECEAB48E9146B08B3514", "D7FB374F1F666971D930971853DEE94DD556289B773317F7E0FC7C6FC4B491DF", "D807F98F285E9AA24C6982ECD7ECE986CC9DAEE3771B85EB11104E7DB3A38BAE", "D81266EEF9A30224B03C1D4084FE2FB22F1A32AE3AEF1D43DC3CA53C8F5BCAA6", "D995BFD7F2FE7D2B6BD9B254E3A2FFCCE7B6FC8B44FD9CE6285A91BD366E9BE9", "D9B33FAA9F87D18625F5A08EF5634D73168FBB4A49FD551EFF5B173DEC473E84", "D9F9C21739CE0374485FD9F451E99B1E3D3DD763F365282CE7DBE1FD581588A1", "DB22B3B68744FEE0B895F36BFE3C07C0C84967B87710DE01FEC11B662F3B8A89", "DB2B818A328E9D978E389CD017B47DF75CF8C64900E023A2B46B5D029C47E02F", "DB9BA983E7D2FAC653E24BEBCF41FC8BAB8D997E65F48954297E2FCB8153E17F", "DBC08F11E8C546F68BF3DB9830663489611F4366FD7EB52BF39808F516F3BEA2", "DBF3688DBA798444F3C298FA2AC7CFA893F49EE4F4F4469F192EA874C9A777D6", "DCF6197D1AF8FED8B2A2B076D22A3501063C90026F751721EA8B0587D5B4BFA9", "DD603376FFA47617C5E01EED76B19ACD3F19C889C704DD757CD908D1F8527392", "DF1E63CF8B14528F156628BE21730C46B9AD6FEBFA9BE46C21DFFEFE8A0D3852", "DF1E9BDB92169D884822F099433AE49D99725BDE57D69AD10D1A2ADE2C7BF3E0", "DF2FC0B1420212BB78955490428FBA3501667C1A87AEB0E90321C51D586BA283", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E08ECA9D338354D63D75E5F0CEFE7A9EAB8C4F5A20A29A033BF48E7765D9BAFF", "E0C9BAECEFA76A39F668375CCE1FEF586F0BFB09CFFC885A638463548385207C", "E113332A5414D5938986A807B55833A60DA76B753C924BAD31BD440A18A61C93", "E12AC4164A95297C0432973D30F603FA386B4210C32C90DA21EC4D23B1C17983", "E1956B84C4A8A327CE88C2A393674D2E29754B0D0DE5EA9CD732916AC207C1B2", "E19B380C2BF0F26DFDCBADD37C1B7D4A13ED463E7B4B4ECE7EEEC8895D5690CB", "E3BAE9A30B20D04512C7C16881BAE14D80726FD5F24F3B32C3DF1C51B000477A", "E410710A81FC685FE45ADC2C5389D76BEA00C26109AA8757AC86027F3C12F1A8", "E47CC3D807E088442F7028350C85D08162FCCBC6A1643D768407619ABA4B9399", "E54048B186E2B0430A492A11B734CD6DBAB437E3800A622970DF288484B9F9CA", "E57295B2DF96E63714F13E4379EC8E7A499283CEEA7CE0853AF9B05661E32ED1", "E600E0C30FA57438BAA328F6729F104613C088264EDBAF41A037C964282DC8A6", "E6153C35BD44471C95F1EFEED9B29C46E12A43C017CCADB1D87BD84154E4A620", "E61A4CE8E97A4A1CE60ACE22E091D7CD4A74C3373C60F6C37FCB9C0EFB0E10EC", "E6339192F4D5A34C5450757F6F89CD12C85BA22B7375FD57D5B1C48F67C117CC", "E6539A3BB2EB04D867564E210333C561765406B8A7B65151CA32F4CE21B0AE0B", "E675D51A7FB510C24E511865634B3A1ABAF3FFDC2E1EE1FB4F121D91BADD2E7D", "E709674FBABF3ACF153296465B387FAF06F18F887BD2A7754503B905294A1BED", "E79B1CBF1524EDF0CFB25255419FAA5ADAFCD6176139338206646C7E39D87AC8", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "E8502415402D8DEE3757A91FDF5FC83A369265B0F5E2AE2A7246A3FC800EEE8B", "E8D1954E7F4E50A7F1CC861CDAF69D1A363FA2EE425AF143C971F230E8015C10", "E9094C448DDFA53F1801F49370E9B1301873155775CFD8E4A6A53500E27FBB43", "E94DE2A00A2C1D8282756AE6867DE9CFD231A5D1A7411CA8146CFF2E3FD9CE7D", "E9815A3B04E1EB0668298517258C04B83A614591F0C92919380E17504AB710DE", "E9B780D055080864EB3A1A2DBD34CE1F44CB522B4C3916540A535B3B9DC19BC6", "EA74E641E79A078A4FD722F20D029127AA1107DE269BC715ABDD7893A034774D", "EB20B672B0F8880C0E9D8D5292F68305326883CCEA193494DABCBD14BB06A184", "EB29912BA3125220228A3E0ECE64F9A835E8E7C353B5EDF3F1E3E9C50AA8FC18", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EB67E51171F7C34A22B244E03166CB1F7D74162E476DCFA216B46A44310996E5", "EC3E23A99CFAAD88B2FA49B712651D754EE84446F6DFEB6CC3571A65A744E234", "EC68A07B2C3DAE1C815890F259C28E42A77D5A3444423C6A6324A3D881B16265", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "EC972C692BE3023B72017E1A0E500647A4508BA18E2201793D3A30F3A4FFF8F1", "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "EE31FC377D70F6E35C21A71191A7230C6A2677EB248387944F83CA0C5657975F", "EE7CE47E45F000B20D959427D19E89321C1C0E7DA85CD2ADF5A37945584874DC", "EE8BF9A0EF2479FC1B1957C736D189D791B61FA235FC54164370BEB1A326EBB9", "EF1E86E8C1821B2FE6F241A7F8B0060DAE69EB57B79276256A296E2116C4F120", "F06BAB24D9E4E17DD0677BA61DD3C1AC11E4C85147BBF86EE8D3A92E535C3E14", "F08BFDC36857BBE15067A0715EC82D384F74D0BB5D6D364E364213D123C8F27A", "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "F38918D5F16993392DB8CEDA2D060D93DC7FA6787985A4BA01F2EC5B7D425F88", "F5BA0AA514CF99CA86DFB280C43745FF52D52633170D1E545ACF89151C65EEF0", "F5D69384E79508ECF3D6B7C440049FE6823228F992C7519603AA316546A8DE60", "F631FBF3345C07F81D82B960695E1646F617E669785B8F63DB760D886F1B2C12", "F665A1245FF1694ED9B578D35C955B51DAA051F90350DA793AFAC0D05F2DCC0B", "F6F81EC2A93E77E4D599C827E29E48EFC512C7EB406ED8ADA47D239D81A82F3B", "F7641FBFC3FEE710BEC608E58B5B1DE011444B647312DE547514C14638035FCC", "F76E0893657D8DCCB46BCF1747D9BBFAC71F1F913691D424A22E90E2BA8CF4BA", "F7AEEAE35D7C39B759348EB1CEE9E7D07D0AE01CE51CB6E2A84C28B058E529B8", "F7E1CAC0E2569CD705FDF2647847BBFB6470C947C882660EA9E0BDE39C5B8D58", "F9ADD5C0B29D5EA4036B7F3A5477FA4502428CD7F7F7ABD1AF85EE16C6650D8F", "FA01F274F8BDB18D853D26418F5635CA08231E1E4CEC615047C15F573CF29B71", "FA3C7B721E4B1CAF2DD4403DE9BF7931562B63D98C19B634C38865E05C45DF36", "FBF8D5380A8667F5D239F868F077DAD8E14459BF18DCA6E0C2C65E35815C9F4A", "FC11BDFA06F8AE2CCC0E004BB77D2A5377449EC01FA48D28B2951E08F4BE20A7", "FC4C804F44282D78247FA90BC4C8C855819430A02725094AC97DBD89D0227589", "FCF66C1A96FDC8625BB9D927E042CEAA982B68F998C9AFCE8CBB28E803F9F816", "FD942787DB7C05823C3BFCBB721E269B5810D06151CEBF8E45B4B69122D837D7", "FE67874D43BC98A053A0BF58006D9985B49884BE885879B16D23006930E8AE3F"]}, {"type": "ics", "idList": ["ICSA-17-094-04", "ICSMA-18-058-02"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:4F187FDBA230373382F26BA12E00F8E7"]}, {"type": "jvn", "idList": ["JVN:89379547"]}, {"type": "kaspersky", "idList": ["KLA10359", "KLA10447", "KLA10452", "KLA10505", "KLA10507", "KLA10530", "KLA10570", "KLA10732", "KLA10743"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146", "KITPLOIT:7553690576096019209"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-NOSID", "LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500048-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2014-0292", "MGASA-2014-0416", "MGASA-2014-0422", "MGASA-2014-0489", "MGASA-2014-0490", "MGASA-2014-0507", "MGASA-2014-0550", "MGASA-2015-0037", "MGASA-2016-0048", "MGASA-2016-0260"]}, {"type": "mozilla", "idList": ["MFSA2015-150"]}, {"type": "myhack58", "idList": ["MYHACK58:62201784367", "MYHACK58:62201787046"]}, {"type": "nessus", "idList": ["700649.PRM", "700654.PRM", "700700.PASL", "8332.PRM", "8550.PRM", "8552.PRM", "8562.PRM", "8897.PRM", "9076.PRM", "9081.PRM", "9700.PRM", "9701.PRM", "9714.PRM", "9719.PRM", "9904.PRM", "9905.PRM", "9941.PRM", "9989.PRM", "9990.PRM", "ACTIVEMQ_5_15_5.NASL", "AIX_BIND_NETTCP_ADVISORY2.NASL", "AIX_IV69768.NASL", "AIX_IV73316.NASL", "AIX_IV73319.NASL", "AIX_IV73324.NASL", "AIX_IV73416.NASL", "AIX_IV73417.NASL", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV73973.NASL", "AIX_IV73974.NASL", "AIX_IV73975.NASL", "AIX_IV73976.NASL", "AIX_IV78624.NASL", "AIX_IV78625.NASL", "AIX_IV79070.NASL", "AIX_IV79071.NASL", "AIX_IV79072.NASL", "AIX_IV82327.NASL", "AIX_IV82328.NASL", "AIX_IV82330.NASL", "AIX_IV82331.NASL", "AIX_IV82412.NASL", "AIX_IV86116.NASL", "AIX_IV86117.NASL", "AIX_IV86118.NASL", "AIX_IV86119.NASL", "AIX_IV86120.NASL", "AIX_IV86132.NASL", "AIX_IV88957.NASL", "AIX_IV88959.NASL", "AIX_IV88960.NASL", "AIX_JAVA_FEB2015_ADVISORY.NASL", "AIX_JAVA_JAN2016_ADVISORY.NASL", "AIX_JAVA_JUL2014_ADVISORY.NASL", "AIX_JAVA_OCT2014_ADVISORY.NASL", "AIX_OPENSSL_ADVISORY11.NASL", "AIX_OPENSSL_ADVISORY16.NASL", "ALA_ALAS-2014-383.NASL", "ALA_ALAS-2014-387.NASL", "ALA_ALAS-2014-426.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2014-430.NASL", "ALA_ALAS-2014-431.NASL", "ALA_ALAS-2014-432.NASL", "ALA_ALAS-2015-471.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2015-480.NASL", "ALA_ALAS-2016-643.NASL", "ALA_ALAS-2016-645.NASL", "ALA_ALAS-2016-647.NASL", "ALA_ALAS-2016-651.NASL", "ALA_ALAS-2016-654.NASL", "ALA_ALAS-2016-661.NASL", "ALA_ALAS-2016-736.NASL", "APACHE_TRAFFIC_SERVER_511.NASL", "APPLETV_7_0_1.NASL", "APPLE_IOS_81_CHECK.NBIN", "ASTERISK_AST_2014_011.NASL", "CENTOS_RHSA-2014-0889.NASL", "CENTOS_RHSA-2014-0890.NASL", "CENTOS_RHSA-2014-0907.NASL", "CENTOS_RHSA-2014-1620.NASL", "CENTOS_RHSA-2014-1633.NASL", "CENTOS_RHSA-2014-1634.NASL", "CENTOS_RHSA-2014-1636.NASL", "CENTOS_RHSA-2014-1652.NASL", "CENTOS_RHSA-2014-1653.NASL", "CENTOS_RHSA-2014-1948.NASL", "CENTOS_RHSA-2015-0067.NASL", "CENTOS_RHSA-2015-0068.NASL", "CENTOS_RHSA-2015-0069.NASL", "CENTOS_RHSA-2015-0085.NASL", "CENTOS_RHSA-2016-0007.NASL", "CENTOS_RHSA-2016-0008.NASL", "CENTOS_RHSA-2016-0012.NASL", "CENTOS_RHSA-2016-0049.NASL", "CENTOS_RHSA-2016-0050.NASL", "CENTOS_RHSA-2016-0053.NASL", "CENTOS_RHSA-2016-0054.NASL", "CENTOS_RHSA-2016-0067.NASL", "CENTOS_RHSA-2016-2599.NASL", "CHECK_POINT_GAIA_SK103683.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-CUCM.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "CISCO_ANYCONNECT_3_1_5187.NASL", "CUPS_2_0_1.NASL", "DEBIAN_DLA-157.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-400.NASL", "DEBIAN_DLA-410.NASL", "DEBIAN_DLA-443.NASL", "DEBIAN_DLA-528.NASL", "DEBIAN_DLA-529.NASL", "DEBIAN_DLA-81.NASL", "DEBIAN_DLA-96.NASL", "DEBIAN_DSA-2980.NASL", "DEBIAN_DSA-2987.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3077.NASL", "DEBIAN_DSA-3080.NASL", "DEBIAN_DSA-3144.NASL", "DEBIAN_DSA-3147.NASL", "DEBIAN_DSA-3253.NASL", "DEBIAN_DSA-3436.NASL", "DEBIAN_DSA-3437.NASL", "DEBIAN_DSA-3457.NASL", "DEBIAN_DSA-3458.NASL", "DEBIAN_DSA-3465.NASL", "DEBIAN_DSA-3489.NASL", "DEBIAN_DSA-3491.NASL", "DEBIAN_DSA-3500.NASL", "DEBIAN_DSA-3504.NASL", "DEBIAN_DSA-3609.NASL", "DEBIAN_DSA-3611.NASL", "DEBIAN_DSA-3614.NASL", "DEBIAN_DSA-3688.NASL", "DOMINO_SWG21992835.NASL", "EULEROS_SA-2016-1054.NASL", "EULEROS_SA-2019-1388.NASL", "EULEROS_SA-2019-1400.NASL", "EULEROS_SA-2019-2509.NASL", "F5_BIGIP_SOL02201365.NASL", "F5_BIGIP_SOL10065173.NASL", "F5_BIGIP_SOL50118123.NASL", "FEDORA_2014-10171.NASL", "FEDORA_2014-10322.NASL", "FEDORA_2014-12951.NASL", "FEDORA_2014-13012.NASL", "FEDORA_2014-13069.NASL", "FEDORA_2014-13399.NASL", "FEDORA_2014-13647.NASL", "FEDORA_2014-13764.NASL", "FEDORA_2014-13777.NASL", "FEDORA_2014-13781.NASL", "FEDORA_2014-13794.NASL", "FEDORA_2014-14217.NASL", "FEDORA_2014-14234.NASL", "FEDORA_2014-14237.NASL", "FEDORA_2014-15379.NASL", "FEDORA_2014-15390.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17576.NASL", "FEDORA_2014-17587.NASL", "FEDORA_2015-2087.NASL", "FEDORA_2015-9090.NASL", "FEDORA_2015-9110.NASL", "FEDORA_2016-0A4DCCDD23.NASL", "FEDORA_2016-2B0C16FD82.NASL", "FEDORA_2016-F4A443888B.NASL", "FREEBSD_PKG_03175E62549411E49CC1BC5FF4FB5E7B.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_0DAD911460CC11E49E840022156E8794.NASL", "FREEBSD_PKG_10F7BC7603354A88B3910B05B3A8CE1C.NASL", "FREEBSD_PKG_384FC0B2014411E58FDA002590263BF5.NASL", "FREEBSD_PKG_61B8C3594AAB11E6A7BD14DAE9D210B8.NASL", "FREEBSD_PKG_76C7A0F5592811E4ADC7001999F8D30B.NASL", "FREEBSD_PKG_9E5BBFFCD8AC11E5B2BD002590263BF5.NASL", "FREEBSD_PKG_CBCEEB493BC711E68E82002590263BF5.NASL", "GENTOO_GLSA-201411-10.NASL", "GENTOO_GLSA-201502-12.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201603-14.NASL", "GENTOO_GLSA-201605-06.NASL", "GENTOO_GLSA-201606-11.NASL", "GENTOO_GLSA-201607-17.NASL", "GENTOO_GLSA-201610-08.NASL", "GENTOO_GLSA-201701-46.NASL", "GENTOO_GLSA-201705-09.NASL", "GENTOO_GLSA-201706-18.NASL", "GENTOO_GLSA-201801-15.NASL", "GENTOO_GLSA-202107-39.NASL", "GLASSFISH_CPU_APR_2015.NASL", "GLASSFISH_CPU_OCT_2017.NASL", "HPSMH_7_4_1.NASL", "HP_SITESCOPE_HPSBMU03184.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "IBM_DOMINO_SWG21693142.NASL", "IBM_GPFS_ISG3T1021546_WINDOWS.NASL", "IBM_HTTP_SERVER_521711.NASL", "IBM_JAVA_2016_01_19.NASL", "IBM_RATIONAL_CLEARQUEST_8_0_1_6.NASL", "JUNIPER_SPACE_JSA10659.NASL", "MACOSX_10_10.NASL", "MACOSX_10_10_2.NASL", "MACOSX_CISCO_ANYCONNECT_3_1_5187.NASL", "MACOSX_SECUPD2014-005.NASL", "MACOSX_SECUPD2015-001.NASL", "MACOSX_SERVER_2_2_5.NASL", "MACOSX_SERVER_3_2_2.NASL", "MACOSX_SERVER_4_0.NASL", "MACOSX_SERVER_4_1.NASL", "MACOSX_XCODE_7_0.NASL", "MANDRIVA_MDVSA-2014-141.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "MANDRIVA_MDVSA-2014-209.NASL", "MANDRIVA_MDVSA-2014-218.NASL", "MANDRIVA_MDVSA-2014-252.NASL", "MANDRIVA_MDVSA-2015-033.NASL", "MANDRIVA_MDVSA-2015-062.NASL", "MANDRIVA_MDVSA-2015-198.NASL", "MYSQL_ENTERPRISE_MONITOR_3_3_3_1199.NASL", "NEWSTART_CGSL_NS-SA-2019-0033_OPENSSL.NASL", "OPENSSL_0_9_8ZC.NASL", "OPENSSL_1_0_0O.NASL", "OPENSSL_1_0_1J.NASL", "OPENSUSE-2014-605.NASL", "OPENSUSE-2014-640.NASL", "OPENSUSE-2014-647.NASL", "OPENSUSE-2014-671.NASL", "OPENSUSE-2014-772.NASL", "OPENSUSE-2014-773.NASL", "OPENSUSE-2015-91.NASL", "OPENSUSE-2015-978.NASL", "OPENSUSE-2016-105.NASL", "OPENSUSE-2016-1056.NASL", "OPENSUSE-2016-106.NASL", "OPENSUSE-2016-107.NASL", "OPENSUSE-2016-110.NASL", "OPENSUSE-2016-115.NASL", "OPENSUSE-2016-126.NASL", "OPENSUSE-2016-129.NASL", "OPENSUSE-2016-1339.NASL", "OPENSUSE-2016-225.NASL", "OPENSUSE-2016-282.NASL", "OPENSUSE-2016-294.NASL", "OPENSUSE-2016-351.NASL", "OPENSUSE-2016-370.NASL", "OPENSUSE-2016-59.NASL", "OPENSUSE-2016-6.NASL", "OPENSUSE-2016-60.NASL", "OPENSUSE-2017-459.NASL", "ORACLELINUX_ELSA-2014-0889.NASL", "ORACLELINUX_ELSA-2014-0890.NASL", "ORACLELINUX_ELSA-2014-0907.NASL", "ORACLELINUX_ELSA-2014-1620.NASL", "ORACLELINUX_ELSA-2014-1633.NASL", "ORACLELINUX_ELSA-2014-1634.NASL", "ORACLELINUX_ELSA-2014-1636.NASL", "ORACLELINUX_ELSA-2014-1652.NASL", "ORACLELINUX_ELSA-2014-1653.NASL", "ORACLELINUX_ELSA-2014-1948.NASL", "ORACLELINUX_ELSA-2015-0067.NASL", "ORACLELINUX_ELSA-2015-0068.NASL", "ORACLELINUX_ELSA-2015-0069.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2016-0007.NASL", "ORACLELINUX_ELSA-2016-0008.NASL", "ORACLELINUX_ELSA-2016-0012.NASL", "ORACLELINUX_ELSA-2016-0049.NASL", "ORACLELINUX_ELSA-2016-0050.NASL", "ORACLELINUX_ELSA-2016-0053.NASL", "ORACLELINUX_ELSA-2016-0054.NASL", "ORACLELINUX_ELSA-2016-0067.NASL", "ORACLELINUX_ELSA-2016-2599.NASL", "ORACLEVM_OVMSA-2014-0032.NASL", "ORACLEVM_OVMSA-2014-0037.NASL", "ORACLEVM_OVMSA-2014-0038.NASL", "ORACLEVM_OVMSA-2014-0039.NASL", "ORACLEVM_OVMSA-2014-0040.NASL", "ORACLEVM_OVMSA-2014-0041.NASL", "ORACLEVM_OVMSA-2015-0068.NASL", "ORACLEVM_OVMSA-2016-0001.NASL", "ORACLEVM_OVMSA-2016-0049.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLEVM_OVMSA-2020-0039.NASL", "ORACLE_BI_PUBLISHER_JUL_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_APR_2017_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL", "ORACLE_JAVA_CPU_JAN_2015.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2016.NASL", "ORACLE_JAVA_CPU_JAN_2016_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2014.NASL", "ORACLE_JAVA_CPU_JUL_2014_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2014.NASL", "ORACLE_JAVA_CPU_OCT_2014_UNIX.NASL", "ORACLE_JROCKIT_CPU_JAN_2015.NASL", "ORACLE_JROCKIT_CPU_JAN_2016.NASL", "ORACLE_JROCKIT_CPU_JUL_2014.NASL", "ORACLE_JROCKIT_CPU_OCT_2014.NASL", "ORACLE_RDBMS_CPU_JUL_2017.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "ORACLE_WEBCENTER_SITES_APR_2018_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2015.NBIN", "PUPPET_ENTERPRISE_331.NASL", "REDHAT-RHSA-2014-0889.NASL", "REDHAT-RHSA-2014-0890.NASL", "REDHAT-RHSA-2014-0902.NASL", "REDHAT-RHSA-2014-0907.NASL", "REDHAT-RHSA-2014-0908.NASL", "REDHAT-RHSA-2014-1033.NASL", "REDHAT-RHSA-2014-1036.NASL", "REDHAT-RHSA-2014-1041.NASL", "REDHAT-RHSA-2014-1042.NASL", "REDHAT-RHSA-2014-1620.NASL", "REDHAT-RHSA-2014-1633.NASL", "REDHAT-RHSA-2014-1634.NASL", "REDHAT-RHSA-2014-1636.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1657.NASL", "REDHAT-RHSA-2014-1658.NASL", "REDHAT-RHSA-2014-1692.NASL", "REDHAT-RHSA-2014-1876.NASL", "REDHAT-RHSA-2014-1877.NASL", "REDHAT-RHSA-2014-1880.NASL", "REDHAT-RHSA-2014-1881.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2014-1948.NASL", "REDHAT-RHSA-2015-0067.NASL", "REDHAT-RHSA-2015-0068.NASL", "REDHAT-RHSA-2015-0069.NASL", "REDHAT-RHSA-2015-0079.NASL", "REDHAT-RHSA-2015-0080.NASL", "REDHAT-RHSA-2015-0085.NASL", "REDHAT-RHSA-2015-0086.NASL", "REDHAT-RHSA-2015-0133.NASL", "REDHAT-RHSA-2015-0134.NASL", "REDHAT-RHSA-2015-0135.NASL", "REDHAT-RHSA-2015-0136.NASL", "REDHAT-RHSA-2015-0263.NASL", "REDHAT-RHSA-2015-0264.NASL", "REDHAT-RHSA-2015-0698.NASL", "REDHAT-RHSA-2015-1545.NASL", "REDHAT-RHSA-2015-1546.NASL", "REDHAT-RHSA-2016-0007.NASL", "REDHAT-RHSA-2016-0008.NASL", "REDHAT-RHSA-2016-0012.NASL", "REDHAT-RHSA-2016-0049.NASL", "REDHAT-RHSA-2016-0050.NASL", "REDHAT-RHSA-2016-0053.NASL", "REDHAT-RHSA-2016-0054.NASL", "REDHAT-RHSA-2016-0055.NASL", "REDHAT-RHSA-2016-0056.NASL", "REDHAT-RHSA-2016-0057.NASL", "REDHAT-RHSA-2016-0067.NASL", "REDHAT-RHSA-2016-0098.NASL", "REDHAT-RHSA-2016-0099.NASL", "REDHAT-RHSA-2016-0100.NASL", "REDHAT-RHSA-2016-0101.NASL", "REDHAT-RHSA-2016-1430.NASL", "REDHAT-RHSA-2016-2069.NASL", "REDHAT-RHSA-2016-2072.NASL", "REDHAT-RHSA-2016-2599.NASL", "REDHAT-RHSA-2016-2807.NASL", "REDHAT-RHSA-2017-0455.NASL", "REDHAT-RHSA-2017-0456.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20140721_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20141015_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20141015_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20141015_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20141015_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20141016_OPENSSL_ON_SL5_X.NASL", "SL_20141016_OPENSSL_ON_SL6_X.NASL", "SL_20141202_NSS__NSS_UTIL__AND_NSS_SOFTOKN_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20150121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20150121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20150126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20160107_GNUTLS_ON_SL6_X.NASL", "SL_20160107_NSS_ON_SL6_X.NASL", "SL_20160107_OPENSSL_ON_SL6_X.NASL", "SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20160120_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20160126_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20161103_TOMCAT_ON_SL7_X.NASL", "SMB_KB3009008.NASL", "SOLARIS10_142824-24.NASL", "SOLARIS11_OPENSSL_20141104.NASL", "SOLARWINDS_DAMEWARE_MINI_REMOTE_CONTROL_V12_0_HOTFIX_2.NASL", "SOLARWINDS_SRM_PROFILER_6_2_3.NASL", "SPLUNK_5011.NASL", "SPLUNK_607.NASL", "SSL_POODLE.NASL", "STUNNEL_5_06.NASL", "SUSE_11_COMPAT-OPENSSL097G-141202.NASL", "SUSE_11_JAVA-1_6_0-IBM-140815.NASL", "SUSE_11_JAVA-1_6_0-IBM-141119.NASL", "SUSE_11_JAVA-1_7_0-IBM-140815.NASL", "SUSE_11_JAVA-1_7_0-IBM-141121.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-140721.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-141024.NASL", "SUSE_11_JAVA-1_7_0-OPENJDK-150206.NASL", "SUSE_11_LIBOPENSSL-DEVEL-141024.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_11_SUSEREGISTER-141121.NASL", "SUSE_SU-2014-1387-1.NASL", "SUSE_SU-2014-1422-1.NASL", "SUSE_SU-2014-1512-1.NASL", "SUSE_SU-2014-1524-1.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2016-0149-1.NASL", "SUSE_SU-2016-0189-1.NASL", "SUSE_SU-2016-0256-1.NASL", "SUSE_SU-2016-0265-1.NASL", "SUSE_SU-2016-0269-1.NASL", "SUSE_SU-2016-0390-1.NASL", "SUSE_SU-2016-0428-1.NASL", "SUSE_SU-2016-0431-1.NASL", "SUSE_SU-2016-0433-1.NASL", "SUSE_SU-2016-0584-1.NASL", "SUSE_SU-2016-0636-1.NASL", "SUSE_SU-2016-0770-1.NASL", "SUSE_SU-2016-0776-1.NASL", "SUSE_SU-2016-1457-1.NASL", "SUSE_SU-2016-2285-1.NASL", "SUSE_SU-2016-2329-1.NASL", "SUSE_SU-2016-2396-1.NASL", "TOMCAT_6_0_43.NASL", "TOMCAT_7_0_57.NASL", "TOMCAT_7_0_70.NASL", "TOMCAT_8_0_15.NASL", "UBUNTU_USN-2312-1.NASL", "UBUNTU_USN-2319-1.NASL", "UBUNTU_USN-2319-2.NASL", "UBUNTU_USN-2319-3.NASL", "UBUNTU_USN-2386-1.NASL", "UBUNTU_USN-2388-1.NASL", "UBUNTU_USN-2388-2.NASL", "UBUNTU_USN-2486-1.NASL", "UBUNTU_USN-2487-1.NASL", "UBUNTU_USN-2863-1.NASL", "UBUNTU_USN-2864-1.NASL", "UBUNTU_USN-2865-1.NASL", "UBUNTU_USN-2866-1.NASL", "UBUNTU_USN-2884-1.NASL", "UBUNTU_USN-2885-1.NASL", "UBUNTU_USN-2904-1.NASL", "UBUNTU_USN-2923-1.NASL", "UBUNTU_USN-3024-1.NASL", "UBUNTU_USN-3027-1.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-LINUX.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-VAPP.NASL", "VCENTER_OPERATIONS_MANAGER_VMSA_2015-0003-WIN.NASL", "VMWARE_ESXI_5_5_BUILD_2352327_REMOTE.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VCENTER_CHARGEBACK_MANAGER_VMSA_2015_0003.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2014-0012.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2015-0003.NASL", "VMWARE_VCENTER_VMSA-2014-0012.NASL", "VMWARE_VCENTER_VMSA-2015-0001.NASL", "VMWARE_VCENTER_VMSA-2015-0003.NASL", "VMWARE_VMSA-2015-0001.NASL", "VMWARE_WORKSPACE_PORTAL_VMSA2015-0003.NASL", "WEBSPHERE_547999.NASL", "WEBSPHERE_7_0_0_37.NASL", "WEBSPHERE_8_0_0_10.NASL", "WEBSPHERE_8_5_5_11.NASL", "WEBSPHERE_8_5_5_3.NASL", "WEBSPHERE_8_5_5_4.NASL", "WEBSPHERE_8_5_5_5.NASL", "WEBSPHERE_8_5_5_9.NASL", "WEBSPHERE_9_0_0_3.NASL", "WEBSPHERE_CVE-2017-1380.NASL", "WEBSPHERE_CVE-2017-1382.NASL", "WEBSPHERE_JAVA_SERIALIZE.NASL", "WEBSPHERE_SWG21993797.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL", "XEROX_XRX15AM.NASL"]}, {"type": "nmap", "idList": ["NMAP:SSL-POODLE.NSE"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105190", "OPENVAS:1361412562310105191", "OPENVAS:1361412562310105283", "OPENVAS:1361412562310105413", "OPENVAS:1361412562310105424", "OPENVAS:1361412562310105549", "OPENVAS:1361412562310105835", "OPENVAS:1361412562310105950", "OPENVAS:1361412562310108393", "OPENVAS:1361412562310108403", "OPENVAS:1361412562310108410", "OPENVAS:1361412562310108411", "OPENVAS:1361412562310111012", "OPENVAS:1361412562310120010", "OPENVAS:1361412562310120188", "OPENVAS:1361412562310120189", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120288", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310120341", "OPENVAS:1361412562310120343", "OPENVAS:1361412562310120344", "OPENVAS:1361412562310120409", "OPENVAS:1361412562310120633", "OPENVAS:1361412562310120635", "OPENVAS:1361412562310120637", "OPENVAS:1361412562310120641", "OPENVAS:1361412562310120644", "OPENVAS:1361412562310120651", "OPENVAS:1361412562310120725", "OPENVAS:1361412562310121285", "OPENVAS:1361412562310121351", "OPENVAS:1361412562310121395", "OPENVAS:1361412562310121456", "OPENVAS:1361412562310122815", "OPENVAS:1361412562310122816", "OPENVAS:1361412562310122819", "OPENVAS:1361412562310122850", "OPENVAS:1361412562310122853", "OPENVAS:1361412562310122856", "OPENVAS:1361412562310122857", "OPENVAS:1361412562310122860", "OPENVAS:1361412562310122888", "OPENVAS:1361412562310123198", "OPENVAS:1361412562310123200", "OPENVAS:1361412562310123201", "OPENVAS:1361412562310123202", "OPENVAS:1361412562310123269", "OPENVAS:1361412562310123278", "OPENVAS:1361412562310123286", "OPENVAS:1361412562310123287", "OPENVAS:1361412562310123291", "OPENVAS:1361412562310123373", "OPENVAS:1361412562310123381", "OPENVAS:1361412562310123382", "OPENVAS:1361412562310131212", "OPENVAS:1361412562310140161", "OPENVAS:1361412562310702980", "OPENVAS:1361412562310702987", "OPENVAS:1361412562310703053", "OPENVAS:1361412562310703077", "OPENVAS:1361412562310703080", "OPENVAS:1361412562310703144", "OPENVAS:1361412562310703147", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703436", "OPENVAS:1361412562310703437", "OPENVAS:1361412562310703457", "OPENVAS:1361412562310703458", "OPENVAS:1361412562310703465", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310703491", "OPENVAS:1361412562310703500", "OPENVAS:1361412562310703504", "OPENVAS:1361412562310703609", "OPENVAS:1361412562310703611", "OPENVAS:1361412562310703614", "OPENVAS:1361412562310703688", "OPENVAS:1361412562310802087", "OPENVAS:1361412562310804687", "OPENVAS:1361412562310804862", "OPENVAS:1361412562310805266", "OPENVAS:1361412562310806125", "OPENVAS:1361412562310806126", "OPENVAS:1361412562310806624", "OPENVAS:1361412562310806669", "OPENVAS:1361412562310806872", "OPENVAS:1361412562310806874", "OPENVAS:1361412562310806952", "OPENVAS:1361412562310806953", "OPENVAS:1361412562310806954", "OPENVAS:1361412562310806955", "OPENVAS:1361412562310808197", "OPENVAS:1361412562310808618", "OPENVAS:1361412562310808703", "OPENVAS:1361412562310809211", "OPENVAS:1361412562310809213", "OPENVAS:1361412562310810232", "OPENVAS:1361412562310810233", "OPENVAS:1361412562310810747", "OPENVAS:1361412562310810979", "OPENVAS:1361412562310811250", "OPENVAS:1361412562310811254", "OPENVAS:1361412562310841928", "OPENVAS:1361412562310841936", "OPENVAS:1361412562310841944", "OPENVAS:1361412562310841968", "OPENVAS:1361412562310842010", "OPENVAS:1361412562310842012", "OPENVAS:1361412562310842026", "OPENVAS:1361412562310842076", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842593", "OPENVAS:1361412562310842594", "OPENVAS:1361412562310842596", "OPENVAS:1361412562310842597", "OPENVAS:1361412562310842626", "OPENVAS:1361412562310842630", "OPENVAS:1361412562310842680", "OPENVAS:1361412562310842682", "OPENVAS:1361412562310842823", "OPENVAS:1361412562310842824", "OPENVAS:1361412562310850621", "OPENVAS:1361412562310850671", "OPENVAS:1361412562310850771", "OPENVAS:1361412562310850791", "OPENVAS:1361412562310850800", "OPENVAS:1361412562310850849", "OPENVAS:1361412562310850875", "OPENVAS:1361412562310850889", "OPENVAS:1361412562310850910", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850955", "OPENVAS:1361412562310850983", "OPENVAS:1361412562310850985", "OPENVAS:1361412562310851170", "OPENVAS:1361412562310851171", "OPENVAS:1361412562310851174", "OPENVAS:1361412562310851175", "OPENVAS:1361412562310851180", "OPENVAS:1361412562310851185", "OPENVAS:1361412562310851203", "OPENVAS:1361412562310851223", "OPENVAS:1361412562310851239", "OPENVAS:1361412562310851252", "OPENVAS:1361412562310851323", "OPENVAS:1361412562310868191", "OPENVAS:1361412562310868415", "OPENVAS:1361412562310868417", "OPENVAS:1361412562310868453", "OPENVAS:1361412562310868454", "OPENVAS:1361412562310868455", "OPENVAS:1361412562310868456", "OPENVAS:1361412562310868467", "OPENVAS:1361412562310868468", "OPENVAS:1361412562310868471", "OPENVAS:1361412562310868477", "OPENVAS:1361412562310868597", "OPENVAS:1361412562310868600", "OPENVAS:1361412562310868601", "OPENVAS:1361412562310868604", "OPENVAS:1361412562310868693", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310868770", "OPENVAS:1361412562310868824", "OPENVAS:1361412562310868855", "OPENVAS:1361412562310868936", "OPENVAS:1361412562310869036", "OPENVAS:1361412562310869038", "OPENVAS:1361412562310869045", "OPENVAS:1361412562310869084", "OPENVAS:1361412562310869125", "OPENVAS:1361412562310871201", "OPENVAS:1361412562310871202", "OPENVAS:1361412562310871208", "OPENVAS:1361412562310871258", "OPENVAS:1361412562310871260", "OPENVAS:1361412562310871261", "OPENVAS:1361412562310871270", "OPENVAS:1361412562310871274", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871297", "OPENVAS:1361412562310871303", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310871532", "OPENVAS:1361412562310871535", "OPENVAS:1361412562310871536", "OPENVAS:1361412562310871542", "OPENVAS:1361412562310871543", "OPENVAS:1361412562310871544", "OPENVAS:1361412562310871545", "OPENVAS:1361412562310871548", "OPENVAS:1361412562310871701", "OPENVAS:1361412562310871961", "OPENVAS:1361412562310881962", "OPENVAS:1361412562310881963", "OPENVAS:1361412562310881966", "OPENVAS:1361412562310881971", "OPENVAS:1361412562310882055", "OPENVAS:1361412562310882057", "OPENVAS:1361412562310882058", "OPENVAS:1361412562310882060", "OPENVAS:1361412562310882062", "OPENVAS:1361412562310882063", "OPENVAS:1361412562310882089", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882097", "OPENVAS:1361412562310882098", "OPENVAS:1361412562310882104", "OPENVAS:1361412562310882105", "OPENVAS:1361412562310882106", "OPENVAS:1361412562310882355", "OPENVAS:1361412562310882356", "OPENVAS:1361412562310882357", "OPENVAS:1361412562310882360", "OPENVAS:1361412562310882363", "OPENVAS:1361412562310882366", "OPENVAS:1361412562310882370", "OPENVAS:1361412562310882371", "OPENVAS:1361412562310882372", "OPENVAS:1361412562310882373", "OPENVAS:1361412562310882374", "OPENVAS:1361412562310882378", "OPENVAS:1361412562310882379", "OPENVAS:1361412562310882380", "OPENVAS:1361412562311220161054", "OPENVAS:1361412562311220191388", "OPENVAS:1361412562311220191400", "OPENVAS:1361412562311220192509", "OPENVAS:702980", "OPENVAS:702987", "OPENVAS:703053", "OPENVAS:703077", "OPENVAS:703080", "OPENVAS:703144", "OPENVAS:703147", "OPENVAS:703253", "OPENVAS:703436", "OPENVAS:703437", "OPENVAS:703457", "OPENVAS:703458", "OPENVAS:703465", "OPENVAS:703489", "OPENVAS:703491", "OPENVAS:703500", "OPENVAS:703504", "OPENVAS:703609", "OPENVAS:703611", "OPENVAS:703614", "OPENVAS:703688"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUJUL2014-1972956", "ORACLE:CPUOCT2014-1972960", "ORACLE:CPUOCT2020"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0889", "ELSA-2014-0890", "ELSA-2014-0907", "ELSA-2014-1620", "ELSA-2014-1633", "ELSA-2014-1634", "ELSA-2014-1636", "ELSA-2014-1652", "ELSA-2014-1653", "ELSA-2015-0067", "ELSA-2015-0068", "ELSA-2015-0069", "ELSA-2015-0085", "ELSA-2016-0007", "ELSA-2016-0008", "ELSA-2016-0012", "ELSA-2016-0049", "ELSA-2016-0050", "ELSA-2016-0053", "ELSA-2016-0054", "ELSA-2016-0067", "ELSA-2016-0996", "ELSA-2016-2599", "ELSA-2016-3523", "ELSA-2016-3556", "ELSA-2016-3621", "ELSA-2017-2247", "ELSA-2019-4581", "ELSA-2019-4747", "ELSA-2021-9150"]}, {"type": "osv", "idList": ["OSV:DLA-157-1", "OSV:DLA-282-1", "OSV:DLA-400-1", "OSV:DLA-410-1", "OSV:DLA-443-1", "OSV:DLA-528-1", "OSV:DLA-529-1", "OSV:DLA-81-1", "OSV:DLA-96-1", "OSV:DSA-2980-1", "OSV:DSA-2987-1", "OSV:DSA-3053-1", "OSV:DSA-3077-1", "OSV:DSA-3080-1", "OSV:DSA-3092-1", "OSV:DSA-3144-1", "OSV:DSA-3147-1", "OSV:DSA-3253-1", "OSV:DSA-3436-1", "OSV:DSA-3437-1", "OSV:DSA-3457-1", "OSV:DSA-3458-1", "OSV:DSA-3465-1", "OSV:DSA-3489-1", "OSV:DSA-3491-1", "OSV:DSA-3500-1", "OSV:DSA-3504-1", "OSV:DSA-3609-1", "OSV:DSA-3611-1", "OSV:DSA-3614-1", "OSV:DSA-3688-1", "OSV:GHSA-5WFP-8643-C58X", "OSV:GHSA-F7F6-XRWC-9C57", "OSV:GHSA-FVM3-CFVJ-GXQQ", "OSV:GHSA-GXG6-RC6C-V673", "OSV:GHSA-Q56H-JJJ6-52MF"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:132254", "PACKETSTORM:133054", "PACKETSTORM:134251", "PACKETSTORM:141631"]}, {"type": "paloalto", "idList": ["PAN-SA-2014-0005"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:0889", "RHSA-2014:0890", "RHSA-2014:0902", "RHSA-2014:0907", "RHSA-2014:0908", "RHSA-2014:1033", "RHSA-2014:1036", "RHSA-2014:1041", "RHSA-2014:1042", "RHSA-2014:1370", "RHSA-2014:1398", "RHSA-2014:1399", "RHSA-2014:1400", "RHSA-2014:1620", "RHSA-2014:1633", "RHSA-2014:1634", "RHSA-2014:1636", "RHSA-2014:1652", "RHSA-2014:1653", "RHSA-2014:1657", "RHSA-2014:1658", "RHSA-2014:1692", "RHSA-2014:1876", "RHSA-2014:1877", "RHSA-2014:1880", "RHSA-2014:1881", "RHSA-2014:1882", "RHSA-2014:1948", "RHSA-2015:0067", "RHSA-2015:0068", "RHSA-2015:0069", "RHSA-2015:0079", "RHSA-2015:0080", "RHSA-2015:0085", "RHSA-2015:0086", "RHSA-2015:0133", "RHSA-2015:0134", "RHSA-2015:0135", "RHSA-2015:0136", "RHSA-2015:0263", "RHSA-2015:0264", "RHSA-2015:0698", "RHSA-2015:1009", "RHSA-2015:1545", "RHSA-2015:1546", "RHSA-2016:0007", "RHSA-2016:0008", "RHSA-2016:0012", "RHSA-2016:0049", "RHSA-2016:0050", "RHSA-2016:0053", "RHSA-2016:0054", "RHSA-2016:0055", "RHSA-2016:0056", "RHSA-2016:0057", "RHSA-2016:0067", "RHSA-2016:0098", "RHSA-2016:0099", "RHSA-2016:0100", "RHSA-2016:0101", "RHSA-2016:0539", "RHSA-2016:0540", "RHSA-2016:1135", "RHSA-2016:1376", "RHSA-2016:1430", "RHSA-2016:2035", "RHSA-2016:2068", "RHSA-2016:2069", "RHSA-2016:2070", "RHSA-2016:2071", "RHSA-2016:2072", "RHSA-2016:2599", "RHSA-2016:2807", "RHSA-2016:2808", "RHSA-2017:0455", "RHSA-2017:0456", "RHSA-2017:0457", "RHSA-2019:1545"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000394"]}, {"type": "saint", "idList": ["SAINT:2A4358BF31AF1DF12CC0825DE2A0B1D2", "SAINT:66FBA7CC8FD20610677EE0D63C3A16A6", "SAINT:9C099C4B9A40BE916B04858EBBBB06B1", "SAINT:C049B327B327D8889E6EDEE0F0EFB1CB"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31293", "SECURITYVULNS:DOC:31299", "SECURITYVULNS:DOC:31300", "SECURITYVULNS:DOC:31301", "SECURITYVULNS:DOC:31302", "SECURITYVULNS:DOC:31303", "SECURITYVULNS:DOC:31305", "SECURITYVULNS:DOC:31317", "SECURITYVULNS:DOC:31318", "SECURITYVULNS:DOC:31532", "SECURITYVULNS:DOC:31664", "SECURITYVULNS:DOC:31679", "SECURITYVULNS:DOC:31682", "SECURITYVULNS:DOC:32516", "SECURITYVULNS:VULN:13868", "SECURITYVULNS:VULN:14031", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14062", "SECURITYVULNS:VULN:14063", "SECURITYVULNS:VULN:14164", "SECURITYVULNS:VULN:14233", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14393", "SECURITYVULNS:VULN:14601", "SECURITYVULNS:VULN:14697"]}, {"type": "seebug", "idList": ["SSV:92692"]}, {"type": "slackware", "idList": ["SSA-2014-288-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2014:1331-1", "OPENSUSE-SU-2015:0190-1", "OPENSUSE-SU-2016:0263-1", "OPENSUSE-SU-2016:0268-1", "OPENSUSE-SU-2016:0270-1", "OPENSUSE-SU-2016:0272-1", "OPENSUSE-SU-2016:0279-1", "OPENSUSE-SU-2016:0640-1", "OPENSUSE-SU-2016:0788-1", "OPENSUSE-SU-2016:0833-1", "SUSE-SU-2014:0961-1", "SUSE-SU-2014:1357-1", "SUSE-SU-2014:1361-1", "SUSE-SU-2014:1386-1", "SUSE-SU-2014:1387-1", "SUSE-SU-2014:1387-2", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1422-1", "SUSE-SU-2014:1526-1", "SUSE-SU-2014:1526-2", "SUSE-SU-2014:1549-1", "SUSE-SU-2015:0010-1", "SUSE-SU-2015:0336-1", "SUSE-SU-2015:0344-1", "SUSE-SU-2015:0345-1", "SUSE-SU-2015:0376-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2015:0503-1", "SUSE-SU-2015:0578-1", "SUSE-SU-2016:0256-1", "SUSE-SU-2016:0265-1", "SUSE-SU-2016:0269-1", "SUSE-SU-2016:0390-1", "SUSE-SU-2016:0399-1", "SUSE-SU-2016:0401-1", "SUSE-SU-2016:0428-1", "SUSE-SU-2016:0431-1", "SUSE-SU-2016:0433-1", "SUSE-SU-2016:0636-1", "SUSE-SU-2016:0699-1", "SUSE-SU-2016:0700-1", "SUSE-SU-2016:0770-1", "SUSE-SU-2016:0776-1", "SUSE-SU-2016:1457-1", "SUSE-SU-2016:1459-1", "SUSE-SU-2017:1660-1"]}, {"type": "thn", "idList": ["THN:F73D624126468D834271728F43F4B725"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:9041B76CCCD278242DD81A2F7BFCE45E", "THREATPOST:C05160819B394668E33A3A4F7E49BBFD", "THREATPOST:CF8A831748EC23AA2B67F64081A55155"]}, {"type": "tomcat", "idList": ["TOMCAT:0771E17F0F0733FEFCB0AD32B094C50F", "TOMCAT:3433D97DD68E3E4EE81DAC140FD2AF8F", "TOMCAT:7E8B1837DB1B24489FB7CEAE24C18E30"]}, {"type": "ubuntu", "idList": ["USN-2312-1", "USN-2319-1", "USN-2319-2", "USN-2319-3", "USN-2386-1", "USN-2388-1", "USN-2388-2", "USN-2486-1", "USN-2487-1", "USN-2863-1", "USN-2864-1", "USN-2865-1", "USN-2866-1", "USN-2884-1", "USN-2885-1", "USN-2904-1", "USN-2923-1", "USN-3024-1", "USN-3027-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3529", "UB:CVE-2014-3566", "UB:CVE-2014-3574", "UB:CVE-2014-4244", "UB:CVE-2014-4263", "UB:CVE-2014-6457", "UB:CVE-2014-6593", "UB:CVE-2015-0410", "UB:CVE-2015-2774", "UB:CVE-2015-7575", "UB:CVE-2016-0466", "UB:CVE-2016-2510", "UB:CVE-2016-3092"]}, {"type": "veracode", "idList": ["VERACODE:15664", "VERACODE:15667"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001", "VMSA-2015-0001.2", "VMSA-2015-0003", "VMSA-2015-0003.14"]}, {"type": "zdt", "idList": ["1337DAY-ID-24035", "1337DAY-ID-24503", "1337DAY-ID-27317"]}]}, "score": {"value": 1.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSL_ADVISORY16.ASC"]}, {"type": "amazon", "idList": ["ALAS-2014-387"]}, {"type": "archlinux", "idList": ["ASA-201601-29"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BSERV-8977"]}, {"type": "attackerkb", "idList": ["AKB:BC293A26-1A78-4F0D-B4CE-04E218BA7440"]}, {"type": "centos", "idList": ["CESA-2014:0889", "CESA-2014:0890", "CESA-2014:0907", "CESA-2014:1620", "CESA-2014:1633", "CESA-2014:1634", "CESA-2014:1652", "CESA-2014:1653", "CESA-2014:1948", "CESA-2015:0067", "CESA-2015:0068", "CESA-2015:0069", "CESA-2015:0085", "CESA-2016:0007", "CESA-2016:0008", "CESA-2016:0012", "CESA-2016:0049", "CESA-2016:0050", "CESA-2016:0053", "CESA-2016:0054", "CESA-2016:0067"]}, {"type": "cert", "idList": ["VU:577193"]}, {"type": "checkpoint_security", "idList": ["CPS:SK102673", "CPS:SK102989", "CPS:SK103683", "CPS:SK105062"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cisco", "idList": ["CISCO-SA-20141211-CVE-2014-8730"]}, {"type": "cve", "idList": ["CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7575", "CVE-2016-0466"]}, {"type": "debian", "idList": ["DEBIAN:DLA-400-1:76CCE", "DEBIAN:DSA-3053-1:A743E", "DEBIAN:DSA-3437-1:59807", "DEBIAN:DSA-3491-1:35440", "DEBIAN:DSA-3611-1:6D627", "DEBIAN:DSA-3611-1:F53EF", "DEBIAN:DSA-3614-1:AC7F6", "DEBIAN:DSA-3688-1:3F736"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2014-3566"]}, {"type": "f5", "idList": ["F5:K10065173", "SOL02201365", "SOL50118123"]}, {"type": "fedora", "idList": ["FEDORA:0FE8860E4374", "FEDORA:30C4A60C450A", "FEDORA:4227660CA765", "FEDORA:955A2608A1F0", "FEDORA:9E5776087B1A", "FEDORA:ABDD7608A209", "FEDORA:CA868607A1CD", "FEDORA:D241A60EFAEF", "FEDORA:DDD696087CE5"]}, {"type": "fortinet", "idList": ["FG-IR-14-031"]}, {"type": "freebsd", "idList": ["10F7BC76-0335-4A88-B391-0B05B3A8CE1C", "9E5BBFFC-D8AC-11E5-B2BD-002590263BF5"]}, {"type": "gentoo", "idList": ["GLSA-201411-10"]}, {"type": "github", "idList": ["GHSA-FVM3-CFVJ-GXQQ"]}, {"type": "hackerone", "idList": ["H1:216271"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20141215-01-POODLE"]}, {"type": "ibm", "idList": ["00CCE1573777F42ABE99718CA356421C893500F8774B2D76599D43AB2118F4F2", "01762D3D37BB3ABAD72EAC79AB7F0CA81B4020CA550D2307B9B7977B86D63326", "06457DA2FE08EC56407EF05C2EAAA9080634D44807C2A8ABBDEA18DCD9364BAC", "065043A4F97D98BC08FD9CAA5BD98D88FD7572B7D4428A44CB505172C0223BB0", "09EDE4E0CD7DF2699F28363782319D7EBC282776D733D8DA6183FF69A1E1027A", "11850D4935C59F6F9B6E5C5A80BAF8C5490B646F230553654E07EC29A53AE9E3", "121AD16C8E6DC137F59BC7099DCBB94073B1DAF243EA01F065B73DC33C59F7CD", "126537C1F8F0F30E3E1F51F743F09DF0CD7BE1FC4C806F6317B231F16161C1D7", "13C3D53BA54035028BA8B6CCC92D57C0C0AFB5754F2A746073C2E64512AF302A", "1BFF63EB8AF39056E08427B06D34E43B32E43FBCC74FB2A85F32E708984FD60F", "2020ECD006208047A6BEA328FD4492CCBCE205CBA9B159EECFA5284D682EDB89", "21446E7BD60AF25A929641E2E18704321FB557C135FBBC6956A6264A3FCDF4B2", "23ACC7BB2569417276597C257401F3783EB07FD152C4689F7E77CADFC4EDD536", "29BFF097F764F2E2870C5D0DC577733C5EEBC573E7B3FE466D280FD91D64FD0A", "2F5E9F58C5211E4D42487F7A140F36650CEBDEBD701BADBE4FFD04B577E43B91", "2F816069CAA66A54C42E49ED29CB63DF268919E76E80D54190EC3F850E0D535A", "32EB8BE682985EED6CDB1D2FE6AAA4C3E1F475A6C6763236F416CF5D1908DDD8", "3365EAA84713F04AAC91BEF235DE8AC3AACE7A80B2A73FCD9739E24AA18C5AF4", "3571B420A072DEE76E37DA221B03342365B3036A912A7CE6A01A988190A8F62D", "35CEED27807DC1F06172146BBF8FEE7FFB0F2AF8AE15F30DAC2EB519801637DC", "3646DAD163BA0A8E0A9E8DF2F16916F37F637C31CF558A434D42601D980745CD", "38BC00D7FF3545C436AC4533805630DD0B45CDB4B97F36F6ADAE8817F3A655C7", "3E23DDB4C3380B39D8666C5A0FD0663030F353603F83DC0E19F7843AA57B7A26", "433C80FA01CBD264F0ECEDD5C86B61CFD6A281F46060EF3E8D3AAA90049AFE21", "47854739A78D340A07A1A22935ECE0D3E40F068349563A968BDFFB20132370BE", "4AAD2BFC5837F0CD9E63B31CC9644C3A90E942FA13F398384C4E1FBA2E175E09", "4ED2415E866AA27E2339351646BE68575D6DE777D3DA7E7EB9AC12F916F1C0DD", "4FA9A48861BE9F8F3B720182D35126E64A74A6C71351AC2063C9DE8662C621A6", "523AA94D1E10269FAF98CA05CDCD7A695FB6F29B64D25ABFB286FC0B6B450921", "53DE79EA36CC70E39ED3ADEDDF7B03288CE0A5AA43A75E91EB31074E052AF91C", "5B8DB5501CBFC5531660077D652EC3653D10336551B5D40917AE357AD7F4FB93", "5DCFD439936E2F8A52E5C8672372D872D6A4B217ABE8891AB553B9118FD960DE", "5DE8B3EDE10727E701D4521B68C43392913E7992400F9779163E6AE7193811BC", "5E2AFDF7AB3E087F15E11D8D08AEEF34592E638BA469F3697192CBD365B9C998", "6266ACC74295FF2D138A1AAB20D50CCD4E8EC9EE7F50E0E59B801F06DD3FB722", "63BA91B4612104EB8E2D55CEC2DCDE8AA7F8D44E79BC791C78F79931691CECF4", "6609091280A6265ACF23CC819056F828A2821488E85E726131FA51BDBE28BD88", "6B1FE6B87F5632D0E3A2DF3894D6A87F2FF4EDBFA3CCDA8DACEEFCD473F77904", "709E27E3685930B945F2FBC357A30EA55914B7F6AA51DED371226AB763C07085", "76A453BCD047723CA1CC19571C2519F1D2D86C3F1ACD8A2638C598517C05E173", "789948D6E2D3214CF6D14873F1BE91C91BC7007F1ACE3F9DD9D9CBFBB98592A9", "7C32536CCC3AE2FC652286763B1CD20B210BA17E5CCD8D853CF310C392518CB3", "7CC639A842FFCB87CEB4C497DB1ABD24DBBACF8C16556A04B5249D0904F59838", "7D1FF9AF4197ACD2DE094C701C639AB3A23C0D00385B605D461CC2415A391FD9", "8550C30C4A56D3070A2109BE13555117FD37487C131991DA553C8B5CDFAE2259", "86342A16183C947600A2D12FE2134D8199BF66CC53E099BBBD76E9F235DE5D41", "8937CBA3426FCE31295ADA0BA5DCA9E051C3D3F6491200BA2153E80CAABAFBCC", "89BA66958BF3EF0D1B8FD951254B5E52E497E5982616522BC59B41D8908B2D3C", "8B8C66A4898A077124BBB8B80AF8131F97AB4CE33B457487C6EF966698FD1EC8", "8D03478BE637F2274E0A5C19A86AF028F9DC5D2D251BC13A43ABED4675413859", "8F39456B689B7B3239345CEE3BB6882722E86B4B05278F4F8EB15DF59EFBCAFC", "9089C63EA075732A2F18A9DEF551E15CB6F40EA0AE9BD8F8C0605D12A3FBDE92", "91B6BA027BFC49F4F23C4AB3FE83336E62B2EA9F0FC3AB35DBCA8F664E8F55C3", "964EDC6CD9B7F054F4C96F9A72758F0466AA9B78A7A3E8AA96F516DFD1AB1CFD", "9AEF7943FC15601E8764D0053EBD7C1FB2D252A0A9CD314B104D203C2E9C2EB1", "9C5F005EDD59DDF4AA35915A18110FC11CB940EB2C453CB3DC3843CD28254682", "9EB1478AE17D3EDFE567B0697D2C2B0577C9714D05F5A2E7A80B66D0034D89D9", "A0ECE071B650D8F5EC02E601175D0E3683680641E4438CAB1D935DEB21EBDD49", "AAF98EDCD77216F7619EAA87B2183E6B8FD3629316B74220F9C3C826D5B93C05", "AF1A2AFC7CB48695F42467DC6626570D2A7797795C71348461D189D6DA28509A", "B24A96EC081A0578A55C688511BE4ED453BC2B72438C6DF0DD5135F5FC69F4AA", "B3921AD53237CD309893EF9A4039A94178B245A6C3604A14153D2DAE483A41EC", "B4010B4E21B127AA0A6CACC8E96F2406EAE6CDF71E449DF6FCA304D4DC567ADE", "B45ABED8BD58C33A07263A55AF5D4FCACA1D1D4D41B9076C9B3E26F4C663C536", "B57836C680E5C7DF0307525BE8C7E45EFC17A6866B818F9F01947138A8ED9F8B", "BD9659A4CCD34A1F85D3F43EBB69A1C01B35156D02EAF7816113431881473F82", "C5DC7E3B34A4B9A3DC0E8C0FAFE2DA531B9CD3D402160B1BD2722664BB8814ED", "C81F745CADFCC259B2A14EBD6E680E0A8600116D12D6EBCDB31D0E333B902F2E", "D298FA6BEB1855A11B72B3942004181440E190878F6AEBEF802D8B5D57A6AF14", "D6D01193465D0489CF18524A794AA59CC76D91403E1F923FB9E1F5CD46E21E8A", "D81266EEF9A30224B03C1D4084FE2FB22F1A32AE3AEF1D43DC3CA53C8F5BCAA6", "D995BFD7F2FE7D2B6BD9B254E3A2FFCCE7B6FC8B44FD9CE6285A91BD366E9BE9", "DB9BA983E7D2FAC653E24BEBCF41FC8BAB8D997E65F48954297E2FCB8153E17F", "DF1E9BDB92169D884822F099433AE49D99725BDE57D69AD10D1A2ADE2C7BF3E0", "DF7E743258EECE8D977DB6645A6CF8DFDE1F2111B2363A0A163830CA509AD664", "DF89B2395C4DB15E1FF631A136BB1301E179B1A5D4A2BF72B8D0EF9E4A730437", "E1956B84C4A8A327CE88C2A393674D2E29754B0D0DE5EA9CD732916AC207C1B2", "E3BAE9A30B20D04512C7C16881BAE14D80726FD5F24F3B32C3DF1C51B000477A", "E79B1CBF1524EDF0CFB25255419FAA5ADAFCD6176139338206646C7E39D87AC8", "E7A61D23F37BFE71387F349B7ABC627B2069E0DD06334950ECFFA79FDC6D4BE8", "EB5B1F8ABFF3A7B214FBC4418A883224B5D8C2FEDD066A997E53E0DC10D67F18", "EC7DD37D5F4B9A5D139BAD89ACB67C9048FD7B2CAF35F5F63861CE6E55EADBAB", "FA01F274F8BDB18D853D26418F5635CA08231E1E4CEC615047C15F573CF29B71"]}, {"type": "ics", "idList": ["ICSA-17-094-04"]}, {"type": "kaspersky", "idList": ["KLA10732"]}, {"type": "kitploit", "idList": ["KITPLOIT:6372579284509577146"]}, {"type": "lenovo", "idList": ["LENOVO:PS500041-POODLE-SSLV3-VULNERABILITY-NOSID", "LENOVO:PS500190-NOSID"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/IBM-WAS-CVE-2017-1380/", "MSF:ILITIES/IBM-WAS-CVE-2017-1382/"]}, {"type": "mozilla", "idList": ["MFSA2015-150"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787046"]}, {"type": "nessus", "idList": ["8550.PRM", "8897.PRM", "9700.PRM", "AIX_IV73418.NASL", "AIX_IV73419.NASL", "AIX_IV82328.NASL", "AIX_JAVA_JUL2014_ADVISORY.NASL", "ALA_ALAS-2014-429.NASL", "ALA_ALAS-2015-472.NASL", "ALA_ALAS-2016-643.NASL", "ALA_ALAS-2016-654.NASL", "CENTOS_RHSA-2014-0907.NASL", "CENTOS_RHSA-2014-1633.NASL", "CENTOS_RHSA-2014-1652.NASL", "CISCO-SA-20141015-POODLE-ASA.NASL", "CISCO-SA-20141015-POODLE-WLC.NASL", "DEBIAN_DLA-282.NASL", "DEBIAN_DLA-443.NASL", "DEBIAN_DSA-3053.NASL", "DEBIAN_DSA-3465.NASL", "DEBIAN_DSA-3504.NASL", "FEDORA_2014-15411.NASL", "FEDORA_2014-17587.NASL", "FREEBSD_PKG_03532A19D68E11E6917114DAE9D210B8.NASL", "FREEBSD_PKG_9E5BBFFCD8AC11E5B2BD002590263BF5.NASL", "GENTOO_GLSA-201507-14.NASL", "GENTOO_GLSA-201706-18.NASL", "GENTOO_GLSA-201801-15.NASL", "IBM_DOMINO_9_0_1_FP2.NASL", "MACOSX_10_10_2.NASL", "MACOSX_SECUPD2015-001.NASL", "MANDRIVA_MDVSA-2014-203.NASL", "OPENSSL_1_0_0O.NASL", "OPENSUSE-2015-978.NASL", "OPENSUSE-2016-110.NASL", "OPENSUSE-2016-351.NASL", "ORACLELINUX_ELSA-2014-0889.NASL", "ORACLELINUX_ELSA-2015-0085.NASL", "ORACLELINUX_ELSA-2016-0012.NASL", "ORACLELINUX_ELSA-2016-0049.NASL", "ORACLEVM_OVMSA-2018-0248.NASL", "ORACLE_JAVA_CPU_JAN_2015_UNIX.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2015_CPU.NASL", "REDHAT-RHSA-2014-1033.NASL", "REDHAT-RHSA-2014-1620.NASL", "REDHAT-RHSA-2014-1652.NASL", "REDHAT-RHSA-2014-1653.NASL", "REDHAT-RHSA-2014-1882.NASL", "REDHAT-RHSA-2016-0053.NASL", "REDHAT-RHSA-2016-0100.NASL", "REDHAT-RHSA-2016-2807.NASL", "SLACKWARE_SSA_2014-288-01.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SL_20140716_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20141015_JAVA_1_6_0_OPENJDK_ON_SL5_X.NASL", "SL_20160107_GNUTLS_ON_SL6_X.NASL", "SL_20160121_JAVA_1_7_0_OPENJDK_ON_SL5_X.NASL", "SPLUNK_5011.NASL", "SUSE_11_LIBWSMAN-DEVEL-141021.NASL", "SUSE_11_PURE-FTPD-141120.NASL", "SUSE_SU-2014-1541-1.NASL", "SUSE_SU-2015-0503-1.NASL", "SUSE_SU-2016-0256-1.NASL", "SUSE_SU-2016-0265-1.NASL", "SUSE_SU-2016-0584-1.NASL", "UBUNTU_USN-2319-3.NASL", "UBUNTU_USN-2386-1.NASL", "UBUNTU_USN-2863-1.NASL", "UBUNTU_USN-2923-1.NASL", "VMWARE_HORIZON_VIEW_VMSA-2015-0003.NASL", "VMWARE_VCENTER_UPDATE_MGR_VMSA-2015-0003.NASL", "VMWARE_VMSA-2015-0001.NASL", "WEBSPHERE_7_0_0_37.NASL", "XEROX_XRX15AD_COLORQUBE.NASL", "XEROX_XRX15AJ.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105191", "OPENVAS:1361412562310105283", "OPENVAS:1361412562310120287", "OPENVAS:1361412562310120324", "OPENVAS:1361412562310122819", "OPENVAS:1361412562310122856", "OPENVAS:1361412562310123287", "OPENVAS:1361412562310140161", "OPENVAS:1361412562310703080", "OPENVAS:1361412562310703253", "OPENVAS:1361412562310703465", "OPENVAS:1361412562310703489", "OPENVAS:1361412562310804687", "OPENVAS:1361412562310810979", "OPENVAS:1361412562310841928", "OPENVAS:1361412562310841944", "OPENVAS:1361412562310842012", "OPENVAS:1361412562310842078", "OPENVAS:1361412562310842563", "OPENVAS:1361412562310842597", "OPENVAS:1361412562310850936", "OPENVAS:1361412562310850955", "OPENVAS:1361412562310868191", "OPENVAS:1361412562310868705", "OPENVAS:1361412562310868711", "OPENVAS:1361412562310868721", "OPENVAS:1361412562310868735", "OPENVAS:1361412562310871260", "OPENVAS:1361412562310871261", "OPENVAS:1361412562310871275", "OPENVAS:1361412562310871304", "OPENVAS:1361412562310871305", "OPENVAS:1361412562310882055", "OPENVAS:1361412562310882057", "OPENVAS:1361412562310882060", "OPENVAS:1361412562310882094", "OPENVAS:1361412562310882363", "OPENVAS:1361412562310882371", "OPENVAS:1361412562311220191388", "OPENVAS:703253", "OPENVAS:703457", "OPENVAS:703465", "OPENVAS:703688"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2015", "ORACLE:CPUJUL2015-2367936"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-0067"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:134251"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:7535985DCB1FBEA5FAF46D9453037D10"]}, {"type": "redhat", "idList": ["RHSA-2014:1042", "RHSA-2014:1658", "RHSA-2015:0069", "RHSA-2015:0080", "RHSA-2015:0133", "RHSA-2015:0263", "RHSA-2015:0698", "RHSA-2015:1545", "RHSA-2016:0055", "RHSA-2016:0057", "RHSA-2016:0098", "RHSA-2016:0099", "RHSA-2016:1135"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-1000394"]}, {"type": "saint", "idList": ["SAINT:9C099C4B9A40BE916B04858EBBBB06B1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31317", "SECURITYVULNS:VULN:14045", "SECURITYVULNS:VULN:14050", "SECURITYVULNS:VULN:14245", "SECURITYVULNS:VULN:14697"]}, {"type": "slackware", "idList": ["SSA-2014-288-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0268-1", "SUSE-SU-2014:0961-1", "SUSE-SU-2014:1409-1", "SUSE-SU-2014:1422-1", "SUSE-SU-2015:0392-1", "SUSE-SU-2016:0401-1"]}, {"type": "threatpost", "idList": ["THREATPOST:6B6CA377F53631E389C8D36D80FC782A", "THREATPOST:9041B76CCCD278242DD81A2F7BFCE45E"]}, {"type": "tomcat", "idList": ["TOMCAT:7E8B1837DB1B24489FB7CEAE24C18E30"]}, {"type": "ubuntu", "idList": ["USN-2319-1", "USN-2388-2", "USN-2863-1", "USN-2864-1", "USN-2865-1", "USN-2866-1", "USN-2884-1", "USN-2904-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-3566", "UB:CVE-2014-4263", "UB:CVE-2014-6457"]}, {"type": "virtuozzo", "idList": ["VZA-2017-081"]}, {"type": "vmware", "idList": ["VMSA-2015-0001", "VMSA-2015-0001.2"]}, {"type": "zdt", "idList": ["1337DAY-ID-24035"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2014-3529", "epss": "0.002210000", "percentile": "0.585040000", "modified": "2023-03-17"}, {"cve": "CVE-2014-3566", "epss": "0.975070000", "percentile": "0.999620000", "modified": "2023-03-17"}, {"cve": "CVE-2014-3574", "epss": "0.011790000", "percentile": "0.828740000", "modified": "2023-03-17"}, {"cve": "CVE-2014-4244", "epss": "0.008490000", "percentile": "0.796520000", "modified": "2023-03-17"}, {"cve": "CVE-2014-4263", "epss": "0.008490000", "percentile": "0.796520000", "modified": "2023-03-17"}, {"cve": "CVE-2014-6457", "epss": "0.033060000", "percentile": "0.897970000", "modified": "2023-03-17"}, {"cve": "CVE-2014-6593", "epss": "0.191870000", "percentile": "0.954490000", "modified": "2023-03-17"}, {"cve": "CVE-2015-0410", "epss": "0.027360000", "percentile": "0.888790000", "modified": "2023-03-17"}, {"cve": "CVE-2015-1920", "epss": "0.005950000", "percentile": "0.750410000", "modified": "2023-03-17"}, {"cve": "CVE-2015-4939", "epss": "0.001540000", "percentile": "0.499740000", "modified": "2023-03-18"}, {"cve": "CVE-2015-4971", "epss": "0.000630000", "percentile": "0.253470000", "modified": "2023-03-18"}, {"cve": "CVE-2015-7417", "epss": "0.000980000", "percentile": "0.393800000", "modified": "2023-03-17"}, {"cve": "CVE-2015-7450", "epss": "0.974190000", "percentile": "0.998580000", "modified": "2023-03-18"}, {"cve": "CVE-2015-7575", "epss": "0.002920000", "percentile": "0.642480000", "modified": "2023-03-17"}, {"cve": "CVE-2016-0466", "epss": "0.039490000", "percentile": "0.906220000", "modified": "2023-03-17"}, {"cve": "CVE-2016-2510", "epss": "0.090540000", "percentile": "0.936110000", "modified": "2023-03-17"}, {"cve": "CVE-2016-3092", "epss": "0.013670000", "percentile": "0.841790000", "modified": "2023-03-17"}, {"cve": "CVE-2016-6021", "epss": "0.000500000", "percentile": "0.173020000", "modified": "2023-03-18"}, {"cve": "CVE-2016-6029", "epss": "0.001360000", "percentile": "0.472850000", "modified": "2023-03-18"}, {"cve": "CVE-2016-8919", "epss": "0.002250000", "percentile": "0.589960000", "modified": "2023-03-17"}, {"cve": "CVE-2017-1097", "epss": "0.000710000", "percentile": "0.287400000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1121", "epss": "0.000630000", "percentile": "0.253830000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1137", "epss": "0.004650000", "percentile": "0.716150000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1190", "epss": "0.000420000", "percentile": "0.056370000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1380", "epss": "0.000780000", "percentile": "0.320430000", "modified": "2023-03-18"}, {"cve": "CVE-2017-1382", "epss": "0.000420000", "percentile": "0.056370000", "modified": "2023-03-18"}], "vulnersScore": 1.3}, "_state": {"dependencies": 1662394504, "score": 1684013037, "affected_software_major_version": 1666695388, "epss": 1679165106}, "_internal": {"score_hash": "e4e6b95254a7df445e38175e635f0d37"}, "affectedSoftware": []}

{"ibm": [{"lastseen": "2021-12-30T21:39:47", "description": "## Question\n\nSecurity Bulletins for Emptoris Program Management\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Program Management.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nWe recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here. \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nMay 2nd 2016\n\n * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)**\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\nSeptember 22?2015\n\n * **[Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)](<https://emptoris.support.ibmcloud.com/ics/support/default.asp?deptID=31019&task=knowledge&questionID=22171&languageID=>)**\n\nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n\nJanuary 272015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\nDecember 312014\n\n * **[Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n\nSeptember 17 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_vulnerabilities_in_ibm_java_sdk_affect_ibm_emptoris_strategic_supply_management_ibm_emptoris_rivermine_telecom_expense_management_and_ibm_emptoris_services_procurement_cve_2014_4263_cve_2014_4244?lang=en_us>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T16:15:01", "type": "ibm", "title": "Security Bulletins for Emptoris Program Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-7450", "CVE-2016-2510", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T16:15:01", "id": "0CE9B36358C9687E7112577EA1304074A68EA6DD5359A3F6615F7BA94A6B8E7D", "href": "https://www.ibm.com/support/pages/node/783531", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:49", "description": "## Question\n\nSecurity Bulletins for Emptoris Services Procurement\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Services Procurement.** \n \nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm\">)\" for details.? Please use this information to take the appropriate actions. \n \nIn our effort to serve you better we recommend that you subscribe to this article for notification of new Security Bulletins and advisories posted here. \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: IBM Emptoris Services Procurement is affected by Information leakage vulnerability (CVE-2017-1547)_**](<http://www-01.ibm.com/support/docview.wss?uid=swg22007770>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22004442>)**\n \nJuly 14th 2017?\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products.](<http://www.ibm.com/support/docview.wss?uid=swg22003479>)**\n \nJune 13th 2017?\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004642>)**\n \nJune 13th 2017\n\n * **[Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1121](<http://www.ibm.com/support/docview.wss?uid=swg22004706>)**\n \nJune 12th 2017\n\n * **[Security Bulletin: Vulnerability in IBM Websphere Application Server affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2017-1137)](<http://www.ibm.com/support/docview.wss?uid=swg22004666>)**\n \nJun 12 2017??????\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products. **](<http://www-01.ibm.com/support/docview.wss?uid=swg22004666&myns=swgother&mynp=OCSSYQ72&mynp=OCSSYR6U&mynp=OCSSYQAR&mynp=OCSSYR8W&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYQ72-OCSSYR6U-OCSSYQAR-OCSSYR8W-OCSSYRER-OCSSYQ89-_-E>)\n \n \nJan 18 2017\n\n * **[S](<http://www-01.ibm.com/support/docview.wss?uid=swg21996820>)**[**ecurity Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement** ](<http://www-01.ibm.com/support/docview.wss?uid=swg21996820>)\n \n \nJuly 14 2016\n\n * [**Security Bulletin: A JMX component vulnerability in IBM Java SDK and IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement (CVE-2016-3427)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21986797>)\n \n \nMarch 7 2016\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply **](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[Management](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)**[** and IBM Emptoris Services Procurement (CVE-2015-7575 CVE-2016-0466 CVE-2015-7417)?**](<http://www-01.ibm.com/support/docview.wss?uid=swg21978028>)\n \nDecember 15 2015\n\n * [**Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server used with IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement products (CVE-2015-4872)**](<http://www-01.ibm.com/support/docview.wss?uid=swg21972272>)\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n \nNovember 06 2015\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.**](<http://www-01.ibm.com/support/docview.wss?uid=swg21969875>)\n \nAugust 26th 2015\n\n * **Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.**\n \nJune 24th 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://emptoris.support.ibmcloud.com/ics/support/default.asp?deptID=31019&task=knowledge&questionID=21574&languageID=>)**\n \nApril 8th 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n?January 27th 2015\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n?January 20th 2015\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Services Procurement (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21694987>)**\nSeptember 17th 2014\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T16:15:01", "type": "ibm", "title": "Security Bulletins for Emptoris Services Procurement", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4872", "CVE-2015-7417", "CVE-2015-7450", "CVE-2015-7575", "CVE-2016-0466", "CVE-2016-3092", "CVE-2016-3427", "CVE-2016-8919", "CVE-2017-1121", "CVE-2017-1137", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501", "CVE-2017-1547"], "modified": "2018-12-08T16:15:01", "id": "7996A5B21090888A5E92985E9AA52C1DFFD5B468A73A1B32557A0A11DFBE0724", "href": "https://www.ibm.com/support/pages/node/783543", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:39", "description": "## Question\n\nSecurity Bulletins for Emptoris Sourcing\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Sourcing.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nIn our effort to serve you better we recommend that you subscribe to this article for notification of future Security Bulletins and advisories posted here. \n \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nMay 11th 2016\n\n * **[Security Bulletin: IBM Emptoris Sourcing is affected by open redirect vulnerability (CVE-2016-0329) ](<http://www.ibm.com/support/docview.wss?uid=swg21982629>)**\n\nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\n \nSeptember 23 2015\n\n * **[Security Bulletin: Information disclosure vulnerability reported in IBM Emptoris Sourcing (CVE-2015-5024)](<http://www-01.ibm.com/support/docview.wss?uid=swg21967255>)**\n\n \nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\n \nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\n \nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n\n?January 27 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\n?December 31 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n\n?September 17 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\nAugust 23 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Emptoris Sourcing Portfolio (CVE-2014-3033 CVE-2014-4790 CVE-2014-3040) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21680665>)**\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T15:10:02", "type": "ibm", "title": "Security Bulletins for Emptoris Sourcing", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3033", "CVE-2014-3040", "CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-4790", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-5024", "CVE-2015-7450", "CVE-2016-0329", "CVE-2016-3092", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T15:10:02", "id": "B0A606101370774E5FB3E4409A17D910B4B5997971AC7B7045727379D355B696", "href": "https://www.ibm.com/support/pages/node/783533", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:54", "description": "## Question\n\nSecurity Bulletins for Emptoris Supplier Lifecycle Management\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Supplier Lifecycle Management.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nIn our effort to serve you better we recommend that you subscribe to this article for notification of future Security Bulletins and advisories posted here. \n\n\nNovember 6th 2017\n\n * **_[Security Bulletin: IBM Emptoris Supplier Lifecycle Management is affected by a Cross Site Scripting vulnerability (CVE-2016-6118 CVE-2017-1098)?](<http://www.ibm.com/support/docview.wss?uid=swg22005824>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities addressed in the IBM Emptoris Supplier Lifecycle Management product (CVE-2016-8949 CVE-2017-1448 CVE-2016-6121)_**](<http://www.ibm.com/support/docview.wss?uid=swg22006854>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\n \nSeptember 18?2015\n\n * # [Security Bulletin: Cross-Site Scripting vulnerabilities affect IBM Emptoris Strategic Supply Management Platform Emptoris Program Management and Emptoris Supplier Lifecycle Management products (CVE-2015-4971 CVE-2015-4939)](<http://www-01.ibm.com/support/docview.wss?uid=swg21966754>)\n\nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\nJuly 8 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\nApril 8 2015\n\n * [IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)\n\nJanuary 27 2015\n\n * [IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)\n\n? September 17 2014\n\n * [IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<http://www-01.ibm.com/support/docview.wss?uid=swg21681277>) \n \n?\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYRC7\",\"label\":\"Emptoris Supplier Lifecycle Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T13:10:02", "type": "ibm", "title": "Security Bulletins for Emptoris Supplier Lifecycle Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-4939", "CVE-2015-4971", "CVE-2015-7450", "CVE-2016-3092", "CVE-2016-6118", "CVE-2016-6121", "CVE-2016-8949", "CVE-2017-1098", "CVE-2017-1448"], "modified": "2018-12-08T13:10:02", "id": "D5DD24C882DBB1D9A7CA1FF6A2B5E71A2110BD5524772EF5C4D134F94002AC84", "href": "https://www.ibm.com/support/pages/node/784303", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-30T21:39:49", "description": "## Question\n\nSecurity Bulletins for Emptoris Spend Analysis\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Spend Analysis.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions.\n\nIn our effort to serve you better we recommend that you subscribe to this article for notification of future Security Bulletins and advisories posted here.\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\nAugust 26 2015\n\n * [**Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.** ](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)\n \nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n\nApril 8 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)**\n\n?January 27 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\n? September 17 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\nAugust 23 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Emptoris Spend Analysis (CVE-2014-3061 CVE-2014-3035 CVE-2014-4790 CVE-2014-3040)](<http://www-01.ibm.com/support/docview.wss?uid=swg21681277>) ** \n?\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T15:10:02", "type": "ibm", "title": "Security Bulletins for Emptoris Spend Analysis", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3035", "CVE-2014-3040", "CVE-2014-3061", "CVE-2014-3566", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-4790", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-7450", "CVE-2016-3092", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T15:10:02", "id": "3FDC0101985ADD7D5774F255D78C573813EE11684088944BAF72283AB319514E", "href": "https://www.ibm.com/support/pages/node/783535", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:00:59", "description": "## Summary\n\nThe security bulletin includes multiple vulnerabilities found and addressed in IBM Emptoris Strategic Supply Management across various versions of the product.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6021_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6021>)** \nDESCRIPTION:** IBM Emptoris Strategic Supply Management Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116755_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116755>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n** ** \n**CVEID:** [_CVE-2016-6029_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6029>)** \nDESCRIPTION:** IBM Emptoris Strategic Supply Management Platform could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116881_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116881>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2017-1190_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1190>)** \nDESCRIPTION:** IBM Emptoris Strategic Supply Management Product could allow a local user with special access roles to execute arbitrary code on the system. By manipulating a configurable property, an attacker could exploit this vulnerability to gain full control over the system. \nCVSS Base Score: 6.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123559_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123559>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) \n\n\n## Affected Products and Versions\n\nIBM Emptoris Strategic Supply Management 10.0.0.x through 10.1.1.x\n\n## Remediation/Fixes\n\nThe remediation to this issue is to apply iFix or a fix pack as soon as practical. Please see below for the information on the fixes available. \n\n**Versions affected**\n\n| \n\n**Remediation iFix or fix pack** \n \n---|--- \n \n10.0.0.x\n\n| \n\n[10.0.0.3_iFix11](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/Other+software/Emptoris+Strategic+Supply+Management&release=10.0.0.3&platform=All&function=fixId&fixids=EMP_SSMP_10.0.0.3_iFix11&includeSupersedes=0&source=fc>) or Later \n \n10.0.1.x \n\n| \n\n[10.0.1.4_iFix8](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/Other+software/Emptoris+Strategic+Supply+Management&release=10.0.1.4&platform=All&function=fixId&fixids=EMP_SSMP_10.0.1.4_iFix8&includeSupersedes=0&source=fc>) or Later \n \n10.0.2.x \n\n| \n\n[10.0.2.15](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%20software&product=ibm/Other+software/Emptoris+Strategic+Supply+Management&release=10.0.2.0&platform=All&function=fixId&fixids=EMP_SSMP_10.0.2.15&includeSupersedes=0&source=fc>) or Later \n \n10.0.4.x\n\n| \n\n[10.0.4.0_iFix13](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EOther%20software&product=ibm/Other+software/Emptoris+Strategic+Supply+Management&release=10.0.4.0&platform=All&function=fixId&fixids=EMP_SSMP_10.0.4.0_iFix13&includeSupersedes=0&source=fc>) or Later \n \n10.1.0.x\n\n| \n\n[10.1.0.10](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Other%20software&product=ibm/Other+software/Emptoris+Strategic+Supply+Management&release=10.1.0.0&platform=All&function=fixId&fixids=EMP_SSMP_10.1.0.10&includeSupersedes=0&source=fc>) or Later \n \n10.1.1.x\n\n| \n\n[10.1.1.8](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Other%20software&product=ibm/Other+software/Emptoris+Strategic+Supply+Management&release=10.1.1.0&platform=All&function=fixId&fixids=EMP_SSMP_10.1.1.8&includeSupersedes=0&source=fc>) or Later \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n4 August 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Platform\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T20:11:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities addressed in IBM Emptoris Strategic Supply Management (CVE-2016-6021, CVE-2016-6029, CVE-2017-1190)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-6021", "CVE-2016-6029", "CVE-2017-1190"], "modified": "2018-06-16T20:11:02", "id": "7D1FF9AF4197ACD2DE094C701C639AB3A23C0D00385B605D461CC2415A391FD9", "href": "https://www.ibm.com/support/pages/node/565957", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:55:00", "description": "## Summary\n\nWebSphere MQ Telemetry is shipped as a component of WebSphere Remote Server. Information about a security vulnerability affecting WebSphere MQ Telemetry has been published in a security bulletin. \n\n## Vulnerability Details\n\nFor vulnerability details, see the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere MQ Telemetry 7.0.1 - CVE-2014-4263, CVE-2014-4244, CVE-2015-0410, CVE-2014-6593_**](<http://www.ibm.com/support/docview.wss?uid=swg21684073>)**.**\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:52", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere MQ Telemetry shipped with WebSphere Remote Server (CVE-2014-4263, CVE-2014-4244, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:02:52", "id": "6B1FE6B87F5632D0E3A2DF3894D6A87F2FF4EDBFA3CCDA8DACEEFCD473F77904", "href": "https://www.ibm.com/support/pages/node/260581", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Version 5, 6 and 7 that is used by Rational Service Tester. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational Service Tester versions 8.1.*, 8.2.*, 8.3.*, 8.5.* and 8.6.*.\n\n## Remediation/Fixes\n\nIt is recommended to upgrade to Rational Service Tester version 8.7. \n\n \n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nRST| 8.6 - 8.6.0.2| \n| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.5 - 8.5.1.3| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.3 - 8.3.x| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.2 -8.2.x| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \nRST| 8.1 - 8.1.x| None| Download Java 7 SR8 FP 10 from `[http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>)` \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T05:00:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T05:00:45", "id": "6E716AF00EBE1CCCB4A3A865B0D40DE0514995999C202F88A202AF7954B1EA51", "href": "https://www.ibm.com/support/pages/node/257555", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Version 5, 6 and 7 that is used by Rational Performance Tester. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n\n## Affected Products and Versions\n\nRational Performance Tester versions 8.1.*, 8.2.*, 8.3.*, 8.5.* and 8.6.*.\n\n## Remediation/Fixes\n\nIt is recommended to upgrade to Rational Performance Tester version 8.7. \n\n \n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nRPT| 8.6 - 8.6.0.2| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Performance+Tester&amp;release=8.0.0.0&amp;platform=All&amp;function=fixId&amp;fixids=Rational-RPT-JavaPatch-Java7SR8FP10&amp;includeSupersedes=0&amp;source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.5 - 8.5.1.3| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Performance+Tester&amp;release=8.0.0.0&amp;platform=All&amp;function=fixId&amp;fixids=Rational-RPT-JavaPatch-Java7SR8FP10&amp;includeSupersedes=0&amp;source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.3 - 8.3.x| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Performance+Tester&amp;release=8.0.0.0&amp;platform=All&amp;function=fixId&amp;fixids=Rational-RPT-JavaPatch-Java7SR8FP10&amp;includeSupersedes=0&amp;source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.2 -8.2.x| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Performance+Tester&amp;release=8.0.0.0&amp;platform=All&amp;function=fixId&amp;fixids=Rational-RPT-JavaPatch-Java7SR8FP10&amp;includeSupersedes=0&amp;source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \nRPT| 8.1 - 8.1.x| None| Download Java 7 SR8 FP10 from [_http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Performance+Tester&amp;release=8.0.0.0&amp;platform=All&amp;function=fixId&amp;fixids=Rational-RPT-JavaPatch-Java7SR8FP10&amp;includeSupersedes=0&amp;source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Performance+Tester&release=8.0.0.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR8FP10&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T05:00:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2014-3566, CVE-2014-6457, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T05:00:45", "id": "22C97F8D26389180B6CF8D80471CCD5C903A0EA0B696342FE2B33FFCFA423812", "href": "https://www.ibm.com/support/pages/node/257579", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-30T21:39:49", "description": "## Question\n\nSecurity Bulletins for Emptoris Contract Management\n\n## Answer\n\n**This article tracks all Security Bulletins for Emptoris Contract Management.**\n\nIBM's Product Security Incident Response Team (PSIRT) follows the NIST guidelines for determining the severity rating of the reported vulnerability - see \"[**NVD Vulnerability Severity Ratings**](<http://nvd.nist.gov/cvss.cfm>)\" for details.? Please use this information to take the appropriate actions. \n \nWe recommend that you subscribe to this article to receive notification of future Security Bulletins and advisories posted here. \n\n\nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM _**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_Emptoris_**](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)[**_[ Strategic Supply Management and IBM Emptoris Services Procurement products](<http://www.ibm.com/support/docview.wss?uid=swg22008401>)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Potential security vulnerability in selected fixpacks of WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1501)_**](<http://www.ibm.com/support/docview.wss?uid=swg22008410>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380 CVE-2017-1382)_**](<http://www.ibm.com/support/docview.wss?uid=swg22007774>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Open Source Apache Tomcat Vulnerabilities affect the IBM Emptoris Strategic Supply Management suite of products (CVE-2016-3092)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005604>)\n\n \nOctober 13th 2017\n\n * [**_Security Bulletin: Detailed error messages in IBM Emptoris Contract Management are vulnerable to attacks (CVE-2016-6018)_**](<http://www.ibm.com/support/docview.wss?uid=swg22005664>)\n\n \nMay 2nd 2016\n\n * **[Security Bulletin: Vulnerability in BeanShell affects IBM Emptoris Strategic Supply Management. (CVE-2016-2510)](<http://www.ibm.com/support/docview.wss?uid=swg21982152&myns=swgother&mynp=OCSSYRER&mynp=OCSSYQ89&mync=E&cm_sp=swgother-_-OCSSYRER-OCSSYQ89-_-E>)**\n\n \nFebruary?1st 2016\n\n * **_[Security Bulletin: Multiple vulnerabilities in IBM Emptoris Contract Management (CVE-2015-5050 CVE-2015-5042 CVE-2015-7398)](<http://www-01.ibm.com/support/docview.wss?uid=swg21973592>)_**\n\n \nDecember 1st 2015\n\n * **[Security Bulletin: Vulnerability in Apache Commons affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement. (CVE-2015-7450)](<http://www-01.ibm.com/support/docview.wss?uid=swg21971731>)**\n\nAugust 26 2015\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement.](<https://www-304.ibm.com/support/docview.wss?uid=swg21964808>)**\n\nJune 24 2015\n\n * **[Security Bulletin: Vulnerability reported in WebSphere Application Server management port affects IBM Emptoris Strategic Supply Management and IBM Emptoris Services Procurement (CVE-2015-1920)](<https://www-304.ibm.com/support/docview.wss?uid=swg21960518>)**\n \nApril 82015\n\n * **_IBM [Security?Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-6593 CVE-2015-0410)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)_**\n\n[J](<http://www-01.ibm.com/support/docview.wss?uid=swg21700707>)anuary 27 2015\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-3566 CVE-2014-6457)](<http://www-01.ibm.com/support/docview.wss?uid=swg21695096>)**\n\n? December 31 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities related to XML DoS attack IBM Emptoris Strategic Supply Management Suite products (CVE-2014-3529 CVE-2014-3574)](<http://www-01.ibm.com/support/docview.wss?uid=swg21693069>)**\n\n?November 13 2014\n\n * **[Security Bulletin: JBoss RestEasy vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3490)](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\n?September 17 2014\n\n * **[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Emptoris Strategic Supply Management IBM Emptoris Rivermine Telecom Expense Management and IBM Emptoris Services Procurement (CVE-2014-4263 CVE-2014-4244)](<http://www-01.ibm.com/support/docview.wss?uid=swg21684482>)**\n\n?August 23 2014\n\n * **[IBM Security Bulletin: Multiple vulnerabilities in IBM Emptoris Contract Management (CVE-2014-3041 CVE-2014-3034 CVE-2014-3040) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21680370>)**\n\n\" \n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-08T16:15:01", "type": "ibm", "title": "Security Bulletins for Emptoris Contract Management", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3034", "CVE-2014-3040", "CVE-2014-3041", "CVE-2014-3490", "CVE-2014-3529", "CVE-2014-3566", "CVE-2014-3574", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-1920", "CVE-2015-5042", "CVE-2015-5050", "CVE-2015-7398", "CVE-2015-7450", "CVE-2016-2510", "CVE-2016-3092", "CVE-2016-6018", "CVE-2017-1380", "CVE-2017-1382", "CVE-2017-1501"], "modified": "2018-12-08T16:15:01", "id": "41A2B080355DFAE7EADFECB4D5D6C7105784D83B969140D731128E3E9EDA0757", "href": "https://www.ibm.com/support/pages/node/783529", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-28T22:13:56", "description": "## Summary\n\nThe IBM Emptoris Strategic Supply Management Suite and IBM Emptoris Services Procurement products are affected by multiple security vulnerabilities that exist in IBM SDK Java Technology Edition and IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \"SLOTH\" that affects IBM WebSphere Application Server. These may affect some configurations of IBM WebSphere Application Server Full Profile. \n\n## Vulnerability Details\n\n \nThis bulletin covers all applicable Java SE CVE's published by Oracle as part of their January 2016 Critical Patch Update which affects IBM SDK, Java Technology Edition. There are other advisories included in the IBM Java SDK and IBM WebSphere Application Server bulletins, but IBM Emptoris products are not vulnerable to them. In addition, this bulletin also covers the cross-site scripting vulnerability that affects IBM WebSphere Application Server OAuth provider output consumed by some IBM Emptoris products. \n \n**CVEID:** [_CVE-2015-7575_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly known as \"SLOTH\". \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n \n**CVEID:** [_CVE-2016-0466_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-7417_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7417>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107575_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107575>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM Emptoris Contract Management 9.5 through 10.1 \nIBM Emptoris Program Management 10.0.0 through 10.1 \nIBM Emptoris Sourcing 10.0.0 through 10.1 \nIBM Emptoris Spend Analysis 10.0.0 through 10.1 \nIBM Emptoris Supplier Lifecycle Management 9.5 through 10.1 \nIBM Emptoris Strategic Supply Management 10.0.0 through 10.1 \nIBM Emptoris Services Procurement 10.0.0\n\n## Remediation/Fixes\n\nInterim fixes have been issued for the IBM WebSphere Application Server (WAS) which will apply the needed fixes on WebSphere and also upgrade the IBM Java Development Kit to a version which is not susceptible to these vulnerabilities. Customers running any of the IBM Emptoris products listed above should apply the interim fix to all IBM WebSphere Application Server installations that are used to run IBM Emptoris applications. See [Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2016 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21975424>) and [Cross-site scripting vulnerability in IBM WebSphere Application Server for OAuth consumers](<http://www-01.ibm.com/support/docview.wss?uid=swg21974520>) for more details on upgrade versions. \n \n \n**_Step 1:_** \n \nSelect the appropriate WebSphere Application Server fix based on the version being used for IBM Emptoris product version. The following table lists the IBM Emptoris application versions along with the corresponding required version of IBM WebSphere Application Server and a link to the corresponding fix version where further installation instructions are provided. \n \n \n\n\nIBM Emptoris Product Version| IBM WebSphere Version| Interim Fix \n---|---|--- \nIBM Emptoris Suite 9.5.x.x| 8.0.0.x| 1\\. Apply [_PI49272_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>) to fix OAuth Cross Site Scripting in WebSphere \n \n2\\. Upgrade to WebSphere Application Server Fix Pack 8.0.0.7 or later then apply the interim fix below: Apply Interim Fix [_PI55780_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041659>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041264>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040409>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040159>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039956>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038812>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037708>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24036967>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036505>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035398>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034998>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034447>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 [](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>)Fix Pack 20 \nIBM Emptoris Suite 10.0.0.x, \n10.0.1.x| 8.5.0.x| 1\\. Apply [_PI49272_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>) to fix OAuth Cross Site Scripting in WebSphere \n \n2\\. Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [_PI55778_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041658>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041271>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040396>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040154>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039957>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039651>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039294>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038811>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24038091>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036965>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036506>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035399>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034999>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034798>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034589>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 20 \nIBM Emptoris Suite 10.0.2.x , \n10.0.3.x| 8.5.5.x| 1\\. Apply [_PI49272_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>) to fix OAuth Cross Site Scripting in WebSphere \n \n2\\. Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.2 or later then apply Interim Fix [_PI55775_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041671>):[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041668>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041194>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040407>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040157>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039961>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039687>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039311>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038809>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038165>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034592>) Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 30[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) \nIBM Emptoris Suite 10.0.4, \n10.1| 8.5.5.x| 1\\. Apply [_PI49272_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>) to fix OAuth Cross Site Scripting in WebSphere \n \n2\\. [Apply_ PI55775_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041671>) . Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 30[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) \nIBM Emptoris Services Procurement 10.0.0.x, | 8.5.0.x| Upgrade to WebSphere Application Server Full Profile Fix Pack 8.5.5.1 or later then apply Interim Fix [_PI55778_](<http://www-01.ibm.com/support/docview.wss?uid=swg24041658>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041271>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040396>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24040154>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039957>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039651>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24039294>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24038811>): [](<http://www-01.ibm.com/support/docview.wss?uid=swg24038091>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036966>)[](<http://www.ibm.com/support/docview.wss?uid=swg24036508>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035400>)[](<http://www.ibm.com/support/docview.wss?uid=swg24035008>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034806>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036965>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036506>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035399>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034999>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034798>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034589>)Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 20 \n \n \n**_Step 2:_**\n\nAfter you have applied the correct Interim Fix as noted in the above table for your version of the IBM Emptoris Product, you will also need to manually update your WASHOME/java/jre/lib/security/java.security file to add MD5 and MD5withRSA as noted below: \n\njdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt;768, **MD5withRSA**\n\njdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt;1024, **MD5**\n\n**\\--OR--**\n\nYou can choose to apply Interim Fix PI54960 to the WebSphere Application Server Full Profile. This interim fix will programatically update those values for you during the SSL initialization. [_Link to Interim Fix PI54960_](<http://www-01.ibm.com/support/docview.wss?uid=swg21975698>)\n\n## Workarounds and Mitigations\n\nFor CVE-2015-7575: \n\nUsers of Java 7 and later can address the issue by updating the WASHOME/java/jre/lib/security/java.security file as follows (**both steps are required**): \n\n\u00b7 Add MD5 to the jdk.certpath.disabledAlgorithms property - e.g. jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n\n\u00b7 Add MD5withRSA to the jdk.tls.disabledAlgorithms property - e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n\nJava 6 requires code changes in the JSSE component in addition to the java.security file modifications, so upgrading the JDK is the only solution.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server January 2016 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21975424>)\n\n[Multiple vulnerabilities in current releases of the IBM\u00ae SDK, Java\u2122 Technology Edition](<http://www-01.ibm.com/support/docview.wss?uid=swg21974193>)\n\n[Cross-site scripting vulnerability in IBM WebSphere Application Server ](<http://www-01.ibm.com/support/docview.wss?uid=swg21974520>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n07 Mar 2016 - - Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Platform\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRC7\",\"label\":\"Emptoris Supplier Lifecycle Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T19:59:30", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM WebSphere Application Server affect IBM Emptoris Strategic Supply Management, and IBM Emptoris Services Procurement (CVE-2015-7575, CVE-2016-0466, CVE-2015-7417)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7417", "CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T19:59:30", "id": "2380AC5446A837687B94C80B43FDB2DEB52843ED074547C82BEAA12261E29C16", "href": "https://www.ibm.com/support/pages/node/543657", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:27", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM&amp;reg; SDK Java&amp;trade; Technology Edition, Version 7.0 that is used by IBM Fabric Manager. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0 that is used by IBM Fabric Manager. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\nThis bulletin also addresses the \"FREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n**Vulnerability Details:**\n\n**CVE-ID:** [CVE-2015-0138](<https://vulners.com/cve/CVE-2015-0138>)\n\n**Description:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.\n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100691> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\n**Description:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100153> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has no partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6558](<https://vulners.com/cve/CVE-2014-6558>)\n\n**Description:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n## Affected products and versions\n\n * IBM Fabric Manager 4.1.00.24 and earlier versions.\n\n## Remediation/Fixes:\n\nIBM recommends updating to version [ 4.1.02.0031](<http://www-933.ibm.com/support/fixcentral/systemx/selectFixes?parent=x222+Compute+Node&product=ibm/systemx/7916&&platform=All&function=fixId&fixids=ibm_sw_ifm-4.1.02.0031_linux_32-64&includeSupersedes=0>) or later. Firmware updates are available through IBM Fix Central - <http://www.ibm.com/support/fixcentral/> . \n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workarounds and Mitigations:\n\nTo avoid CVE-2014-3566 (POODLE), SSL 3.0 can be disabled by using the IFM \"TLS 1.2 only\" setting. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Fabric Manager (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593, CVE-2014-3566, CVE-2014-6457, CVE-2014-6558)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6558", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2019-01-31T01:55:01", "id": "9B73D553C5721DEF146CFAFEC1F0FF71EB7E3943ED00FB587A9862A47029FA57", "href": "https://www.ibm.com/support/pages/node/866792", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM&amp;reg; SDK Java&amp;trade; Technology Edition, Version 7 that is used by IBM System Networking Switch Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability(CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 that is used by IBM System Networking Switch Center. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:P)\n\n**CVE-ID:** [CVE-2014-6512](<https://vulners.com/cve/CVE-2014-6512>)\n\n**Description:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97147> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100153> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\n**Description:** Unspecified vulnerability in the Java allows remote attackers to affect availability via unknown vectors related to Security. It can be exploited by supplying data to APIs such as a web service.\n\nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected products and versions\n\nAll versions of IBM System Networking Switch Center prior to and including 7.1.3.1\n\n## Remediation/Fixes\n\nIt is recommended to upgrade the affected versions of IBM System Networking Switch Center to version 7.3.1.2. However, upgrading an affected version to the version listed below is acceptable if upgrading to 7.3.1.2 is not possible:\n\n 1. 7.1.3.x to 7.1.3.3\n 2. 7.2.1.x to 7.2.1.12\n\nThe install packages for these releases can be found on IBM's Passport Advantage website: <http://www-01.ibm.com/software/passportadvantage/>\n\nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM System Networking Switch Center (CVE-2014-3566, CVE-2014-6512, CVE-2014-6457 CVE-2015-0410, CVE-2015-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6593", "CVE-2015-0410", "CVE-2015-6593"], "modified": "2019-01-31T01:55:01", "id": "11596B3AE485614191981CD105B5C3198DDE5220B476FCE39692616915A9A04B", "href": "https://www.ibm.com/support/pages/node/866990", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:41:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 6, and 7 that are used by Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in July and October 2014 and are included in the October update.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n \n \n\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:**** **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n\n \n\n\n**CVE-ID: **[_CVE-2014-3065_](<https://vulners.com/cve/CVE-2014-3065>)\n\n**Description:**** **IBM Java SDK contains a vulnerability in which the default configuration for the shared classes feature potentially allows arbitrary code to be injected into the shared classes cache, which may subsequently be executed by other local users.\n\n**CVSS Base Score:** 6 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93629> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:C/I:C/A:C)\n\n \n \n\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Product Name**\n\n| **Versions Affected** \n---|--- \nRational Developer for Power Systems Software| 7.6, 7.6.0.1, 7.6.0.2, 8.0, 8.0.0.1, 8.0.0.2, 8.0.0.3, 8.0.3, 8.0.3.1, 8.5, 8.5.1 \nRational Developer for i| 9.0, 9.0.0.1, 9.0.1, 9.1 \nRational Developer for AIX and Linux, AIX COBOL Edition| 9.0, 9.0.0.1, 9.0.1, 9.1 \nRational Developer for AIX and Linux, C/C++ Edition| 9.0, 9.0.0.1, 9.0.1, 9.1 \n \n## Remediation/Fixes\n\nUpdate the Java Development Kit of the product to address this vulnerability: \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Developer for Power Systems Software| 7.6 through 8.5.1| \n\n * For all versions, apply [IBM Java Quarterly Critical Patch Update - October 2014 - RD Power](<http://www.ibm.com/support/docview.wss?uid=swg24038954>) \nRational Developer for i| 9.0 through to 9.1| \n\n * For all versions, update the currently installed product using Installation Manager. ** **For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.1.0/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * Or, you can optionally download the update manually and apply [IBM Java Quarterly Critical Patch Update - October 2014 - RDi](<http://www.ibm.com/support/docview.wss?uid=swg24038952>) \nRational Developer for AIX and Linux| 9.0 through to 9.1| \n\n * For all client versions, update the currently installed product using Installation Manager. For instructions on installing this update using Installation Manager, review the topic [_Updating Installed Product Packages_](<http://www.ibm.com/support/knowledgecenter/SSPSQF_9.1.0/com.ibm.etools.install.rdal.doc/topics/t_upgrading.html>) in the IBM Knowledge Center. \n * For server updates or to manually download and apply the client updates see [IBM Java Quarterly Critical Patch Update - October 2014 - RDAL](<http://www.ibm.com/support/docview.wss?uid=swg24038953>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i, Rational Developer for AIX and Linux, Rational Developer for Power Systems Software (CVE-2014-4263, CVE-2014-3566, CVE-2014-3065, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3065", "CVE-2014-3566", "CVE-2014-4263", "CVE-2014-6457"], "modified": "2018-08-03T04:23:43", "id": "B6EAD05385EED895F3061A046F58BA672C8248DB63A938B6C09DD2DBF9FBEB48", "href": "https://www.ibm.com/support/pages/node/521071", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:38:17", "description": "## Summary\n\nA possible security vulnerability has been reported in the JSSE component of IBM Java shipped with Rational Synergy.\n\n## Vulnerability Details\n\n**CVE-ID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)\n\n**Description:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \n\n**CVSS Base Score:** 2.4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93756> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:**** **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n**CVSS Base Score**: 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector**: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nThis vulnerability impacts the following Rational Synergy releases: \n\n * Rational Synergy release 7.2.1.3 or earlier.\n * Rational Synergy release 7.2.0.6.002 or earlier.\n * Rational Synergy release 7.1.0.7.005 or earlier.\n\n## Remediation/Fixes\n\nReplace the JRE used in Rational Synergy. \n \n**Steps to download and replace JRE in Rational Synergy 7.1.0.7.005, 7.2.0.6.002 and 7.2.1.3:** \n\n\n 1. Open the list of [_Synergy downloads on Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Synergy&release=All&platform=All&function=all&source=fc>)[](<http://www.ibm.com/support/fixcentral>) \n \n\n 2. Select the SDK and Readme for Rational Synergy which applied to your release as follows: \n \n**Note:** The fix will use the following naming convention: \n**_&lt;V.R.M.F&gt;_**_-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-_**_&lt;platform&gt;_**** \n \n**Where **&lt;V.R.M.F&gt; = release **&amp; **&lt;platform&gt; = operating system**\n * Rational Synergy 7.2.1 (uses 7.2.1.3 release designation) \n \nExample: **7.2.1.3-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-Linux \n \n**\n * Rational Synergy 7.2.0 (uses 7.2.0.6 release designation) \n \nExample: **7.2.0.6-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-Windows \n \n**\n * Rational Synergy 7.1 (uses 7.1.0.7 release designation) \n \nExample: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-AIX \n**Example: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.2-Solaris** \n \n\n* Follow the steps in the [_Install instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27042896>) to replace the JRE. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-12-22T18:05:37", "type": "ibm", "title": "Security Bulletin: Rational Synergy vulnerability (CVE-2014-4263, CVE-2014-3068,CVE-2014-3566,CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-3566", "CVE-2014-4263", "CVE-2014-6457"], "modified": "2020-12-22T18:05:37", "id": "ED1637B2624D26362BDB52FFE4446CD922E21738E4C506EA23FFF9A92362A011", "href": "https://www.ibm.com/support/pages/node/522151", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:00:56", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK for Java\u2122 Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM SDK for Java\u2122 Technology Edition updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n * IBM WebSphere Business Services Fabric Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n * IBM WebSphere Business Services Fabric for z/OS Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Business Services Fabric version as described in the [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21695362>) document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-19T23:26:06", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Business Services Fabric", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-08-19T23:26:06", "id": "C05450FFDB392481643414F88F9150BF56385662E006B27CB5BA3386DA5295BC", "href": "https://www.ibm.com/support/pages/node/527313", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T05:58:18", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK for Java\u2122 Technology Edition that is used by WebSphere Process Server. These issues were disclosed as part of the IBM SDK for JavaTechnology Edition updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nWebSphere Process Server 6.1.x, 6.2.x, 7.0.x \n\nIf you are using an unsupported version, IBM strongly recommends to upgrade.\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Process Server version as described in the [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU](<http://www.ibm.com/support/docview.wss?uid=swg21695362>) document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-09-15T18:54:57", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Process Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-09-15T18:54:57", "id": "BF245510DD3456E6B91B4CAC1041A675D62C74E268B2C0039096D2A32DE43FDE", "href": "https://www.ibm.com/support/pages/node/527315", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-09-25T10:35:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.1 that is used by Bluemix Workflow. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThis vulnerability affected IBM Workflow for Bluemix.\n\n## Remediation/Fixes\n\nThe production system has been upgraded. A user action is not required.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2023-03-06T14:45:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Bluemix Workflow", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2023-03-06T14:45:22", "id": "28A87AA21A3A63B76EB06532DDE145D08BAEA75DA55EB8D6ED802A5FCD8BF7CC", "href": "https://www.ibm.com/support/pages/node/258547", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:58:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Service Registry and Repository. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014. \n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them. \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n** \nCVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository 6.3, 7.0, 7.5, 8.0, 8.5 \n\nWebSphere Service Registry and Repository Studio 8.5\n\n## Remediation/Fixes\n\nTo fix the WebSphere Service Registry and Repository server, please apply the fix indicated in the WebSphere Application Server bulletin at [http://www.ibm.com/support/docview.wss?uid=swg21687740](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>)\n\nIf you wish to also apply a fix to WebSphere Service Registry and Repository Studio, please either contact IBM support for a fix, or replace Studio's bundled JRE with the updated JRE version 6 SR16-FP2. The fixed JRE can be downloaded from <https://www.ibm.com/developerworks/java/jdk/>.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:16", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Service Registry and Repository October 2014 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-15T07:02:16", "id": "B33BA093E26C24718FB2E47578193B258F94FDECDEE8A133C5A2091D423CBD1E", "href": "https://www.ibm.com/support/pages/node/521529", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:50:43", "description": "## Summary\n\nWebsphere Application Server is shipped as a component of IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO). Information about security vulnerabilities affecting Websphere Application Server has been published in security bulletins. \n\n## Vulnerability Details\n\nConsult the following security bulletins for vulnerability details and information about fixes. \n[Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n[Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997743>)\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version \n---|--- \nISAM ESSO 8.2, 8.2.1, 8.2.2| Websphere Application Server 7.0, 8.5.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:58:50", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities have been fixed in Websphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On (CVE-2016-8919, CVE-2017-1121)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-16T21:58:50", "id": "61D420CBF525B0B0F7B6F0B31E19E818B9B55694EB5923E5A2AA5F80361EF5B8", "href": "https://www.ibm.com/support/pages/node/558409", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:42:10", "description": "## Summary\n\nMultiple security vulnerabilities exist in IBM SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server Community 3.0.0.4.\n\n## Vulnerability Details\n\n**CVE-ID:** C[VE-2015-0383](<https://vulners.com/cve/CVE-2015-0383>)\n\n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.\n\n \n**CVSS Base Score:** 5.4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:L/AC:M/Au:N/C:N/I:P/A:C) \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \n**CVSS Base Score:** 5 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nWebSphere Application Server Community Edition 3.0.0.4\n\n## Workarounds and Mitigations\n\nUpgrade your IBM SDK for Java to an interim fix level as determined below: \nIBM SDK 6.0: \nIBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases \nIBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 and subsequent releases \n \nIBM SDK 7.0: \nIBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases \nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-25T05:54:54", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere Application Server Community Edition 3.0.0.4 related to Java Technology Edition Quarterly CPU - January 2015(CVE-2015-0383,CVE-2014-3566,CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2018-06-25T05:54:54", "id": "1F070315F8215C347FAB32FCD311C9E9E15B46919249CA009FC9A6BFC1ABC51F", "href": "https://www.ibm.com/support/pages/node/260945", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-02-21T05:49:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Rational Directory Server. These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n\n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**Product**\n\n| **Version** \n---|--- \nRational Directory Server (Tivoli) | 5.2 - 5.2.1_iFix004 \nRational Directory Server (Apache)| 5.1.1 - 5.1.1.2_iFix005 \nRational Directory Administrator| 6.0 - 6.0.0.1_iFix01 \n \n## Remediation/Fixes\n\n \n\n\n**Product**| **Download link** \n---|--- \nIBM Rational Directory Server 5.2 (Tivoli) and above| [_RDS 5.2.1 iFix005_](<http://www.ibm.com/support/docview.wss?uid=swg24039391>) \nIBM Rational Directory Server 5.1.1 (Apache) and above| [_RDS 5.1.1.2 iFix006_](<http://www.ibm.com/support/docview.wss?uid=swg24039390>) \nIBM Rational Directory Administrator 6.0 and above| [_RDA 6.0.0.2_](<http://www.ibm.com/support/docview.wss?uid=swg24039389>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:59:51", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects Rational Directory Server (CVE-2014-6457, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6457", "CVE-2014-6593"], "modified": "2018-06-17T04:59:51", "id": "15E5B71ACD8F825980E0777DD552514D667555BF1B6B940E499C389766649F84", "href": "https://www.ibm.com/support/pages/node/526623", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM Image Construction and Composition Tool. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Image Construction and Composition Tool v2.2.1.3 \nIBM Image Construction and Composition Tool v2.3.1.0 \nIBM Image Construction and Composition Tool v2.3.2.0 \n\n## Remediation/Fixes\n\nThe solution is to apply the following IBM Image Construction and Composition Tool version fixes. \n \nUpgrade the IBM Image Construction and Composition Tool to the following fix levels: \n\n * For IBM Image Construction and Composition Tool v2.2.1.3\n * IBM Image Construction and Composition Tool v2.2.1.3 Build 28\n \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=1.1.0.5&amp;platform=All&amp;function=fixId&amp;fixids=ICCT_efix_Repository_2.2.1.3-28&amp;includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=1.1.0.5&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.2.1.3-28&includeSupersedes=0>)\n * For IBM Image Construction and Composition Tool v2.3.1.0\n * IBM Image Construction and Composition Tool v2.3.1.0 Build 38\n \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=2.0.0.1&amp;platform=All&amp;function=fixId&amp;fixids=ICCT_efix_Repository_2.3.1.0-38&amp;includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.0.0.1&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.1.0-38&includeSupersedes=0>)\n * For IBM Image Construction and Composition Tool v2.3.2.0\n * IBM Image Construction and Composition Tool v2.3.2.0 Build 12\n \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=2.1.0.0&amp;platform=All&amp;function=fixId&amp;fixids=ICCT_efix_Repository_2.3.2.0-12&amp;includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=2.1.0.0&platform=All&function=fixId&fixids=ICCT_efix_Repository_2.3.2.0-12&includeSupersedes=0>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:24", "id": "055125DDCC24FED6338E6230B841A6E09BEF122BD1DAAD92C212B50D47EC635A", "href": "https://www.ibm.com/support/pages/node/532531", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-07-30T09:49:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.6.0 that is used by FlashSystem 840. These issues were disclosed as part of the IBM Java SDK updates in January 2015\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**IBM FlashSystem 840:** \nMachine Type 9840, model -AE1 (all supported releases) \nMachine Type 9843, model -AE1 (all supported releases) \n \n**IBM FlashSystem V840:** \nMachine Type 9846, model -AE1 (all supported releases) \nMachine Type 9848, model -AE1 (all supported releases) \n\nCode level 1.1.3.6 and earlier are affected. \n\n## Remediation/Fixes\n\nYou should verify applying this fix does not cause any compatibility issues. \n \n\n\n_&lt;Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**840 MTMs: ** \n9840-AE1 &amp; \n9843-AE1 \n \n**V840 MTMs:** 9846-AE1 &amp; \n9848-AE1| _A code fix is now available, the VRMF of this code level is 1.1.3.7 (or later)_| _ __N/A_| _No work arounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AE1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AC0) in the customer's V840. \n \n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>) \n\n\n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2023-02-18T01:45:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2023-02-18T01:45:50", "id": "AECB9FD70A6404FA7005BB0B63AEA0C202F897DEC1684BD883D622BFC19210DD", "href": "https://www.ibm.com/support/pages/node/690391", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-09-25T10:32:29", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**DESCRIPTION:** A flaw in the TLS implementation allows a man-in-the-middle attacker to force the connection into plaintext. The TLS implementation provides communications security by encrypting the data while being transferred over a computer network. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) [](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100153>)[](<http://xforce.iss.net/xforce/xfdb/100153>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \n \nAll products are affected when running code releases 1.1 to 7.4.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code level or higher: \n \n7.3.0.10 \n7.4.0.3 \n \n[_Latest SAN Volume Controller Code_](<http://www-01.ibm.com/support/docview.wss?rs=591&uid=ssg1S1001707>) \n[_Latest Storwize V7000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003705>) \n[_Latest Storwize V5000 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004336>) \n[_Latest Storwize V3700 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004172>) \n[_Latest Storwize V3500 Code_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004171>)\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2023-03-29T01:48:02", "id": "B892E6DDD2043AD25A84B33AE4FC3F18A7E39D06BB44F4BED23DE68891B4CDF8", "href": "https://www.ibm.com/support/pages/node/690429", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:54:55", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos TM1 10.1.1.2 \nIBM Cognos TM1 10.2.0.2 \nIBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \nIBM Cognos TM1 10.1.1.2 Interim Fix 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038887> \n \nIBM Cognos TM1 10.2.0.2 Interim Fix 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038927> \n \nIBM Cognos TM1 10.2.2 Fix Pack 2 \n<http://www-01.ibm.com/support/docview.wss?uid=swg24038876> \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T22:34:28", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T22:34:28", "id": "1C25B8D7E5F259D9791EB4AC60A74AF9C437CD71730127C99E8EA01ECB4D9D1C", "href": "https://www.ibm.com/support/pages/node/522395", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:52:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Identity Insight. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIdentity Insight 8.0 and 8.1\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Identity Insight_| _8.0.0_ \n_8.1.0_| \n| _From the WebSphere_[__ Security Bulletin__](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>)__. __ \n \n_Apply Interim Fix _[_PI20799_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038094>)_: Will upgrade you to IBM Java SDK Version 6 Service Refresh 16 Fix Pack 1 _ \n\n\n**\\--OR--**\n\nApply IBM Java SDK shipped with WebSphere Application Server Fix pack 35 (7.0.0.35) or later (targeted to be available 13 October 2014). \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {}, "published": "2018-06-16T13:07:03", "type": "ibm", "title": "Security Bulletin: : Multiple vulnerabilities in IBM Java SDK affect Identity Insight 8.0 and 8.1 (CVE-2014-4263) and (CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-16T13:07:03", "id": "8D3804B575A7E87C1484204810222309FE33191C0BBD4CD0124D794927D44623", "href": "https://www.ibm.com/support/pages/node/248525", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:48:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 5 and 6 that are used by IBM CommonStore for Lotus Domino and IBM Content Collector. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM CommonStore for Lotus Domino 8.4 \nIBM Content Collector 2.1 - 4.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM CommonStore for Lotus Domino| 8.4.0.0| Contact IBM Software Support for further assistance \nIBM Content Collector | 2.1.0.0 - 2.1.1.4| Contact IBM Software Support for further assistance \nIBM Content Collector| 2.2.0.0 - 2.2.0.5| Apply Fix Pack 2.2.0.6-ICC-FP006 and Interim Fix 2.2.0.5-IBM-ICC-NotesClient-IF001, available from Fix Central \nIBM Content Collector| 3.0.0.0 - 3.0.0.5| Apply Fix Pack 3.0.0.6-ICC-FP006 and Interim Fix 3.0.0.5-IBM-ICC-NotesClient-IF001, available from Fix Central \nIBM Content Collector | 4.0.0.0 - 4.0.0.2| Apply Fix Pack 4.0.0.3-ICC-FP003, available from Fix Central \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:09:39", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM CommonStore and IBM Content Collector (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T12:09:39", "id": "0B19E913072BACF99DAC664F1DE39DA349C72875FB366603AD24C5FD1330FADE", "href": "https://www.ibm.com/support/pages/node/521685", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:41:03", "description": "## Summary\n\nFlaws in the IBM Java runtime Secure Sockets implementation may expose ClearQuest Web and EmailRelay communications to an attacker.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n \n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * * Rational ClearQuest Web greater than and inclusive of ClearQuest v7.1\n * ClearQuest EmailRelay, versions 8.0.0.3 - 8.0.0.12 and 8.0.1 - 8.0.1.5.\n \nNote: ClearQuest EmailRelay was introduced in ClearQuest 8.0.0.3. \n\n## Remediation/Fixes\n\nFor EmailRelay, apply a fix pack appropriate for your release of ClearQuest. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearQuest Fix Pack 6 (8.0.1.6)](<http://www.ibm.com/support/docview.wss?uid=swg24038912>) \n \n8.0.0.x\n\n| Install [Rational ClearQuest Fix Pack 13 (8.0.0.13)](<http://www.ibm.com/support/docview.wss?uid=swg24038915>) \n \nFor ClearQuest Web: \n \nClearQuest 7.1.x releases ship with, install and configure WAS version 6.1.0.25. Review technote[ 1390803:](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) [How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1](<http://www.ibm.com/support/docview.wss?uid=swg21390803>)\n\nClearQuest 8.x releases have separated the WAS installation from the ClearQuest installation. \n\nDirectly follow WebSphere Application Server instructions for updating your version of WAS.\n\n**Note:** Determine the version of WAS that your deployment is using and follow the instructions at\n\n \n[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>) to update your version of the JRE supplied by WAS. This applies for all versions of ClearQuest Web Server greater than and inclusive of v7.1. \n\n## Workarounds and Mitigations\n\nDisable any ratlperl or cqperl scripts and hooks that use SSL until you apply the fixes listed above.\n\n## ", "cvss3": {}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-09-29T18:04:03", "id": "CC51D6515952A450E445A6BC543BDA719FEB4C186C2E51CBF7CA2BDD875651A9", "href": "https://www.ibm.com/support/pages/node/521283", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:47:23", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 5, 6, and 7 that are used by Tivoli Netcool OMNIbus. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.3.0 \nTivoli Netcool/OMNIbus 7.3.1 \nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_OMNIbus_| _7.3.0.14_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24036692> \n_OMNIbus _| _7.3.1.10_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24036685> \n_OMNIbus_| _7.4.0.5_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24036689> \n_OMNIbus _| _8.1.0.1_| _IV63169_| <http://www-01.ibm.com/support/docview.wss?uid=swg24037996> \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T14:49:34", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool OMNIbus (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T14:49:34", "id": "A15555C24F7D69B2946A7F9E355B25433D1485E935599D986226BA15E905FF8E", "href": "https://www.ibm.com/support/pages/node/251545", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-13T09:36:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7, IBM SDK Java Technology Edition, Version 6, and IBM SDK Java 2 Technology Edition, Version 5 that are used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in October 2014 and January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-6512_](<https://vulners.com/cve/CVE-2014-6512>) \n**DESCRIPTION:** An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97147_](<http://xforce.iss.net/xforce/xfdb/97147>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97148_](<http://xforce.iss.net/xforce/xfdb/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2014-6558_](<https://vulners.com/cve/CVE-2014-6558>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 2.6 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97151_](<http://xforce.iss.net/xforce/xfdb/97151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)** \n** \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/97013_](<http://xforce.iss.net/xforce/xfdb/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-V06, 3957-V07, 3957-VEA, 3957-VEB) prior to release R2.1 are affected. In addition, microcode versions of releases R2.1, R3.0, R3.1 and R3.2 prior to and including the following are also affected: \n\n**Release**\n\n| **Version** \n---|--- \nR3.2| 8.32.0.88 \nR3.1| 8.31.0.92 \nR3.0| 8.30.3.4 \nR2.1| 8.21.0.178 \n \n## Remediation/Fixes\n\nContact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode level followed by the installation of vtd_exec.202, vtd_exec.213, vtd_exec.214 and vtd_exec.215 as needed. Minimum microcode levels are shown below: \n\n**Release**\n\n| **Fix** \n---|--- \nR3.2| 8.32.0.88 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \n**\\- OR -** \n8.32.1.8 + vtd_exec.202 \nR3.1| 8.31.0.92 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \nR3.0| 8.30.3.4 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 \nR2.1| 8.21.0.178 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \nOlder Releases| 8.21.0.178 + vtd_exec.202 + vtd_exec.213 + vtd_exec.214 + vtd_exec.215 \n \nPlease note that vtd_exec packages carry their own internal version numbers. For the vulnerabilities reported in this Security Bulletin, the minimum required vtd_exec versions are as follows: **Package**| **Version** \n---|--- \nvtd_exec.202| 1.5 \nvtd_exec.213| 1.03 \nvtd_exec.214| 1.03 \nvtd_exec.215| 1.03 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-18T00:09:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - October 2014 & January 2015", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6512", "CVE-2014-6558", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-18T00:09:23", "id": "B34877D991F21B254E16D92D7328B03658AA2122E7631AA85688801D398E5BAF", "href": "https://www.ibm.com/support/pages/node/690373", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:12", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\uff6e Runtime Environments JavaTechnology Edition, Version 5, 6 and 7 that is used by IBM Data Studio Web Console (DSWC). These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\n**CVE-ID: **[CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n** ** \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVE ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Data Studio Web Console versions 3.1, 3.1.1, 3.2, 4.1 and 4.1.1**.**\n\n## Remediation/Fixes\n\nThe fix for this vulnerability requires the upgrade of the IBM Java Runtime that is installed with DSWC. Install one of the following IBM Java Runtime versions: \n\n\n * IBM Java Runtime, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 9 and subsequent releases\n * IBM Java Runtime, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases \n * IBM Java Runtime, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 and subsequent releases\n * IBM Java Runtime, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases\n * IBM Java Runtime, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases\n \nDetailed instructions are provided in the tech-note \"[Updating the IBM Runtime Environment, Java Technology Edition for IBM Data Studio web console](<http://www.ibm.com/support/docview.wss?&uid=swg21684744>)[](<http://www.ibm.com/support/docview.wss?&uid=swg21684744>)\". \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:10:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-16T13:10:05", "id": "4B780DD01351913C8F55A02550FDBC93B18C0845DB6F8786276597FEF7A05199", "href": "https://www.ibm.com/support/pages/node/257169", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:48", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 (Service Refresh 16-FP2 and earlier) and 7 (Service Refresh 8 and earlier), that is used by IBM TM1. These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * * IBM Cognos TM1 10.2.2\n * IBM Cognos TM1 10.2\n * IBM Cognos TM1 10.1.1\n\n## Remediation/Fixes\n\nDownload fixes at the following location: \n\nTM1 9.5.2.3 Interim Fix 7 _<http://www-01.ibm.com/support/docview.wss?uid=swg24039812>_ \nTM1 10.2.0.2 Interim Fix 4: _<http://www-01.ibm.com/support/docview.wss?uid=swg24039814>_ \nTM1 10.1.1.2 Interim Fix 4: _<http://www-01.ibm.com/support/docview.wss?uid=swg24039813>_\n\n \nTM1 10.2.2 FP3: [_http://www.ibm.com/support/docview.wss?uid=swg24039764_](<http://www.ibm.com/support/docview.wss?uid=swg24039764>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T22:36:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T22:36:55", "id": "F4181AD0980C5242583BA857E8250D1937A0FB0CB5F088B327E941B2375EF935", "href": "https://www.ibm.com/support/pages/node/263679", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:48:18", "description": "## Summary\n\n \nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\n \nIBM eDiscovery Analyzer Version 2.1 \nIBM InfoSphere eDiscovery Analyzer Version 2.1.1 \nIBM eDiscovery Analyzer Version 2.2 \nIBM eDiscovery Analyzer Version 2.2.1 \nIBM eDiscovery Analyzer Version 2.2.2\n\n## Remediation/Fixes\n\nFor versions 2.2.1.1 and 2.2.2.1, the recommended solution is to apply the available fix as soon as practical. Contact IBM Support if you are using versions 2.1, 2.1.1 or 2.2. \n\nGo to Fix Central site([eDiscovery Analyzer](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Enterprise%2BContent%2BManagement&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=All&platform=All&function=all>)) and install the fix applicable to the version that you have installed and your platform.\n\n * 2.2.1.1 Interim Fix 3\n * 2.2.2.2 Interim Fix 1\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:10:14", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM eDiscovery Analyzer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T12:10:14", "id": "E6539A3BB2EB04D867564E210333C561765406B8A7B65151CA32F4CE21B0AE0B", "href": "https://www.ibm.com/support/pages/node/255851", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:15:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 that is used by Power Hardware Management Console. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/100151_**](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n\n\n**CVEID:** [_CVE-2014-6593_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [**_http://xforce.iss.net/xforce/xfdb/100153_**](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nPower HMC V7.7.3.0 \nPower HMC V7.7.7.0 \nPower HMC V7.7.8.0 \nPower HMC V7.7.9.0 \nPower HMC V8.8.1.0 \nPower HMC V8.8.2.0\n\n## Remediation/Fixes\n\nFixes are available for the the HMC versions mentioned below: \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nPower HMC| V7.7.3.0 SP7| MB03888| Apply eFix MH01500 \nPower HMC| V7.7.7.0 SP4| MB03889| Apply eFix MH01501 \nPower HMC| V7.7.8.0 SP2| MB03899| Apply eFix MH01511 \nPower HMC| V7.7.9.0 SP1| MB03900| Apply eFix MH01512 \nPower HMC| V8.8.1.0 SP1| MB03886| Apply eFix MH01498 \nPower HMC| V8.8.2.0 SP1| MB03837| Apply eFix MH01499 \n \n \n**Note:** \n1\\. After applying the PTF, you should restart the HMC. \n2\\. HMC V7.7.3 support is extended only for managing the Power 775 (9125-F2C) also called \"PERCS\" and \"IH\". End Of Service date for managing all other server models was 2013.05.31. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-09-23T01:31:39", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK Affect Power Hardware Management Console (CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2021-09-23T01:31:39", "id": "5F07312D1C5E6FE8181D631352EDDAC9A1D6DA80B24005A4700B576A3B30DB78", "href": "https://www.ibm.com/support/pages/node/646171", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T05:37:54", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V9000. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n_FlashSystem V9000 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AC2 and 9848-AC2. \n\n## Remediation/Fixes\n\nYou should verify that applying this fix does not cause any compatibility issues.\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V9000 MTMs:** \n9846-AE2, \n9848-AE2, \n9846-AC2, \n9848-AC2| _A code fix is now available, the VRMF of this code level is 7.4.1.1 (or later) for both the storage enclosure nodes (-AEx) and the control nodes (-ACx)_| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V9000, (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-18T00:09:43", "id": "82B8484D57594A12CED295DEF2A7F68637EFFA7865C77083F06B45E70EFA9D3E", "href": "https://www.ibm.com/support/pages/node/690517", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T09:36:54", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 that is used by IBM Storwize V7000 Unified. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n \n**DESCRIPTION:** A flaw in the TLS implementation allows a man-in-the-middle attacker to force the connection into plaintext. The TLS implementation provides communications security by encrypting the data while being transferred over a computer network. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) [](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100153>)[](<http://xforce.iss.net/xforce/xfdb/100153>)for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM Storwize V7000 Unified \n \nAll products are affected when running code releases 1.3, 1.4 and 1.5 except for version 1.5.2.0 and above. \n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM Storwize V7000 Unified to the following code level or higher: \n \n1.5.2.0_ \n__ \n_[_Latest Storwize V7000 Unified Software_](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nWorkaround(s) : None. \n \nMitigation(s) : Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall. \n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:10", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM Storwize V7000 Unified (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-18T00:09:10", "id": "84DC30A405D819D9F72421CFCF62433DDA70DC06700E0CB421B3B3D55EC8C8AE", "href": "https://www.ibm.com/support/pages/node/690235", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM PureApplication System V1.1 \nIBM PureApplication System V2.0 \nIBM PureApplication System V2.1 \n\n## Remediation/Fixes\n\nThe solution is to upgrade the IBM PureApplication System to the following fix level: \n \nIBM PureApplication System V2.1 \nUpgrade to IBM PureApplication System V2.1.0.1 \n \nIBM PureApplication System V2.0 \nUpgrade to IBM PureApplication System V2.0.0.1 Interim Fix 4 \n \nIBM PureApplication System V1.1 and earlier: \n\nContact IBM customer support for upgrade options.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM PureApplication System (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:24", "id": "3E76F5CF462289D90F38342D1368D301EF32CEEA27AA1B485901A311EE59AC0F", "href": "https://www.ibm.com/support/pages/node/532535", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-13T05:38:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.6.0 that is used by the IBM FlashSystem V840. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100151_](<http://xforce.iss.net/xforce/xfdb/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_http://xforce.iss.net/xforce/xfdb/100153_](<http://xforce.iss.net/xforce/xfdb/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n_FlashSystem V840 including machine type and models (MTMs) for all available code levels._ MTMs affected include 9846-AC0, 9848-AC0, 9846-AC1, and 9848-AC1. The Service Assist GUI is the only component in these products that uses the Apache Struts library. \n\n## Remediation/Fixes\n\nYou should verify that applying this fix does not cause any compatibility issues.\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n**V840 MTMs:** 9846-AC0, \n9846-AC1, \n9848-AC0, \n9848-AC1| _A code fix is now available, the VRMF of this code level is 1.1.3.8 (or later) for the storage enclosure nodes and 7.4.0.4 for the control nodes._| _ __N/A_| _No workarounds or mitigations, other than applying this code fix, are known for this vulnerability_ \n \n \n**Note:** \nV840 customers must upgrade the code of both the -AE1 and -ACx (whether -AC0 or -AC1) nodes to address this vulnerability. A customer reading this to fix one model type (e.g. \u2013AC1) should look for the corresponding security bulletin which describes how to fix the other model type (e.g. perhaps \u2013AE1) in the customer's V840. \n\n\n[_Link to FlashSystem 840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+840&release=All&platform=All&function=all>)\n\n \n[_Link to FlashSystem V840 fixes_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash+high+availability+systems&product=ibm/StorageSoftware/IBM+FlashSystem+V840&release=All&platform=All&function=all>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-18T00:09:27", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Java affect the IBM FlashSystem V840, (CVE-2014-6593 and CVE-2015-0410))", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-18T00:09:27", "id": "AEBB057B7823F905E1350F9D4877CAB71BB0E06AB36C7779980A0F7C8BD72BB6", "href": "https://www.ibm.com/support/pages/node/690421", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:49:06", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7SR8, that is used by Rational Automation Framework. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. \n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nRational Automation Framework 3.0.1, 3.0.1.1, 3.0.1.2.x, 3.0.1.3.x on all supported platforms.\n\n## Remediation/Fixes\n\nUpgrade to [RAF 3.0.1.3 ifix4](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Automation+Framework&release=3.0.1.3i4&platform=All&function=all>) or later.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:04:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Automation Framework (CVE-2015-0410 and CVE-2014-6593 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T05:04:13", "id": "74703F913A5521ED32B7192E664187A2672BA346C48F8CAD66D4E9AD8D48F992", "href": "https://www.ibm.com/support/pages/node/531811", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM OS Images for Red Hat Linux Systems and AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM OS Image for Red Hat Linux Systems 2.0.0.1 and earlier. \nIBM OS Image for AIX 2.0.0.1 and earlier.\n\n## Remediation/Fixes\n\nThe deployed Red Hat Linux-based and AIX virtual machines on IBM PureApplication Systems types are affected. The solution is to apply the following IBM PureApplication System fix to the deployed virtual machines. \n \nJava Update for Linux \n__[http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=+Java_Update_Linux_2++&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=+Java_Update_Linux_2++&includeSupersedes=0>)__ \n__ \n__Java Update for AIX \n[__http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&amp;product=ibm/WebSphere/PureApplication+System&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=+Java_Update_AIX_2++&amp;includeSupersedes=0__](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=PureSystems&product=ibm/WebSphere/PureApplication+System&release=All&platform=All&function=fixId&fixids=+Java_Update_AIX_2++&includeSupersedes=0>) \n \n\n\n 1. Import the fix into the Emergency Fix catalogue.\n 2. For deployed instances, apply this emergency fix on the VM. The IBM Java SDKwill be upgraded to IBM Java JDK 7.0 SR8 FP10 interim fix and IBM Java JDK 6.0 SR16 FP3 interim fix\n 3. Restart the deployed instance after the fix is applied.\n \nYou should verify applying this fix does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems and AIX (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:25", "id": "17ACD206EE31B39ACA37FF9ADB5354BF5B5C918AD56B4A16A497861E4C1983D2", "href": "https://www.ibm.com/support/pages/node/532815", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:49:23", "description": "## Summary\n\nThis bulletin covers remediation measures for the CVEs published in Oracle's July 2014 CPU that affect Rational RequisitePro.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n \n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n \n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Rational RequisitePro versions: \n \n\n\n**Version**| **Status** \n---|--- \n7.1.4 through 7.1.4.5| Affected \n7.1.3 through 7.1.3.12| Affected \n7.1.0.x, 7.1.1.x (all versions), 7.1.2 through 7.1.2.15| Affected \n \n## Remediation/Fixes\n\nApply a fix pack for your appropriate ReqPro release. \n \n\n\n**Affected Version**| **Applying the fix** \n---|--- \n7.1.4.x| Install [Rational RequisitePro Fix Pack 6 (7.1.4.6) for 7.1.4](<http://www.ibm.com/support/docview.wss?uid=swg24038941>) \n7.1.3.x| Install [Rational RequisitePro Fix Pack 13 (7.1.3.13) for 7.1.3](<http://www.ibm.com/support/docview.wss?uid=swg24038940>) \n7.1.2.x| Install [Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24038939>) \n7.1.1.x \n7.1.0.x| Install [Rational RequisitePro Fix Pack 16 (7.1.2.16) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24038939>) \n**Note: **7.1.2.16 interoperates with all 7.1.x.x systems, and can be installed in the same way as 7.1.x.x fix packs. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:59:01", "type": "ibm", "title": "Security Bulletin: Rational RequisitePro affected by Java vulnerabilities (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T04:59:01", "id": "142BCF9DFE12C8120D0F10EB7F7C4EF6289BDECEFE22E9A922E1921894B7DD22", "href": "https://www.ibm.com/support/pages/node/521465", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:19", "description": "## Summary\n\nThis Security Bulletin addresses the security vulnerabilities that have shipped with the IBM Java Runtime Environment (JRE) included in IBM Operational Decision Manager (ODM), IBM ILOG JRules and IBM WebSphere Business Events (WBE). For those products, this Security Bulletin provides the fixes to the security vulnerabilities reported in Oracle's Critical Patch Update releases of July 2014.\n\n## Vulnerability Details\n\n### CVE ID: [CVE-2014-4263](<https://vulners.com/cve/CVE-2014-4263>)\n\n \n**DESCRIPTION: ** \nThe JSSE component's Diffie-Hellman key exchange implementation is vulnerable to a man-in-the-middle attack. \nThe fix adds a new check to prevent this vulnerability from occurring in the future \n**CVSS:** \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n\n\n### CVE ID: [CVE-2014-4244](<https://vulners.com/cve/CVE-2014-4244>)\n\n \n**DESCRIPTION: ** \nIf a remote attacker can observe local variables (temperature, RF, sound), they can deduce the RSA private key based on changes in those variables. \nThe fix introduces \"dead\" computations (aka blinding) to foil the remote attacks. \n**CVSS:** \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * IBM WebSphere Business Events 7.0\n * IBM WebSphere ILOG JRules v7.1\n * IBM WebSphere Operational Decision Management v7.5 \n * IBM Operational Decision Manager v8.0 \n * IBM Operational Decision Manager v8.5\n * IBM Operational Decision Manager v8.6\n\n## Remediation/Fixes\n\n \nIBM WebSphere ILOG JRules V7.1: \nInterim fix 42 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **7.1.1.5-WS-BRMS_JDK-WIN-IF042** \n \nIBM WebSphere Business Event 7.0: \nInterim fix RS01752 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **7.0.1.1-WS-BE-&lt;OS&gt;-RS01572** \n \nIBM WebSphere Operational Decision Management v7.5: \nInterim fix 40 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **7.5.0.4-WS-ODM_JDK-&lt;OS&gt;-IF040** \n\n\nIBM Operational Decision Manager v8.0: \n\n \nInterim fix 37 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): ** 8.0.1.0-WS-ODM_JDK-&lt;OS&gt;-IF****037** \n\n\nIBM Operational Decision Manager v8.5:\n\n \nInterim fix 39 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **8.5.1.0-WS-ODM_JDK-&lt;OS&gt;-IF****039** \n\n\nIBM Operational Decision Manager v8.6:\n\n \nInterim fix 4 for APAR RS01752 is available from [IBM Fix Central](<https://www-933.ibm.com/support/fixcentral/options?selectionBean.selectedTab=select&productGroup0=ibm/WebSphere>): **8.6.0.0-WS-ODM_JDK-&lt;OS&gt;-IF****004**\n\n## Workarounds and Mitigations\n\nnone known, apply fix\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:43", "type": "ibm", "title": "Security Bulletin: IBM Operational Decision Manager, WebSphere ILOG JRules and WebSphere Business Events: Multiple security vulnerabilities in IBM JRE (CVE-2014-4244,CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:43", "id": "497072F109072DA8AD18E4F8D79E137EAFD73968147CD9DEEE100B144EB01A31", "href": "https://www.ibm.com/support/pages/node/251603", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:43:37", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM SDK, Java\u2122 Technology Edition, which is shipped with IBM SmartCloud Orchestrator.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit that is related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit that is related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM SmartCloud Orchestrator V2.2, V2.2 Fix Pack 1, and IBM SmartCloud Orchestrator V2.3, V2.3.0 Fix Pack 1 up to Interim Fix 5 \n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Upgrade to [IBM SmartCloud Orchestrator 2.3.0 Fix Pack 1, Interim Fix 6](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ETivoli&product=ibm/Tivoli/IBM+SmartCloud+Orchestrator&release=2.3.0.1&platform=All&function=fixId&fixids=2.3.0.1-CSI-ISCO-IF0006&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=fc>).\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:50", "type": "ibm", "title": "Security Bulletin: IBM SmartCloud Orchestrator - Multiple security vulnerabilities exist in the IBM SDK, Java\u2122 Technology Edition ( CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T22:30:50", "id": "275BF0687D425AD146FCEED93769F4172BDD6B6EA894BF5F6233B13D4B76D94C", "href": "https://www.ibm.com/support/pages/node/521167", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:43:41", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM SDK, Java\u2122 Technology Edition that is shipped with IBM SmartCloud Provisioning (CVE-2014-4263, CVE-2014-4244).\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>_ for more information \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nSmartCloud Provisioning 2.3, 2.3 Fix Pack 1 up to iFix 4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available. \n**Fix:** \nUpgrade to IBM SmartCloud Provisioning 2.3 Fix Pack 1, iFix 6\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T22:30:12", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java\u2122 Technology Edition affect SmartCloud Provisioning (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T22:30:12", "id": "AA3CEFA9FA0EC7375DC22015A3FC8B6C84A4C21EEFF4C639EEFA85AC96182967", "href": "https://www.ibm.com/support/pages/node/524447", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:47:25", "description": "## Summary\n\nVulnerabilities have been identified in IBM Runtime Environment, Java\u2122 Technology Edition, Version 6, utilized by the Enterprise Common Collector (a component of IBM Tivoli zEnterpise Monitoring Agent, a component of IBM Tivoli Monitoring). \n\n## Vulnerability Details\n\n**CVEID: **[__CVE-2014-4263__](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION: **An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID: **[__CVE-2014-4244__](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION: **An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n_*_The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Affected Products and Versions\n\n_Enterprise Common Collector 1.1.0 (a component of IBM Tivoli zEnterpise Monitoring Agent, a component of IBM Tivoli Monitoring v6.2.3 and v6.3.0)_\n\n## Remediation/Fixes\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Operating System_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|---|--- \n \nIBM Tivoli zEnterpise Monitoring Agent (Enterprise Common Collector v1.1.0 component) \n\n| \n\nv6.2.3\n\n| AIX\u00ae| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-AIX-IF0002&includeSupersedes=0>) \n \nLinux\u00ae on System z\u00ae| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Linuxz-IF0002&includeSupersedes=0>) \n \nLinux\u00ae on Intel\u00ae 32-bit| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Linuxx32-IF0002&includeSupersedes=0>) \n \nLinux\u00ae on Intel\u00ae 64-bit| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Linuxx64-IF0002&includeSupersedes=0>) \n \n32-bit Windows\u00ae| \n\n[_Fix Central link_](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Windows32-IF0002&includeSupersedes=0>) \n \n64-bit Windows\u00ae| \n\n[_Fix Central link_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Tivoli%2BComposite%2BApplication%2BManager&product=ibm/Tivoli/IBM+Tivoli+Monitoring&release=All&platform=All&function=fixId&fixids=1.1.0.2-TIV-ITM-ECC-JRE-Windows64-IF0002&includeSupersedes=0>) \n \n** **Note: IBM Tivoli zEnterprise Monitoring Agent v6.2.3 is a component of ITM v6.2.3 and v6.3.0. \n\n## Workarounds and Mitigations\n\nThe Enterprise Common Collector (ECC) v1.1.0 must be at at least fixpack level 2 (also known as v1.1.0.2) before applying this fix. If you have a back level fixpack of the Enterprise Common Collector (v1.1.0.0 or v1.1.0.1), please upgrade to version 1.1.0.2 (which can be found on [_Passport Advantage_](<http://www-01.ibm.com/software/passportadvantage/pao_customer.html>) \u2013 part # CIN10ML).\n\n## ", "cvss3": {}, "published": "2018-06-17T14:48:53", "type": "ibm", "title": "Security Bulletin: A component of IBM Tivoli zEnterpise Monitoring Agent is potentially affected by multiple vulnerabilities that have been identified in IBM Runtime Environment, Java\u2122 Technology Edition, Version 6 (CVE-2014-4263 and CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T14:48:53", "id": "8E38E2849008E331115684946847E91DA520C65669D6ACAD9A91B99B08577AAA", "href": "https://www.ibm.com/support/pages/node/250529", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:41:42", "description": "## Summary\n\nFlaws in the Java runtime Secure Sockets implementation may expose CCRC communications to an attacker.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n \n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nOnly the ClearCase Remote Client/ClearTeam Explorer component of ClearCase is affected. \n \n\n\n**ClearCase Remote Client/ClearTeam Explorer version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.5\n\n| \n\nAffected \n \n8.0 through 8.0.0.12\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.15\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n7.0.x\n\n| \n\nNot affected \n \n## Remediation/Fixes\n\nThe solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 6 (8.0.1.6)](<http://www.ibm.com/support/docview.wss?uid=swg24038911>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 13 (8.0.0.13)](<http://www.ibm.com/support/docview.wss?uid=swg24038913>) \n \n7.1.2.x \n7.1.1.x \n7.1.0.x\n\n| Customers with extended support contracts should install [Rational ClearCase Fix Pack 16 (7.1.2.16)](<http://www.ibm.com/support/docview.wss?uid=swg24038914>) \n \n**Notes: **\n\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), you should update the Java\u2122 Virtual Machine used by Eclipse to include a fix for CVE-2014-4263 and CVE-2014-4244. Contact the supplier of your Eclipse or Java\u2122 Virtual Machine for instructions on updating Eclipse.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Java security vulnerabilities in ClearCase Remote Client (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-07-10T08:34:12", "id": "79F7EB62DB5A8ECC70229B81AD83CA7190E2B816E6FC1DBE08ACE303AA36320B", "href": "https://www.ibm.com/support/pages/node/255219", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:51:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1\n\n## Remediation/Fixes\n\nThe recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available. \n \n\n\n**_Fix*_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \nInterim Fix 1.0.0.1_3| 1.0.0.1| IT03591| IBM Fix Central &gt; [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>)[IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T19:39:08", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Multi-Enterprise Integration Gateway (CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-16T19:39:08", "id": "FA053090EC72B4B22D26600960D138D5FE7F871074B1BFED4F4D77F3DF12C308", "href": "https://www.ibm.com/support/pages/node/247345", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:47:25", "description": "## Summary\n\nIBM\u00ae SDK Java\u2122 Technology Edition integrated within WebSphere Application Server is shipped as a component of IBM Tivoli Network Manager IP Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. \n\n\n## Vulnerability Details\n\nPlease consult the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>) for vulnerability details.\n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as a component \n---|--- \nTivoli Network Manager 3.8| Bundled the TIP version 1.1.1.x, IBM WebSphere version 6.1.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 5. \nTivoli Network Manager 3.9| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Manager 4.1| Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Manager 4.1.1| Bundled the TIP version 2.2.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \n \n## Remediation/Fixes\n\nUpgrade your SDK to an interim fix level as determined below: \n**_<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>_****_ \n_** \nDownload and apply the interim fix APARs below, for your appropriate release: \n \n**For Tivoli Network Manager IP Edition 3.9, 4.1 and 4.1.1 versions, WebSphere V7.0.0.0 through 7.0.0.33:**\n\n * Apply Interim Fix [_PI20799_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038094>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037515>):[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036968>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24036504>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035397>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034997>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034443>) Will upgrade you to IBM Java SDK Version 6 Service Refresh 16[](<http://www-01.ibm.com/support/docview.wss?uid=swg24033359>) Fix Pack 1 \n**\\--OR--**\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 35 (7.0.0.35) or later (targeted to be available 13 October 2014). \n** \nFor Tivoli Network Manager IP Edition 3.8 version, WebSphere V6.1.0.0 through 6.1.0.47:**\n\n * Contact IBM Support and apply Interim Fix PI20800[](<http://www-01.ibm.com/support/docview.wss?uid=swg24037458>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24035396>)[](<http://www.ibm.com/support/docview.wss?uid=swg24034996>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24034418>): Will upgrade you to IBM Java SDK Version 5.0 Service Refresh 16 Fix Pack 7 \n\n## ", "cvss3": {}, "published": "2018-06-17T14:47:29", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in IBM Java SDK affecting WebSphere Application Server shipped with IBM Tivoli Network Manager IP Edition (CVE-2014-4263 and CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T14:47:29", "id": "529738DA56E39D786AE750710FE217BA8C730289CB3B2DF92E820F0305BC6957", "href": "https://www.ibm.com/support/pages/node/248275", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-21T01:41:24", "description": "## Summary\n\nAn unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact, reported on July 15, 2014.\n\n## Vulnerability Details\n\n**CVE-ID: ** [_CVE-2014-4263_](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4263>) \n \n**DESCRIPTION: **Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to \"Diffie-Hellman key agreement.\" \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVE-ID: ** [_CVE-2014-4244_](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4244>) \n \n**DESCRIPTION**: Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nGuardium Database Activity Monitor 8.0, 8.2, 9.0, 9.1\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nGuardium Database Activity Monitor| _9.0_| \n| | [http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard-9.0p1036_Security_Update&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-9.0p1036_Security_Update&includeSupersedes=0&source=fc>)| \n---|--- \n \n| \n \nGuardium Database Activity Monitor| 8.2| \n| [_http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard-8.2p239_Security_Update&amp;includeSupersedes=0&amp;source=fc_](<http://www.ibm.com/support/fixcentral/swg/quickorder?product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard-8.2p239_Security_Update&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-07-16T10:15:46", "type": "ibm", "title": "Security Bulletin: IBM InfoSphere Guardium Database Activity Monitor is affected by: CVE-2014-4263 and CVE-2014-4244", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-07-16T10:15:46", "id": "FE76EBEE1297EA99B4DEAF443A4AFEF8EDB41FABB23A314759F431205EF3D346", "href": "https://www.ibm.com/support/pages/node/249527", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:06:47", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Global Name Management. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nGlobal Name Management 5.0\n\n## Remediation/Fixes\n\n_&lt;Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_Global Name Management_| _5.0.0_| [](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>)| __From the __[__WebSphere Security Bulletin__](<http://www-01.ibm.com/support/docview.wss?uid=swg21680418>)__. __ \n \n_Apply Interim Fix__ _[_PI20798_](<http://www-01.ibm.com/support/docview.wss?uid=swg24038093>)_:_**__ __**_Will upgrade you to IBM Java SDK Version 6R1 Service Refresh 8 Fix Pack 1 _ \n \n**\\--OR--**\n\nApply IBM Java SDK shipped with WebSphere Application Server Fix pack 10 (8.0.0.10) or later (targeted to be available 16 February 2015). \n \n## Workarounds and Mitigations\n\n**None**\n\n## ", "cvss3": {}, "published": "2022-04-20T17:04:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Global Name Management 5.0 (CVE-2014-4263) and (CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-04-20T17:04:55", "id": "9461B23DBDFCC9C45ACA7AE476827AD44ADBC6048F675F99FD8C0E00A94791FE", "href": "https://www.ibm.com/support/pages/node/248523", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T05:53:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Cognos Express. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Express 9.0 \n\nIBM Cognos Express 9.5\n\nIBM Cognos Express 10.1\n\nIBM Cognos Express 10.2.1\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix in one of the IBM Cognos Express versions listed as soon as practical: \n \n[IBM Cognos Express 10.1 FP1](<http://www.ibm.com/support/docview.wss?uid=swg24039223>) \n[IBM Cognos Express 10.2.1 FP3](<http://www.ibm.com/support/docview.wss?uid=swg24039224>) \n \nIBM Cognos Express 9.0 and 9.5 customers should upgrade to a more current version and apply the corresponding update. Please contact Customer Support with any questions.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-11-10T12:06:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Express (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-11-10T12:06:25", "id": "7470FAC726E920247C258BE65FFCE5C0CD77F771B7B35DCB2885D29A187B71C8", "href": "https://www.ibm.com/support/pages/node/524301", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Performance Tester and were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score:** 4 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector: **(AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nRational Performance Tester versions 8.1 - 8.6\n\n## Remediation/Fixes\n\nUpgrade to [Rational Performance Tester Fix Pack 1 (8.6.0.1) for 8.6](<http://www.ibm.com/support/docview.wss?uid=swg24037362>) \n \nRational Performance Tester 8.6.0.1 provides IBM JRE 7 iFixes which corrects these issues. \n \n**_Vendor Fix(es):_** \n \nExample: \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRPT| 8.5 - 8.5.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.5.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \nRPT| 8.3 - 8.3.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.3.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \nRPT| 8.2 -8.2.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.2.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \nRPT| 8.1 - 8.1.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Performance+Tester&release=8.1.0&platform=All&function=fixId&fixids=Rational-RPT-JavaPatch-Java7SR7FP1&includeSupersedes=0>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:57:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Performance Tester (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T04:57:17", "id": "D7DED9F0194F39D089620BB049986AF997C28045E89C1BFA7154D5B86C137103", "href": "https://www.ibm.com/support/pages/node/251547", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:58:13", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere eXtreme Scale. These issues were disclosed as part of the IBM Java SDK updates in July 2014. \n\n## Vulnerability Details\n\nThe following two advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere eXtreme Scale may be vulnerable to them. \n \nCVEID: [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \nDESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \nCVEID: [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \nDESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n**WebSphere eXtreme Scale client and server 7.1.0 at all fix pack and interim fix levels.** \n** WebSphere eXtreme Scale client and server 7.1.1 at all fix pack and interim fix levels.** \n** WebSphere eXtreme Scale client and server 8.5.0 at all fix pack and interim fix levels.** \n** WebSphere eXtreme Scale client and server 8.6.0 at all fix pack and interim fix levels prior to 8.6.0.6.** \n \n**When WebSphere eXtreme Scale clients or servers are deployed within WebSphere Application Server, the Java SDK of the WebSphere Application Server is used, and therefore it is not necessary to install a new level of WebSphere eXtreme Scale. See the security bulletin for WebSphere Application Server at this link: **[**_https://www-304.ibm.com/support/docview.wss?uid=swg21680418_**](<https://www-304.ibm.com/support/docview.wss?uid=swg21680418>)\n\n## Remediation/Fixes\n\nApply an interim fix or fix pack as documented in the table. Later versions of WebSphere DataPower XC10 Appliance fixes and fix packs will also include the fix for APAR PI31212. \n \n\n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nWebSphere eXtreme Scale| Version 7.1.0| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+eXtreme+Scale&amp;release=7.1.0.3&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.0.3&platform=All&function=all>) \nWebSphere eXtreme Scale| Version 7.1.1| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+eXtreme+Scale&amp;release=7.1.1.1&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=7.1.1.1&platform=All&function=all>) \nWebSphere eXtreme Scale| Version 8.5.0| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+eXtreme+Scale&amp;release=8.5.0.3&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=8.5.0.3&platform=All&function=all>) \nWebSphere eXtreme Scale| Version 8.6.0| PI31212| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+eXtreme+Scale&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=8.6.0-WS-WXS-FP0000006&amp;includeSupersedes=0](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+eXtreme+Scale&release=All&platform=All&function=fixId&fixids=8.6.0-WS-WXS-FP0000006&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:16", "type": "ibm", "title": "Security Bulletin: Several Vulnerabilities in the Java SDK affect WebSphere eXtreme Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:02:16", "id": "7867594F3F661628BC072448F76C9D640CC551AA7B923B0ECA02D677F1DD75F3", "href": "https://www.ibm.com/support/pages/node/521587", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by Rational Service Tester and were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n**CVSS Base Score:** 4 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nRational Service Tester versions 8.1 - 8.6\n\n## Remediation/Fixes\n\nUpgrade to [Rational Service Tester for SOA Quality Fix Pack 1 (8.6.0.1) for 8.6](<http://www.ibm.com/support/docview.wss?uid=swg24037362>) \n \nRational Service Tester 8.6.0.1 provides IBM JRE 7 iFixes which corrects these issues. \n \n**_Vendor Fix(es):_** \n \nExample: \n\n**Product**| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nRST| 8.5 - 8.5.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.5.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \nRST| 8.3 - 8.3.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.3.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \nRST| 8.2 -8.2.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.2.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \nRST| 8.1 - 8.1.x| None| Download and apply [Java Patch on Fix Central](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Service+Tester+for+SOA+Quality&release=8.1.0&platform=All&function=fixId&fixids=Rational-RST-JavaPatch-Java7SR7FP1&includeSupersedes=0&source=fc>). \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T04:57:17", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Service Tester (CVE-2014-4244, CVE-2014-4263)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-17T04:57:17", "id": "9A332AF9365C662A856919E84FA647993F65B0E6F6E22786914A7A4BD74A439D", "href": "https://www.ibm.com/support/pages/node/251549", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:53:59", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7R1 Service Refresh 2 and earlier releases, Version 7 Service Refresh 8 and earlier releases, Version 6 Service Refresh 16 Fix Pack 2 and earlier releases that are used by various Optim data server tools desktop products. These issues were disclosed as part of the IBM Java SDK updates in January, 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Data Studio client 4.1.1 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW 4.1.1 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS 4.1.1 and earlier \nInfoSphere Data Architect 9.1.2 and earlier\n\n## Remediation/Fixes\n\nEach affected product and version requires the upgrade of the IBM SDK, Java Technology Edition that is installed with the client. Install one of the following IBM Java SDK versions: \n\n\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 Fix Pack 10 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 Fix Pack 10 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 3 and subsequent releases \n \nDetailed instructions are provided in the tech-note \u201c[_Updating the IBM SDK, Java Technology Edition for Optim data server tools desktop clients_](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)\u201d \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:09:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect various Optim data server tools desktop products (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-16T13:09:38", "id": "7A06F4886237ED5A9366C9277F1BC87516C50BA79DA9B3A8DC0C8CC22975EA4F", "href": "https://www.ibm.com/support/pages/node/527049", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:46:10", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 that is used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\nDESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5\n\n \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4\n\n \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM MessageSight V1.2 and earlier\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_IBM MessageSight_| _1.1_| _IT07005_| _1.1.0.1-IBM-IMA-IFIT07005_ \n_IBM MessageSight_| _1.2_| _IT07005_| _1.2.0.0-IBM-IMA-IFIT07005_ \n \n## ", "cvss3": {}, "published": "2018-06-17T15:12:14", "type": "ibm", "title": "Security Bulletin:Multiple vulnerabilities in IBM Java SDK affect IBM MessageSight (CVE-2014-6593 and CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-17T15:12:14", "id": "04BF6B9ACF259BBC739CBEC95BCD6A91ADA2CCD627D58A7C76168826F046BA8B", "href": "https://www.ibm.com/support/pages/node/526203", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:57:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition Version 6 and 7 that are used by IBM Workload Deployer. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\n * IBM Workload Deployer version 3.1 and later\n\n## Remediation/Fixes\n\nThe solution is to apply the IBM Workload Deployer interim fix7. \n \nUpgrade the IBM Workload Deployer to the following fix level: \n \n\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Workload Deployer System| Release V3.1.0.7| V3.1.0.7 interim fix, \n \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&amp;release=3.1.0.7&amp;platform=All&amp;function=fixId&amp;fixids=3.1.0.7-ifix7-IBM_Workload_Deployer&amp;includeSupersedes=0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix7-IBM_Workload_Deployer&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:03:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer (CVE-2015-0410 and CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0410"], "modified": "2018-06-15T07:03:24", "id": "FD9296971F33C160691FE87750981EEC52B98086D4AAE319167431ABB58B362F", "href": "https://www.ibm.com/support/pages/node/532533", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:00:59", "description": "## Summary\n\nRemote execution vulnerability in Apache Commons Collections affects Intelligent Operations Center components WebSphere Application Server (WAS) or WAS Hypervisor Edition.\n\n## Vulnerability Details\n\n**CVE ID**:** **[](<https://vulners.com/cve/CVE-2014-3566>)[CVE-2015-7450](<https://vulners.com/cve/CVE-2015-7450>) \n \nDescription: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data with Java InvokerTransformer class. By sending specially crafted data, an attacker could exploit this vulnerability to execute arbitrary Java code on the system. \nCVSS Base Score: 9.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/107918_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/107918>) for the current score \nCVSS Environmental Score*: Undefined \n\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nThis vulnerability affects editions of WebSphere Application Server and bundling products, and all versions and releases of IBM WebSphere Application Server in: \n\nVersions 1.5 and 1.6, all sub-versions, of\n\n * IBM Intelligent Operations Center\n * IBM Intelligent Operations for Water\n * IBM Intelligent Operations for Transportation\n * IBM Intelligent City Planning and Operations\n \nVersions 5.1 and all sub-versions of \nIBM Intelligent Operations Center \n\n## Remediation/Fixes\n\nIf you have version 5.1 or later, see **_For Intelligent Operations Center 5.1.x_** below. \n \n**_For Intelligent Operations Center (IOC), Intelligent Transportation, and Intelligent Water Versions 1.6 Standard or High Availability:_** \nFor High Availability, the same steps apply. Stop both Analytics servers and both Applications servers and perform the upgrade by using IBM Installation Manager on the second Analytics server and the second Applications server after you perform the upgrade on the primary Analytics server and the primary Applications server. \n \nYou must update WebSphere Application Server on all Analytics servers and all Applications servers. \n \n**Installation prerequisites for Analytics and Applications servers.** \n \n1) You must have a Passport Advantage ID and password. \n \n2) Log in as root on each server. \n \n3) All servers should have access to the internet for the following instructions. \n\nIf the servers do not have access to the internet, you can download the fix or interim fix from the internet on another system and transfer the fix or interim fix to the file system on each server that must be updated. Follow the instructions in the link below and in the refer-to section. \n \nDownload the files that contain the fixes from Fix Central, and use local updating. For the following steps that use IBM Installation Manager to install the WebSphere update, use the URL: \n[`**_https://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en_**`](<https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en>) \n \nThe fix that you must download for WebSphere is located here: \n[`_http://www-01.ibm.com/support/docview.wss?uid=swg21970575_`](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n4) **Either perform the update using a graphical user interface (GUI):**\n\nLog in to a GUI desktop on Linux. \nThe desktop can be either Gnome or KDE. \nIf a desktop is not installed, you can use these steps to install a desktop: a) Enter the command: `**yum -y groupinstall \"X Window System\" Desktop**` b) Modify the file `**/etc/inittab**` to contain the line: `**id:5:initdefault:**` c) Reboot the operating system. ** Or**** perform the update by using a command prompt:**\n\nIf you have not installed a desktop, and you do not wish to install a desktop for the IBM Installation Manager, you can install interim fixes from a command prompt by following the syntax and commands described here: <https://www.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.installation.base.doc/info/aes/ae/tins_install_fixes_dist_cl.html?lang=en> Follow the advice in this link wherever the IBM Installation Manager is mentioned in the rest of these procedures. \n5) Either use `IOCControl` with the IOC Topology password to stop WebSphere on the Analytics servers and on the Applications servers, or stop WebSphere by using another method such as the IBM Integrated Console. \n \n \n**Upgrading WebSphere Application Server on the Analytics servers** \n \n \nTo perform the upgrade, follow these steps: \n \n1) Log on to each Analytics server through a terminal server: \n\nLog on as user `**ibmadmin**` if possible. \nIf `**ibmadmin**` is unavailable, \nlog on as user `**root**` and enter the command: `**perform \"su - ibmadmin\".**` \n2) Enter the command: `**IOCControl -a stop -c ana -p \"ioc topology password\"**` When the **IOCControl** command finishes, you should see output such as this: \n\n`**IBM COGNOS Enterprise node agent (anacognosnode) - [ off ] \nIBM COGNOS Enterprise dispatcher (anacognosdisp) - [ off ] \nIBM COGNOS Enterprise gateway (anacognosgw) - [ off ] \nIBM ILOG CPLEX Optimization Studio node agent (anacplexnode) - [ off ] \nIBM ILOG CPLEX Optimization Studio server (anacplexserv) - [ off ]**` \n`**IBM SPSS Modeler server (anaspss) - [ on ]**` \n3) Log on to the Analytics server as user `**root**` by using the Gnome desktop or the KDE desktop. \n \n4) Configure the Installation Manager: \n\na) Start the Installation Manager through the GUI : **Applications -&gt; IBM Applications Installation Manager** b) In **File -&gt; Preferences .... Passport Advantage**, select **\"Connect to Passport Advantage\"** Click **Apply** and then click **OK.** \nc) In **File -&gt; Preferences .... Repository**, clear the selection for every repository that begins with the string `**\"/tmp/ioc\" or \"/installMedia/*\"**`. These repositories are no longer relevant, and can be deleted. d) Select `**\"Search service repositories during installation and updates\"**`. Click **Apply** and then click **OK.** e) In `**File -> Preferences --> Updates**`, select `**\"Search for Installation Manager updates ..\"**`. Click **Apply** and then click **OK.** The Installation Manager then looks for updates for the IBM Installation Manager Program itself. \nf) Stop and restart the IBM Installation Manager. \n5) Update the components on the Analytics server: \n\na) Start the Installation Manager through the GUI: **Applications -&gt; IBM Applications Installation Manager** b) Select` ``**'Update'**`. \nc) Select `**'Next'**` repeatedly until you are prompted for an IBM ID and password. On the next screen, where you are prompted for a Master Password, click `**'Cancel'**`. d) If you are prompted to perform an update to a new version of Installation Manager, click `**'Yes'**` to perform the upgrade, and then click `**'OK'**` to restart the Installation Manager when prompted. e) If you upgraded the Installation Manager, select `**\"Update\"**` again. \ng) If you are prompted to attach to the IBM WebSphere Application Server Repository, select `**'Yes'**`. h) Enter your IBM ID and password. \ni) On the \"Update Packages\" screen, in the Package Group Name column, select \"IBM WebSphere Application Server Network Deployment V8.0\", and click `**'Next'**`. \n**_Do not select \"IBM SPSS Collaboration and Deployment Services 7.0\", and do not select \"Update all packages with recommended updates and recommended fixes\". IOC is incompatible with the upgrade to SPSS._** j) Select all available fixes for \"WebSphere Application Server Network Deployment\". You must apply the Apache Commons fix **8.0.0.0-WS-WAS-IFPI52103**. \n**Note: This fix might not appear initially. You might have to apply earlier fixes to WebSphere Application Server before you can see this fix.** \nIf necessary, re-run IBM Installation Manager, select `**\"Update Packages for IBM WebSphere Application Server Network Deployment V8.0\"**`, and then select `**\"All available fixes for WebSphere Application Server Network Deployment\"**`. \nApply all outstanding WebSphere Application Server updates. \n6) Log in at a terminal prompt as user `**ibmadmin**`. \n\n7) Start the Analytics server by entering the command: `**IOCControl -a start -c ana -p ibmioc16**` Wait for these lines to appear in the output: `**IBM COGNOS Enterprise node agent (anacognosnode) - [ on ]**` `** IBM COGNOS Enterprise dispatcher (anacognosdisp) - [ on ] \nIBM COGNOS Enterprise gateway (anacognosgw) - [ on ] \nIBM ILOG CPLEX Optimization Studio node agent (anacplexnode) - [ on ] \nIBM ILOG CPLEX Optimization Studio server (anacplexserv) - [ on ]**` \n`** IBM SPSS Modeler server (anaspss) - [ on ]**` \n8) To verify that the fixpacks and ifixes are installed on WebSphere Application Server, perform the following steps: \na) Log on to a terminal session as user `**root**`. \nb) Enter the commands: `**cd /opt/IBM/WebSphere/AppServer/bin **` \n`**./versionInfo.sh -fixpacks **` \n`**./versionInfo.sh -ifixdetail **` For more information on the `**versionInfo.sh**` command, see:[_http://www.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en_](<http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en>) \nThe upgrade to WebSphere Application Server on the Analytics server is now complete. \n \n**Upgrading WebSphere Application Server on the Applications servers** \n \nTo perform the upgrade, follow these steps: \n \n1) Log on to the Analytics server through a terminal server. \n\nLog on as user `**ibmadmin**` if possible. \nIf `**ibmadmin**` is unavailable, \nlog on as user `**root**` and enter the command: `**perform \"su - ibmadmin\".**` \n2) Enter the command: `**IOCControl -a stop -c app -p \"topology password\"**` \nWhen the **IOCControl** command finishes, you should see output such as this: `** IBM WebSphere Application Server Network Deployment (appdmgr) - [ off ] \nIBM Business Monitor node agent (appbmonnode) - [ off ] \nIBM Business Monitor server (appbmonserv) - [ off ] \nIBM Lotus Sametime Proxy node agent (appstproxynode) - [ off ] \nIBM Lotus Sametime Proxy server (appstproxyserv) - [ off ] \nIBM Worklight node agent (appwrkltnode) - [ off ] \nIBM Worklight server (appwrkltserv) - [ off ] \nIBM WebSphere Portal Enable node agent (appwpenode) - [ off ] \nIBM WebSphere Portal Enable server (appwpeserv) - [ off ] \nIOP SVC tool node agent (appiopnode) - [ off ] \nIOP SVC tool server (appiopserv) - [ off ] \nIBM HTTP Server administration server - web server (webihsadm) - [ off ]**` \n`** IBM HTTP Server web server - web server (webihsserv) - [ off ]**` \n \n3) Log on to the Applications server as `**root**` by using the Gnome desktop or the KDE desktop. \n \n4) Configure the Installation Manager: \n\na) Start the Installation Manager through the GUI: **Applications -&gt; IBM Applications Installation Manager** b) In **File -&gt; Preferences .... Passport Advantage**, select **\"Connect to Passport Advantage\".** Click **Apply** and then click **OK.** \nc) In **File -&gt; Preferences .... Repository**, clear the selection for every repository that begins with the string `**\"/tmp/ioc\"**` or `**\"/installMedia/*\"**`. These repositories are no longer relevant, and can be deleted. d) Select `**\"Search service repositories during installation and updates\"**`. Click **Apply** and then click **OK.** e) In `**File -> Preferences --> Updates**`, select `**\"Search for Installation Manager updates ..\"**`. Click **Apply** and then click **OK.** The Installation Manager then looks for updates for the IBM Installation Manager Program itself. \nf) Stop and restart the IBM Installation Manager. \n5) Update the components on the Applications server: a) Start the Installation Manager through the GUI: `**Applications -> IBM Applications Installation Manager**` b) Select `**'Update'**`. \nc) Select `**'Next'**` repeatedly until you are prompted for an IBM ID and password. On the next screen, that prompts for a Master Password, click `**'Cancel'**`. d) If you are prompted to perform an update to a new version of Installation Manager, click `**'Yes'**` to perform the upgrade, and then click `**'OK'**` to restart the Installation Manager when prompted. e) If you upgraded the Installation Manager, select `**\"Update\"**` again. \nf) If you are prompted to attach to the IBM WebSphere Application Server Repository, select `**'Yes'**`. g) Enter your IBM ID and password. \nh) On the \"Update Packages\" screen, in the Package Group Name column, select \"IBM WebSphere Application Server Network Deployment V8.0\" and click `**'Next'**`. \n**_Do not select \"IBM SPSS Collaboration and Deployment Services 7.0\", and do not select \"Update all packages with recommended updates and recommended fixes\". IOC is incompatible with the upgrade to SPSS._** i) Select all available fixes for \"WebSphere Application Server Network Deployment\". You must apply the Apache Commons fix `**8.0.0.0-WS-WAS-IFPI52103**`. \n**Note: This fix might not appear initially. You might have to apply earlier fixes to WebSphere Application Server before you can see this fix.** \nIf necessary, re-run IBM Installation Manager, select `**\"Update Packages for IBM WebSphere Application Server Network Deployment V8.0\"**` and then select `**\"All available fixes for WebSphere Application Server Network Deployment\"**`. Apply all outstanding WebSphere Application Server updates. \n6) Log on to a terminal prompt as user `**ibmadmin**`. \n \n7) Start the Applications server by entering the command: \n\n`**IOCControl -a start -c app -p **``**\"ioc topology password\"**` Wait for these lines to appear in the output: \n`** IBM WebSphere Application Server Network Deployment (appdmgr) - [ on ]**` \n`** IBM Business Monitor node agent (appbmonnode) - [ on ] \nIBM Business Monitor server (appbmonserv) - [ on ] \nIBM Lotus Sametime Proxy node agent (appstproxynode) - [ on ] \nIBM Lotus Sametime Proxy server (appstproxyserv) - [ on ] \nIBM Worklight node agent (appwrkltnode) - [ on ]**` \n`** IBM Worklight server (appwrkltserv) - [ on ]**` \n`** IBM WebSphere Portal Enable node agent (appwpenode) - [ on ]**` \n`** IBM WebSphere Portal Enable server (appwpeserv) - [ on]**` \n`** IOP SVC tool node agent (appiopnode) - [ on ] \nIOP SVC tool server (appiopserv) - [ on ] \nIBM HTTP Server administration server - web server (webihsadm) - [ on ]**` \n`** IBM HTTP Server web server - web server (webihsserv) - [ on ]**` \n8) To verify that the fix packs and interim fixes are installed on WebSphere Application Server, perform the following steps: a) Log on to a terminal session as user `**root**`. \nb) Enter the commands: `**cd /opt/IBM/WebSphere/AppServer/bin **` \n`**./versionInfo.sh -fixpacks **` \n`**./versionInfo.sh -ifixdetail **` For more information on the `**versionInfo.sh**` command, see:[_http://www.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en_](<http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.0.0/com.ibm.websphere.nd.doc/info/ae/ae/rins_versionInfo.html?lang=en>) \nThe upgrade to WebSphere Application Server on the Applications server is now complete. \n \n**_For Intelligent Operations Center 5.1.x:_** \n \n**Installation prerequisites for Analytics and Applications servers.** \n \n1) You must have a Passport Advantage ID and password. \n \n2) Log in as user `**root**` on each server. \n \n3) All servers should have access to the internet for the following instructions. If the servers do not have access to the internet, you can download the fix or interim fix from the internet on another system and transfer the fix or interim fix to the file system on each server that must be updated. Follow the instructions in the link below and in the refer-to section. \n \nDownload the files that contain the fixes from Fix Central, and use local updating. For the following steps that use IBM Installation Manager to install the WebSphere update, use the URL: \n[`**_https://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en_**`](<https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.installation.nd.doc/ae/tins_install_fixes_dist_gui.html?cp=SSAW57_8.5.5%2F1-5-0-5-0-5-0&lang=en>) \n \nThe fix that you must download for WebSphere is located here: \n[`_http://www-01.ibm.com/support/docview.wss?uid=swg21970575_`](<http://www-01.ibm.com/support/docview.wss?uid=swg21970575>) \n \n4) **Either perform the update using a ****graphical user interface (****GUI):**\n\nLog in to a GUI desktop on Linux. \nThe desktop can be either Gnome or KDE. \nIf a desktop is not installed, you can use these steps to install a desktop: a) Enter the command: `**yum -y groupinstall \"X Window System\" Desktop**` b) Modify the file `**/etc/inittab**` to contain the line: `**id:5:initdefault:**` c) Reboot the operating system. ** Or perform the update by using a command prompt:**\n\nIf you have not installed a desktop, and you do not wish to install a desktop for the IBM Installation Manager, you can install interim fixes from a command prompt by following the syntax and commands described here: <https://www.ibm.com/support/knowledgecenter/SSEQTP_8.0.0/com.ibm.websphere.installation.base.doc/info/aes/ae/tins_install_fixes_dist_cl.html?lang=en> Follow the advice in this link wherever the IBM Installation Manager is mentioned in the rest of these procedures. \n**Detailed Steps to perform the upgrade:** \n \n1) Stop the Liberty server that runs on the Applications server. \n\na) Log on to the Applications server as `root`. \nb) Enter the commands: `**cd /opt/ibm/ioc51install/sample**` \n`**./maint.sh**` c) Under the title `**\"Control an IOC single-server instance\"**`, select `**\"4b) Stop Liberty <**``**_server_**``**>\"**`. \n2) Log on to the Applications server as `**root**` by using the Gnome desktop or the KDE desktop. \n \n3) **_Either_****_ _****_perform the update using a GUI:_**\n\nUpdate the components on the Applications server, including Liberty: a) Start the Installation Manager through the GUI: **Applications -&gt; IBM Applications Installation Manager** b) Select `**'Update'**`. \nc) Select `**'Next'**` repeatedly until you are prompted for an IBM ID and password. \nd) If you are prompted to perform an update to a new version of Installation Manager, click `**'Yes'**` to perform the upgrade and then click `**'OK'**` to restart the Installation Manager when prompted. e) If you upgraded the Installation Manager, select `**\"Update\"**` again. \nf) On the `\"Configuration for IBM WebSphere Application Server Liberty Network Deployment 8.5.5.7\"` panel, select `**\"Launch Asset Selection Wizard\"**`. \ng) Select `**\"Update all packages with recommended updates and recommended fixes\"**` \nh) Enter your IBM ID and password. \ni) Accept the terms of the license agreement, and click `**'Finish'**`. \nj) On the \"Update Packages\" screen, in the Package Group Name column, select \"IBM WebSphere Application Server Network Deployment V8.0\" and click `**'Next'**`. \n**_Do not select \"IBM SPSS Collaboration and Deployment Services 7.0\", and do not select \"Update all packages with recommended updates and recommended fixes\". IOC is incompatible with the upgrade to SPSS._** k) Select all available fixes for \"WebSphere Application Server Network Deployment\". You must apply the Apache Commons fix **8.0.0.0-WS-WAS-IFPI52103**. \n**Note: This fix might not appear initially. You might have to apply earlier fixes to WebSphere Application Server to see this fix.** \nIf necessary, re-run IBM Installation Manager, select `**\"Update Packages for IBM WebSphere Application Server Network Deployment V8.0\"**` and then select `**\"All available fixes for WebSphere Application Server Network Deployment\"**`. \nApply all outstanding WebSphere Application Server updates. \nWhen you have applied all the WebSphere Application Server fixes, proceed to the next step. \n**_Or perform the update using a command line:_**\n\na) Download the `**8.5.5.7-WS-WLP-DistOnly-IFPI52103**``**.zip**` file to a local system. \nb) Upload the compressed file to the `**/tmp**` file system on the Application Server. \nc) Log on to a terminal session as the `root` user. \nd) Execute these two commands to perform the installation: `**cd /opt/IBM/InstallationManager/eclipse/tools**` \n \n`**/imcl install 8.5.5.7-WS-WLP-DistOnly-IFPI52103**` `** -installationDirectory /opt/IBM/WebSphere/wlp -repositories**` \n`** /tmp/8.5.5.7-ws-wlp-distonly-ifpi52103.zip**` \nThese commands install `8.5.5.7-WS-WLP-DistOnly-IFPI52103_8.5.5007.20151114_2058` to the `/opt/IBM/WebSphere/wlp` directory. \ne) To validate the installation perform the command: `**./imcl listInstalledPackages -long**` \n4) Start the Liberty server with the commands: \n\n`**cd /opt/ibm/ioc51install/sample**` \n`**./maint.sh**` 5) Under the title `**\"Control an IOC single-server instance\"**`, \n\nselect `**\"4a) Start Liberty <**``**_server_**``**>\"**`.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-19T21:04:31", "type": "ibm", "title": "Security Bulletin: Vulnerability in Apache Commons in\u00a0IBM WebSphere Application Server affects Intelligent Operations Center and related products\u00a0(CVE-2015-7450)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2015-7450"], "modified": "2022-08-19T21:04:31", "id": "63DAED287E5E589CB66DEE42D6AD62CBADA57BF5A22C757E4A6252674CC1D266", "href": "https://www.ibm.com/support/pages/node/272121", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:46:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireless Platform . This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014\n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them:- \n \n**CVE ID**: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION**: Product could allow a remote attacker to obtain sensitive information, caused \nby a design error when using the SSLv3 protocol. A remote user with the ability to conduct a \nman-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On \nDowngraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of \nencrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVE ID**: [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n \n**DESCRIPTION**: An unspecified vulnerability related to the JSSE component has partial \nconfidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \nPlease consult the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Oct 2014 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) for vulnerability details. \n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as component \n---|--- \nTivoli Network Performance Manager 1.4| Bundled the Jazz for Service Management version 1.1.0.2, IBM WebSphere version 8.5.0.1 and the JRE from IBM SDK Java 2 Technology Edition Version 7. \nTivoli Network Performance Manager 1.3.2| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Performance Manager 1.3.1| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \n \n## Remediation/Fixes\n\n[Upgrade your SDK to an interim fix level as determined below: ](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) \n<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T14:53:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server shipped with IBM Tivoli Network Performance Manager Wireless Platform (CVE-2014-3566 and CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T14:53:40", "id": "D14EDC67B834C0978CC140C1E958B367C219D7AC61409ECE5A3D8285E6A6E34E", "href": "https://www.ibm.com/support/pages/node/520885", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:54:54", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 (Service Refresh 16-FP1 and earlier) and 7 (Service Refresh 7-FP1 and earlier) that is used by IBM Cognos TM1. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos TM1 10.1.1 \n\nIBM Cognos TM1 10.2.0\n\nIBM Cognos TM1 10.2.2\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix in one of the IBM Cognos TM1 interim fixes listed as soon as practical. \n \n[IBM Cognos TM1 10.1.1.2 IF3](<http://www-01.ibm.com/support/docview.wss?uid=swg24039380>)\n\n[IBM Cognos TM1 10.2.0.2 IF3](<http://www-01.ibm.com/support/docview.wss?uid=swg24039379>)\n\n[IBM Cognos TM1 10.2.2 FP2](<http://www-01.ibm.com/support/docview.wss?uid=swg24038876>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T22:35:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T22:35:24", "id": "4236525AFBF4BBBAB3E2E3C6F2354D45B065C144D4682294F539A06FF126BE91", "href": "https://www.ibm.com/support/pages/node/527205", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:46:33", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireline Platform . This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These issues were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them. \n\nCVE-ID: [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n \nDESCRIPTION: Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\nCVEID: [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\nPlease consult the security bulletin [_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Oct 2014 CPU_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) for vulnerability details. \n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected IBM WebSphere Application Server Version \n---|--- \nTivoli Netcool Performance Manager version 1.3.1, 1.3.2, 1.3.3, 1.4.0| WAS version 6.1, 7.0, 8.0, 8.5 \n \n## Remediation/Fixes\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T14:54:01", "type": "ibm", "title": "Security Bulletin: Security vulnerabilities in IBM Java SDK shipped with WebSphere Application Server affect Tivoli Netcool Performance Manager TNPM Wireline (CVE-2014-3566 and CVE-2014-6457).", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T14:54:01", "id": "336E9B55A0ECBC8F9A88833E9FA9380FAFD9D55323FC4120FA081C19C27D9AE7", "href": "https://www.ibm.com/support/pages/node/522089", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-12-05T17:35:38", "description": "## Summary\n\nIBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed are vulnerable to attacks related to Java vulnerabilites. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566).\n\n## Vulnerability Details\n\nIBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed servers are Java applications running in WebSphere Application Server container. Due to discovered Java vulnerabilities, the servers are vulnerable as specified by the following advisories: \n\n**CVEID:** [CVE-2014-3566](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566>)** \nDESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused\n\n \nby a design error when using the SSLv3 protocol. A remote user with the ability to conduct a \nman-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On \nDowngraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of \nencrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2014-6457_](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial \nconfidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4.0 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Tivoli Asset Discovery for Distributed v7.2.2 &amp; v7.5, IBM License Metric Tool v7.2.2, v7.5 &amp; v 9.0, IBM Endpoint Manager for Software Use Analysis v9.0\n\n## Remediation/Fixes\n\nIf your product is version 7.2.2 or 7.5: \n\n * Apply Interim Fix for your version of WebSphere as described in the following technote: [](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)<http://www.ibm.com/support/docview.wss?uid=swg21687740>. Products with version 7.2.2 use WebSphere 6.1, and products with version 7.5 use WebSphere 7.0.\nIf your product is version 9.0: \n * Upgrade your product to version 9.1.0.2 manually or with a fixlet.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.5;9.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2022-08-19T23:26:06", "type": "ibm", "title": "Security Bulletin: IBM License Metric Tool, IBM Endpoint Manager for Software Use Analysis and IBM Tivoli Asset Discovery for Distributed Java-related vulnerabilities - October 2014", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2022-08-19T23:26:06", "id": "523E603F9CB6DAA625DE97BC3524132F098EBC21A31108A9EFFCA3DA83C39A19", "href": "https://www.ibm.com/support/pages/node/525721", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, versions 1.5, 1.6 and 1.7 which are used by IBM Rational RequisitePro. These issues were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n \n**Description:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \n**CVSS Base Score:** 4.3 \n**CVSS Temporal Score:** See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n \n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>) \n \n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n**CVSS Base Score: **4 \n**CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \n**CVSS Environmental Score*:** Undefined \n**CVSS Vector:** (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Version**\n\n| **Status** \n---|--- \n7.1.4 through 7.1.4.6| Affected \n7.1.3 through 7.1.3.13| Affected \n7.1.0.x, 7.1.1.x (all versions), 7.1.2 through 7.1.2.16| Affected \n \n## Remediation/Fixes\n\n**Affected Version**\n\n| **Applying the fix** \n---|--- \n7.1.3.x and 7.1.4.x| These releases use an installation of WAS separately installed and maintained from the ReqPro installation. \n\nDetermine the version of WAS that your deployment is using and follow the instructions at [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU_](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) to update your version of the JRE supplied by WAS. \n \n7.1.0.x, 7.1.1.x and 7.1.2.x| \nThese releases ship with, install and configure WAS version 6.1.0.25. review document 1390803: [_How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1_](<http://www.ibm.com/support/docview.wss?uid=swg21390803>). The same instructions apply to RequisitePro. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:59:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect RequisitePro (CVE-2014-3566 and CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T04:59:29", "id": "D528CCE84D3A26BB724A3D7A450784D5AE4C51476CEE59FD639160121DCCD849", "href": "https://www.ibm.com/support/pages/node/524685", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:49:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 1.5, 1.6, 1.7 that is used by IBM Rational Build Forge. These issues were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>) \n \n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n\nAs the new version of JDK does not support secure communication with protocol SSLV3 and below (review article [1688165: IBM SDK, Java Technology Edition fixes to mitigate against the POODLE security vulnerability (CVE-2014-3566)](<http://www.ibm.com/support/docview.wss?uid=swg21688165>) for details), ensure that your connections (JDBC, agent to console connection, Java API to Build Forge service) doesn't use SSLV1, SSLV2, SSLV3 protocol; otherwise it will cause `Error: SSLv3 SSLContext not available.` \n \nFor example:\n\nIf your BuildForge uses sqlserver 2005 and sqlserver 2005 enables sslv3 for its connection, \nBuildForge will throw the following exception when connectting to sqlserver 2005 by jdbc: \n \n`Caused by: org.apache.commons.dbcp.SQLNestedException: Cannot create \nPoolableConnectionFactory (The driver could not establish a secure \nconnection to SQL Server by using Secure Sockets Layer (SSL) \nencryption. Error: SSLv3 SSLContext not available.) \nCaused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver \ncould not establish a secure connection to SQL Server by using Secure \nSockets Layer (SSL) encryption. Error: SSLv3 SSLContext not available. `\n\n## Affected Products and Versions\n\nAffected versions: 7.1.1.1, 7.1.1.2, 7.1.1.3, 7.1.1.4, 7.1.2, 7.1.2.1, 7.1.2.2, 7.1.2.3, 7.1.3, 7.1.3.1, 7.1.3.2, 7.1.3.3, 7.1.3.4, 7.1.3.5, 7.1.3.6, 8.0, 8.0.0.1, 8.0.0.2\n\n## Remediation/Fixes\n\nApply the correct fix pack or iFix for your version of Build Forge: \n\n**Affected Version**| **Fix** \n---|--- \nBuild Forge 7.1.1.0 - 7.1.1.4| 7.1.1.4 iFix (not released yet) or upgrade to 7.1.2.x or 7.1.3.x \n \n**Note:** If you need 7.1.1.4 iFix contact IBM support \nBuild Forge 7.1.2.0 - 7.1.2.3| [7.1.2.3 iFix 4](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=buildforge-7.1.2.3-4-0090&source=SAR>) \nBuild Forge 7.1.3.0 - 7.1.3.6| [7.1.3.6 iFix 2](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Build+Forge&fixids=buildforge-7.1.3.6-2-0078&source=SAR>) \nBuild Forge 8.0 - 8.0.0.2| [8.0.0.2 iFix 3](<https://jazz.net/downloads/rational-build-forge/releases/8.0.0.2iFix3>) \n \n## Workarounds and Mitigations\n\nIf BuildForge does not enable SSL for the Console and Agent communication, or Console and API communication, you are not affected by **CVE-2014-6457.**\n\nIf BuildForge was installed with WebSphere Application Server (WAS), and BuildForge is using the WAS JDK, refer to the [WAS security bulletin](<http://www.ibm.com/support/docview.wss?uid=swg21692943>).\n\n**WORKAROUND:**\n\nUpgrade the IBMJDK, which is under Build Forge installation\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:58:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Build Forge (CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-17T04:58:43", "id": "C9B9C3B74AA9C47FD1EE5FC9560776AAE66F55010D974D183FA7510A40CE37A3", "href": "https://www.ibm.com/support/pages/node/521015", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:58:08", "description": "## Summary\n\nTwo vulnerabilities are present in IBM\u00ae SDK Java\u2122 Technology Edition as embedded in the WebSphere DataPower XC10 Appliance. This issue was disclosed as part of the IBM SDK Java updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plain text of encrypted connections.\n\n \n \n \n\n\n**CVSS Base Score: 4.3 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n**\n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n \n \n \n\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\n \n \n \n\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/97148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance Version 2.1 \n \n \n\n\nWebSphere DataPower XC10 Appliance Version 2.5\n\n## Remediation/Fixes\n\nThe only remediation is to apply the following fix: \n \n\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \n_WebSphere DataPower XC10 Appliance_| _Version 2.1_| _IT06459_| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&amp;release=2.1.0.3&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.1.0.3&platform=All&function=all>) \n_WebSphere DataPower XC10 Appliance_| _Version 2.5_| _IT06459_| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&amp;release=2.5.0.4&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \n_WebSphere DataPower XC10 Virtual Appliance_| _Version 2.5_| _IT06459_| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&amp;release=2.5.0.4&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \n \nA previous fix for the IBM DataPower XC10 Appliance versions 2.1 and 2.5 provided protection from CVE-2014-3566, by making it possible to disable SSLv3 on the appliance. With that fix, it was still possible, although not recommended, to configure the appliance to use the SSLv3 protocol. \n \nOnce the fix from the previous table is applied, the appliance can no longer be configured to support SSLv3 at all. IBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol, and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is to disable SSLv3. Verify that disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:25", "type": "ibm", "title": "Security Bulletin: Two vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition affect WebSphere DataPower XC10 Appliance:CVE-2014-3566,CVE-2014-6457", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:02:25", "id": "E9207C14E450070B517EE19B6B8FA6D70E28356D6250001905B7277FBDB352CA", "href": "https://www.ibm.com/support/pages/node/525731", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:41:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by ClearQuest Web and ClearQuest EmailRelay. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)** \nDESCRIPTION:** Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * * Rational ClearQuest Web greater than and inclusive of ClearQuest v7.1\n * ClearQuest EmailRelay, versions 8.0.0.3 and newer, and versions 8.0.1 and newer.\n \nNote: ClearQuest EmailRelay was introduced in ClearQuest 8.0.0.3. \n\n## Remediation/Fixes\n\nClearQuest Web and ClearQuest EmailRelay use the Java runtime that is included with WebSphere Application Server. Follow instructions for updating your version of WebSphere Application Server to a version that includes the fixes. \n \nFor ClearQuest 7.1.x \nThese releases ship with, install and configure WAS version 6.1.0.25. Review technote[ 1390803:](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) [How to update the IBM WebSphere Application Server components in Rational ClearCase and Rational ClearQuest 7.1](<http://www.ibm.com/support/docview.wss?uid=swg21390803>) \n \nFor ClearQuest 8.x \nThese releases use an installation of WAS separately installed and maintained from the ClearQuest installation. \n\nDetermine the version of WAS that your deployment is using and follow the instructions at\n\n \n[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server October 2014 CPU](<http://www-01.ibm.com/support/docview.wss?uid=swg21687740>) to update your version of the JRE supplied by WAS. This applies for all versions of ClearQuest Web Server greater than and inclusive of v7.1. \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-09-29T18:04:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-09-29T18:04:03", "id": "92640DE0D3329771AA9E911C69D90A4970D57D796CCD9827561C866C175BDB7C", "href": "https://www.ibm.com/support/pages/node/523369", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:54:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by IBM PureApplication System. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>) \n \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Image Construction and Composition Tool v2.2.1.3 \nIBM Image Construction and Composition Tool v2.3.1.0 \nIBM Image Construction and Composition Tool v2.3.2.0\n\n## Remediation/Fixes\n\nThe solution is to apply the following IBM Image Construction and Composition Tool version fixes. \n \nUpgrade the IBM Image Construction and Composition Tool to the following fix levels or higher: \n \n\uf0b7 For\uf020IBM Image Construction and Composition Tool v2.2.1.3 \n\n\uf0b7 IBM Image Construction and Composition Tool v2.2.1.3 Build 23 \n\uf0b7 For IBM Image Construction and Composition Tool v2.3.1.0 \n\n\uf0b7 IBM Image Construction and Composition Tool v2.3.1.0 Build 38 \n\uf0b7 For\uf020IBM Image Construction and Composition Tool v2.3.2.0 \n\n\uf0b7 IBM Image Construction and Composition Tool v2.3.2.0 Build 7 \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:03:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2014-3566 and CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:03:05", "id": "ADB7392FA5FC9A8AAEE54A64933ADC904DAABB8A3306D84D94E7EF94FFB5FFE5", "href": "https://www.ibm.com/support/pages/node/264737", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:55:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6 that is used by IBM Workload Deployer. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)** \n \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>) \n \n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Workload Deployer version 3.1 and later\n\n## Remediation/Fixes\n\nThe solution is to apply the IBM Workload Deployer Interim Fix6. \n \nUpgrade the IBM Workload Deployer to the following fix level: \n \n\n\n_Product_\n\n| \n\n_VRMF_\n\n| \n\n_Remediation/First Fix_ \n \n---|---|--- \nIBM Workload Deployer System| Release V3.1.0.7| IWD 3.1.0.7 Interim Fix 6 \n \n[_http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&amp;release=3.1.0.7&amp;platform=All&amp;function=fixId&amp;fixids=3.1.0.7-ifix6-IBM_Workload_Deployer&amp;includeSupersedes=0_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/WebSphere/IBM+Workload+Deployer&release=3.1.0.7&platform=All&function=fixId&fixids=3.1.0.7-ifix6-IBM_Workload_Deployer&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Workload Deployer. (CVE-2014-6457, CVE-2014-3566)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-06-15T07:02:44", "id": "F0650A373BAAFA4560B631CEF4532A331D4E8099892CB3991846949884E9E3CE", "href": "https://www.ibm.com/support/pages/node/259253", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:41:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 5 and 6 that are used by IBM Rational ClearCase. This also includes a fix for the Padding Oracle On Downgraded Legacy Encryption (POODLE) SSLv3 vulnerability (CVE-2014-3566). These were disclosed as part of the IBM Java SDK updates in October 2014.\n\n## Vulnerability Details\n\n**CVE-ID: **[_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>)\n\n**DESCRIPTION: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2014-6457_](<https://vulners.com/cve/CVE-2014-6457>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nOnly the ClearCase Remote Client/ClearTeam Explorer component of ClearCase is affected. \n \n\n\n**ClearCase Remote Client/ClearTeam Explorer version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.6\n\n| \n\nAffected \n \n8.0 through 8.0.0.13\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.16\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nThe solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 7 (8.0.1.7) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24039409>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 14 (8.0.0.14) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24039407>) \n \n7.1.2.x \n7.1.1.x \n7.1.0.x\n\n| Customers on extended support contracts should install [Rational ClearCase Fix Pack 17 (7.1.2.17) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24039405>) \n \n**Notes: **\n\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), you should update the Java\u2122 Virtual Machine used by Eclipse to include a fix for CVE-2014-3566 and CVE-2014-6457. Contact the supplier of your Eclipse or Java\u2122 Virtual Machine for instructions on updating Eclipse.\n \n \nIBM recommends that you review your entire environment to identify areas that enable the SSLv3 protocol and take appropriate mitigation and remediation actions. The most immediate mitigation action that can be taken is disabling SSLv3. You should verify disabling SSLv3 does not cause any compatibility issues. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase (CVE-2014-3566, CVE-2014-6457)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457"], "modified": "2018-07-10T08:34:12", "id": "5EEF79A5DC151FBAC5D5E48B9BE47FAA1CF6798A1667C8D02D50EC663EBF4FB4", "href": "https://www.ibm.com/support/pages/node/257183", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:45:53", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Versions 6 and 7 that are used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n \n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)\n\n**DESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \n\nCVSS Base Score: 7.1\n\nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nTivoli Netcool/OMNIbus 7.3.0 \nTivoli Netcool/OMNIbus 7.3.1 \nTivoli Netcool/OMNIbus 7.4.0 \nTivoli Netcool/OMNIbus 8.1.0\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nOMNIbus | 7.3.0.17| IV80895| <http://www-01.ibm.com/support/docview.wss?uid=swg24041750> \nOMNIbus| 7.3.1.15| IV80895| <http://www-01.ibm.com/support/docview.wss?uid=swg24041381> \nOMNIbus| 7.4.0.10| IV80895| <http://www-01.ibm.com/support/docview.wss?uid=swg24041383> \nOMNIbus | 8.1.0.7| IV80895| <http://www-01.ibm.com/support/docview.wss?uid=swg24041386> \n \n## Workarounds and Mitigations\n\nFor CVE-2015-7575: \n\nUsers of Java 7 and later can address the issue by updating the /jre/lib/security/java.security file as follows (**both steps are required**): \n\n * Add MD5 to the jdk.certpath.disabledAlgorithms property - e.g. jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n * Add MD5withRSA to the jdk.tls.disabledAlgorithms property - e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n \nJava 6 requires code changes in the JSSE component in addition to the java.security file modifications, so upgrading the JDK is the only solution. \n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:17:32", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-17T15:17:32", "id": "4A95B1896DEDD8AF3CE304090A4953DAFAA77A9A536EEFFDA7A7CFB186AB1198", "href": "https://www.ibm.com/support/pages/node/542013", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:52:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Versions 6, 7, 8 that are used by IBM Transformation Extender Hypervisor Edition for AIX. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and include the vulnerability commonly referred to as \u201cSLOTH\u201d.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nTransformation Extender Hypervisor Edition for AIX \nAffected versions: \n\n * 9.0.0.0\n \nWebSphere Transformation Extender with Launcher Hypervisor Edition for AIX \nAffected versions: \n\n * 8.4.1.0 - 8.4.1.3\n\n## Remediation/Fixes\n\nTransformation Extender Hypervisor Edition for AIX 9.0.0.0 users should download and install the interim fix for APAR PI57205 from IBM Fix Central [here](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Transformation+Extender&release=All&platform=All&function=aparId&apars=PI57205>). \n\nUsers on prior versions of WebSphere Transformation Extender with Launcher Hypervisor Edition for AIX should download and install the interim fix for APAR PI57205 from IBM Fix Central [here](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Transformation+Extender&release=All&platform=All&function=aparId&apars=PI57205>).\n\n## Workarounds and Mitigations\n\nTo address CVE-2015-7575, users that are on Java 7 or Java 8 can address the issue by updating the /jre/lib/security/java.security file as follows (**both steps are required**): \n\n\u00b7 Add MD5 to the jdk.certpath.disabledAlgorithms property - for example jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n\n\u00b7 Add MD5withRSA to the jdk.tls.disabledAlgorithms property - for example jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T19:59:14", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Versions 6, 7, 8 affect IBM Transformation Extender Hypervisor Edition for AIX (CVE-2016-0466, CVE-2015-7575)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T19:59:14", "id": "5864A59CA7CF5F61D2C22A87B445731BDAF02EBF53AED07808873EC7F05070BF", "href": "https://www.ibm.com/support/pages/node/542319", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:51:41", "description": "## Summary\n\nThere is a vulnerability in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8.0 that is used by Rational Policy Tester. This vulnerability, commonly referred to as \u201cSLOTH\u201d, was disclosed as part of the IBM Java SDK updates in January 2016. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n\n## Affected Products and Versions\n\nRational Policy Tester 8.5.x\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n_Rational Policy Tester_| _8.5.x_| [_PolicyTester-8.5.0.5-IFix-009-Windows_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FRational%2FRational+Policy+Tester&fixids=POLTEST_Windows_8.5.0.5-IFix-009&source=SAR>) \n \n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T21:40:12", "type": "ibm", "title": "Security Bulletin: Vulnerability in IBM Java Runtime affect Rational Policy Tester (CVE-2016-0466, CVE-2015-7575)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T21:40:12", "id": "308E7990CF653F320A779F892C70403DC99B4531DCBA2478F2E961436956D465", "href": "https://www.ibm.com/support/pages/node/543891", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:46:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6) that is used by Tivoli Composite Application Manager for SOA. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM Tivoli Composite Application Manager for SOA 7.2 \n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM Tivoli Composite Application Manager for SOA| 7.2.0.1| IV80997| [7.2.0.1-TIV-ITCAMSOA-IF0008](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=isg400002506>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:17:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect ITCAM for SOA (January 2016: CVE-2016-0466, CVE-2015-7575)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-17T15:17:03", "id": "309C81A984490C0BEA5ADCAF2BD8D46D1BA071A12F1ACC3CAF7A478B92AAF775", "href": "https://www.ibm.com/support/pages/node/540815", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:52:50", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Versions 6, 7, 8 that are used by IBM Transformation Extender Hypervisor Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and include the vulnerability commonly referred to as \u201cSLOTH\u201d.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\nTransformation Extender Hypervisor Edition \n\n \nAffected versions: \n * 9.0.0.0\n \nWebSphere Transformation Extender with Launcher Hypervisor Edition \n\nAffected versions: \n * 8.4.1.0 - 8.4.1.3\n * 8.4.0.0 - 8.4.0.5\n\n## Remediation/Fixes\n\nTransformation Extender Hypervisor Edition 9.0.0.0 users should download and install the interim fix for APAR PI57205 from IBM Fix Central [here](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other+software&product=ibm/Other+software/Transformation+Extender&release=All&platform=All&function=aparId&apars=PI57205>).\n\nUsers on prior versions of WebSphere Transformation Extender with Launcher Hypervisor Edition should download and install the interim fix for APAR PI57205 from IBM Fix Central [here](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Transformation+Extender&release=All&platform=All&function=aparId&apars=PI57205>).\n\n## Workarounds and Mitigations\n\nTo address CVE-2015-7575, users that are on Java 7 or Java 8 can address the issue by updating the /jre/lib/security/java.security file as follows (**both steps are required**): \n\n\u00b7 Add MD5 to the jdk.certpath.disabledAlgorithms property - for example jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n\n\u00b7 Add MD5withRSA to the jdk.tls.disabledAlgorithms property - for example jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T19:59:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Runtime Environments Java\u2122 Technology Edition, Versions 6, 7, 8 affect IBM Transformation Extender Hypervisor Edition (CVE-2016-0466, CVE-2015-7575)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T19:59:12", "id": "19A762D86AFF27985FA0CF80F32B118F99EB31423AB19290F7D901406D47A8DF", "href": "https://www.ibm.com/support/pages/node/542199", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:45:50", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 that is used by IBM Tivoli System Automation for Multiplatforms. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n\n## Affected Products and Versions\n\nIBM Tivoli System Automation for Multiplatforms 4.1, 3.2.2, 3.2.1, and 3.2.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the corresponding fix to IBM Tivoli System Automation for Multiplatforms. To select the fix you need to apply in your environment, click on 'Download link' in the table below. \n \n* If you are running IBM Tivoli System Automation for Multiplatforms 4.1, please apply interim fix \u201c4.1.0.2-TIV-ITSAMP-&lt;OS&gt;-IF0002\u201d where &lt;OS&gt; represents the operating system for which you want to install the interim fix of this product version. You can apply this interim fix on top of any fixpack of version 4.1. \n* If you are running IBM Tivoli System Automation for Multiplatforms 3.2.2, please first upgrade to fixpack IBM Tivoli System Automation for Multiplatforms 3.2.2.9. Apply then interim fix \u201c3.2.2.9-TIV-ITSAMP-&lt;OS&gt;-IF0001\u201d where &lt;OS&gt; represents the operating system for which you want to install the fix of this product version. Please note that this interim fix can not be applied to fixpack IBM Tivoli System Automation for Multiplatforms 3.2.2.8 or lower. \n* If you are running IBM Tivoli System Automation for Multiplatforms 3.2.1 or IBM Tivoli System Automation for Multiplatforms 3.2.0, then please contact IBM support. \n \n\n\n_Product_| _VRMF_| _APAR_ \n---|---|--- \nIBM Tivoli System Automation for Multiplatforms| _4.1 and 3.2.2_| [_Download link_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Tivoli+System+Automation+for+Multiplatforms&release=All&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nFor CVE-2015-7575: \nUsers of Java 7 and later can address the issue by updating the /jre/lib/security/java.security file as follows (**both steps are required**): \n\n * Add MD5 to the jdk.certpath.disabledAlgorithms property - e.g. jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n * Add MD5withRSA to the jdk.tls.disabledAlgorithms property - e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-17T15:17:42", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli System Automation for Multiplatforms (CVE-2016-0466, CVE-2015-7575)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-17T15:17:42", "id": "6DC6FDCBD5645004E5D0AA5FB5D788FEBC7AF6DF8A4681C48A612321C9677CF8", "href": "https://www.ibm.com/support/pages/node/542419", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:41:28", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 and 8 that is used by Rational Business Developer. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d. \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>) \n** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \n \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n \n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>) \n** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational Business Developer 8.5 - 9.5\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nRational Business Developer| 8.5.x, 9.0.x, 9.1.x\uff0c9.5.x| None| [Rational-RBD-Java8SR2FP10-ifix](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Business+Developer&release=9.5.0&platform=All&function=fixId&fixids=Rational-RBD-Java8SR2FP10-ifix&includeSupersedes=0>) \n[Rational-RBD-Java7SR9FP30-ifix](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Business+Developer&release=8.5.0&platform=All&function=fixId&fixids=Rational-RBD-Java7SR9FP30-ifix&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-08-03T04:23:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Business Developer (CVE-2015-7575, CVE-2016-0466)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-08-03T04:23:43", "id": "82168340173C2B8696027816B70024550B62E1FA60AD73D84B1755A7C72279DF", "href": "https://www.ibm.com/support/pages/node/541903", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:52:52", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 7 that is used by Financial Transaction Manager for ACH Services, Check Services, and Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N)\n\n## Affected Products and Versions\n\n\\- FTM for ACH v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12 \n\n\\- FTM for Check v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12\n\n\\- FTM for CPS v3.0.0.0, v3.0.0.1, v3.0.0.2, v3.0.0.3, v3.0.0.4, v3.0.0.5, v3.0.0.6, v3.0.0.7, v3.0.0.8, v3.0.0.9, v3.0.0.10, 3.0.0.11, 3.0.0.12\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nFTM for ACH Services| 3.0.0.0 through 3.0.0.12| PI57476| Apply [3.0.0-FTM-ACH-MP-fp0013](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0-FTM-ACH-MP-fp0013&includeSupersedes=0>) or later. \nFTM for Check Services| 3.0.0.0 through 3.0.0.12| PI57476| Apply [3.0.0-FTM-Check-MP-fp0013](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0-FTM-Check-MP-fp0013&includeSupersedes=0>) or later. \nFTM for CPS Services| 3.0.0.0 through 3.0.0.12| PI57477| Apply [3.0.0-FTM-CPS-MP-fp0013](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.0-FTM-CPS-MP-fp0013&includeSupersedes=0>) or later. \n \n## Workarounds and Mitigations\n\nFor CVE-2015-7575: \n\nUsers of Java 7 and later can address the issue by updating the /jre/lib/security/java.security file as follows (**both steps are required**): \n\n\u00b7 Add MD5 to the jdk.certpath.disabledAlgorithms property - e.g. jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n\n\u00b7 Add MD5withRSA to the jdk.tls.disabledAlgorithms property - e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n\nJava 6 requires code changes in the JSSE component in addition to the java.security file modifications, so upgrading the JDK is the only solution.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T19:51:40", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Financial Transaction Manager for ACH Services, Check Services and Corporate Payment Services (\n CVE-2016-0466, CVE-2015-7575 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T19:51:40", "id": "06A118EE407B0F32F7D7D25CB0D4099ABF958591FD820D546CF76FA6280912B3", "href": "https://www.ibm.com/support/pages/node/541031", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:52:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Financial Transaction Manager for Corporate Payment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. This vulnerability is commonly referred to as \u201cSLOTH\u201d. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n \n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n\\- FTM for CPS v2.1.1.0, v2.1.1.1\n\n## Remediation/Fixes\n\nProduct\n\n| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nFTM for Corporate Payment Services| 2.1.1.0, 2.1.1.1| PI57256| Apply [2.1.1-FTM-CPS-MP-fp0002](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=2.1.1-FTM-CPS-MP-fp0002&includeSupersedes=0&source=fc>) or later \n \n## Workarounds and Mitigations\n\nFor CVE-2015-7575: \n\nUsers of Java 7 and later can address the issue by updating the /jre/lib/security/java.security file as follows (**both steps are required**): \n\n\u00b7 Add MD5 to the jdk.certpath.disabledAlgorithms property - e.g. jdk.certpath.disabledAlgorithms=MD2, RSA keySize &lt; 1024, **MD5**\n\n\u00b7 Add MD5withRSA to the jdk.tls.disabledAlgorithms property - e.g. jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize &lt; 768, **MD5withRSA**\n\nJava 6 requires code changes in the JSSE component in addition to the java.security file modifications, so upgrading the JDK is the only solution.\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T19:59:11", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services (CVE-2015-7575, CVE-2016-0466)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T19:59:11", "id": "FD8DC864D53B5D23AB4864B7F9D78A8998D52B2360B068BABE9BB70662B2B529", "href": "https://www.ibm.com/support/pages/node/542187", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:53:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \"SLOTH\". \n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability related to the JAXP component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N) \n \n\n\n## Affected Products and Versions\n\nIBM Data Studio client 4.1.2 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW 4.1.2 and earlier \nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS 4.1.2 and earlier \nIBM InfoSphere Data Architect 9.1.3 and earlier\n\n## Remediation/Fixes\n\nEach affected product and version requires the upgrade of the IBM SDK, Java Technology Edition that is installed with the client. Install one of the following IBM Java SDK versions: \n\n\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 3 Fix Pack 30 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 9 Fix Pack 30 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 20 and subsequent releases\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 20 and subsequent releases \n \n**Product**| **Version**| **IBM SDK** \n---|---|--- \nIBM Data Studio client \n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW\n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS\n\n| 3.1.0, 3.1.1| Replace JRE [(latest JRE V6](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)) \nIBM Data Studio client \n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for LUW\n\nIBM InfoSphere Optim Query Workload Tuner for DB2 for z/OS\n\n| 3.2, 4.1.0, 4.1.0.1, 4.1.1, 4.1.2| Replace JRE ([latest JRE V7](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)) \nInfoSphere Data Architect| 7.6, 8.1| Replace JRE [(latest JRE V6](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)) \nInfoSphere Data Architect| 8.5, 9.1, 9.1.1, 9.1.2, 9.1.3| Replace JRE ([latest JRE V7](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)) \n \n \nDetailed instructions are provided in the tech-note \u201c[Updating the IBM SDK, Java Technology Edition for Optim Data Server Tools Desktop Products](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)\u201d.[](<http://www-01.ibm.com/support/docview.wss?uid=swg21691806>)\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-16T13:38:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition affect Data Studio, InfoSphere Data Architect, Optim Query Workload Tuner for Linux, UNIX and Windows, and Optim Query Workload Tuner for z/OS (CVE-2016-0466, CVE-2015-7575)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-16T13:38:49", "id": "18733A7EB1357FC8CED956E1689D16C4E641F1D3C513D875179499414501DF34", "href": "https://www.ibm.com/support/pages/node/542023", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:49:20", "description": "## Summary\n\nTwo possible security vulnerabilities have been reported in RLKS Administration and Reporting Tool. There have been no reported exploits of these vulnerabilities.\n\n## Vulnerability Details\n\n**CVE ID: **[CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description: **Product could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.\n\n \n\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE ID: **[CVE-2014-4244](<https://vulners.com/cve/CVE-2014-4244>)\n\n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4\n\nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score\n\nCVSS Environmental Score*: Undefined\n\nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nThis vulnerability impacts the following RLKS components and its releases: \n\n * RLKS Administration and Reporting Tool version 8.1.4\n * RLKS Administration and Reporting Tool version 8.1.4.2\n * RLKS Administration and Reporting Tool version 8.1.4.3\n * RLKS Administration and Reporting Tool version 8.1.4.4\n * RLKS Administration and Reporting Tool version 8.1.4.5\n * * RLKS Administration Agent version 8.1.4\n * RLKS Administration Agent version 8.1.4.2\n * RLKS Administration Agent version 8.1.4.3\n * RLKS Administration Agent version 8.1.4.4\n * \n**Note:** This vulnerability has been fixed in RLKS Administration Agent version 8.1.4.5. \n\n## Remediation/Fixes\n\nReplace the JRE used in RLKS Administration and Reporting Tool and IBM Rational License Key Server Administration Agent. \n\n**_Steps to replace the JRE in _****_RLKS Administration and Reporting Tool (All Versions)_**\n\n 1. Go to [Fix Central](<http://www.ibm.com/support/fixcentral>) \n\n 2. On the **Find product** tab, enter _Rational Common Licensing_ in the **Product Selector** field and hit enter. \n\n 3. Select the **Installed Version** and hit continue button. \n\n 4. Select the platform of the machine where RLKS Administration and Reporting Tool is installed and hit continue button. \n\n 5. On the **Identify fixes** page, select **Browse for fixes** and select **Show fixes that apply to this version** and hit continue button. \n\n 6. Download the Java runtime iFix for RLKS Administration and Reporting Tool. \n \n**Note:** Although the name of the iFix is ** RLKS_Administration_And_Reporting_Tool_8145_Admin_iFix****_1****_&lt;Platform&gt;_&lt;Architecture&gt;**, the same ifix is applicable to all previous RLKS Administration and Reporting Tool versions. \n\n 7. Shutdown RLKS Administration and Reporting Tool. \n\n 8. Go to the installation location of RLKS Administration and Reporting Tool. \n\n 9. Rename &lt;install location&gt;/server/jre folder to **&lt;install location&gt;/server/jre_back**. \nThis step backs up the existing JRE. \n\n 10. Extract the downloaded JRE into &lt;install location&gt;/server/ folder \nExample: &lt;install location&gt;/server/jre \n\n 11. Startup RLKS Administration and Reporting Tool. \n \n\n 12. Login to the tool using rcladmin user and verify that you see the configured license servers under 'Server' tab.\n \n\n\n* * *\n\n**_Steps to replace the JRE in _****_RLKS Administration Ag_****_ent _****_[Versions 8.1.4, 8.1.4.2, 8.1.4.3, 8.1.4.4]_**_ \n_\n\nThis vulnerability has been fixed in RLKS Administration Agent 8.1.4.5. Upgrade the RLKS Administration Agent to version 8.1.4.5.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T04:59:34", "type": "ibm", "title": "Security Bulletin: Rational License Key Server Administration and Reporting Tool vulnerabilities (CVE-2014-3566, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-4244"], "modified": "2018-06-17T04:59:34", "id": "BA6814371CACE2399DA5E125DB3A16275A6BBBC34A07D0728B2EEF88D9D60F96", "href": "https://www.ibm.com/support/pages/node/524643", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-28T22:13:28", "description": "## Summary\n\nThe IBM Emptoris Program Management, IBM Emptoris Sourcing, IBM Emptoris Contract Management, IBM Emptoris Spend Analysis and IBM Emptoris Services Procurement are affected by a vulnerabilities that exists in the IBM WebSphere Application Server. The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2017-1380_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1380>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2017-1382_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1382>)** \nDESCRIPTION:** IBM WebSphere Application Server might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknown impact. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n## Affected Products and Versions\n\nIBM Emptoris Program Management 10.0.0 through 10.1.x \nIBM Emptoris Sourcing 9.5 through 10.1.x \nIBM Emptoris Contract Management 9.5 through 10.1.x \nIBM Emptoris Spend Analysis 9.5 through 10.1.x \nIBM Emptoris Services Procurement 10.x\n\n## Remediation/Fixes\n\nAn interim fix has been issued for the IBM WebSphere Application Server (WAS) which are not susceptible to this vulnerabilities. Customers running any of the IBM Emptoris products listed below should apply the interim fixes to all IBM WebSphere Application Server installations that are used to run IBM Emptoris applications. \n \nPlease refer following Security bulletins for details \n\n * [Security Bulletin: Cross-site scripting vulnerability in Admin Console for WebSphere Application Server (CVE-2017-1380)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004786>) .\n * [Security Bulletin: WebSphere Application Server may have insecure file permissions (CVE-2017-1382)](<http://www-01.ibm.com/support/docview.wss?uid=swg22004785>)\n \nSelect the appropriate WebSphere Application Server fix based on the version being used for IBM Emptoris product version. The following table lists the IBM Emptoris application versions along with the corresponding required version of IBM WebSphere Application Server and a link to the corresponding fix version where further installation instructions are provided. \n \n \n\n\n**Emptoris Product Version**\n\n| \n\n**WAS Version**\n\n| \n\n**Interim Fixes** \n \n---|---|--- \n9.5.x.x| 8.0.0.x| Apply Interim Fixes [_ PI82078_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043881>) [](<http://www-01.ibm.com/support/docview.wss?uid=swg24042712>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24042513>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041604>)[](<http://www-01.ibm.com/support/docview.wss?uid=swg24041394>) and [_PI79343_](<http://www-01.ibm.com/support/docview.wss?uid=swg24043871>)_ _ \n \n10.0.0.x, 10.0.1.x| 8.5.0.x \n10.0.2.x , \n10.0.4| 8.5.5.x \n10.1.x| 8.5.5.x \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 August 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSYQ72\",\"label\":\"Emptoris Strategic Supply Management\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"Platform\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"Version Independent\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQ89\",\"label\":\"Emptoris Contract Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYRER\",\"label\":\"Emptoris Program Management\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR6U\",\"label\":\"Emptoris Services Procurement\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYR8W\",\"label\":\"Emptoris Sourcing\"},\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Product\":{\"code\":\"SSYQAR\",\"label\":\"Emptoris Spend Analysis\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\" \",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2018-06-16T20:11:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server affects IBM Emptoris Strategic Supply Management suite of products and IBM Emptoris Services Procurement (CVE-2017-1380, CVE-2017-1382)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1380", "CVE-2017-1382"], "modified": "2018-06-16T20:11:23", "id": "42312F10B1658E98D243F69333FFF10B2BDEDA9D5663B5D9DA8AA5CCFABD9196", "href": "https://www.ibm.com/support/pages/node/295449", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:56:57", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 that is used by IBM API Management. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as \u201cSLOTH\u201d. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-7575_](<https://vulners.com/cve/CVE-2015-7575>)** \nDESCRIPTION:** The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials. \nCVSS Base Score: 7.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109415_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109415>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) \n** ** \n**CVEID:** [_CVE-2016-0466_](<https://vulners.com/cve/CVE-2016-0466>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE Java SE Embedded and Jrockit related to the JAXP component could allow a remote attacker to cause a denial of service resulting in a partial availability impact using unknown attack vectors. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109948_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109948>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nIBM API Management V3.0 \n\nIBM API Management V4.0\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nIBM API Management| 4.0.0| LI78931| <http://www-01.ibm.com/support/docview.wss?uid=swg21976524> \nIBM API Management| 3.0.0| LI78931| <http://www-01.ibm.com/support/docview.wss?uid=swg21976524>. Please contact support for v3 details. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-06-15T07:05:10", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM API Management (CVE-2015-7575, CVE-2016-0466)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7575", "CVE-2016-0466"], "modified": "2018-06-15T07:05:10", "id": "5ED0A4BE1CCAE4EEBB310EC512A6BF840B001801E8BF7B7C63FE63582FC3BA84", "href": "https://www.ibm.com/support/pages/node/543827", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-23T21:52:25", "description": "## Summary\n\nThere are multiple vulnerabilities in Oracle Java SE Runtime Environment, Versions 1.6.0 and 1.7.0 that is used by IBM Flex System Manager (FSM) SMIA Configuration Tool. These issues were disclosed as part of the Oracle updates in October 2014 and January 2015.\n\n## Vulnerability Details\n\n## Summary\n\nThere are multiple vulnerabilities in Oracle Java SE Runtime Environment, Versions 1.6.0 and 1.7.0 that is used by IBM Flex System Manager (FSM) SMIA Configuration Tool. These issues were disclosed as part of the Oracle updates in October 2014 and January 2015.\n\n**Vulnerability Details**\n\n**CVE-ID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)\n\n**Description:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n**CVE-ID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)\n\n**Description:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100153> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-3566>)\n\n**Description:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97013> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6468](<https://vulners.com/cve/CVE-2014-6468>)\n\n**Description:** An unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact.\n\nCVSS Base Score: 6.9 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97138> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C)\n\n**CVE-ID:** [CVE-2014-6517](<https://vulners.com/cve/CVE-2014-6517>)\n\n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JAXP component could allow a remote attacker to obtain sensitive information.\n\nCVSS Base Score: 5.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97145> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n**CVE-ID:** [CVE-2014-6512](<https://vulners.com/cve/CVE-2014-6512>)\n\n**Description:** Oracle Java SE and JRockit could allow a remote attacker to bypass security restrictions, caused by the failure to perform source address checks for packets received on a connected socket by the DatagramSocket implementation in OpenJDK. An attacker could exploit this vulnerability to process packets as if they were received from the expected source.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97147> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6457](<https://vulners.com/cve/CVE-2014-6457>)\n\n**Description:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 4.0 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97148> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVE-ID:** [CVE-2014-6558](<https://vulners.com/cve/CVE-2014-6558>)\n\n**Description:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.\n\nCVSS Base Score: 2.6 \nCVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/97151> for current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:N/I:P/A:N)\n\n## Affected products and versions\n\n * Flex System Manager 1.1.x.x\n * Flex System Manager 1.2.0.x\n * Flex System Manager 1.2.1.x\n * Flex System Manager 1.3.0.x\n * Flex System Manager 1.3.1.x\n * Flex System Manager 1.3.2.x\n\n## Remediation/Fixes\n\nIBM recommends updating the Flex System Manager (FSM) SMIA using the instructions referenced in the table below.\n\nProduct | VRMF | APAR | SMIA Remediation \n---|---|---|--- \nFlex System Manager | 1.3.3.x | IT10005 | [ fsmfix1.3.3.0_IT10005](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT10005>) \nFlex System Manager | 1.3.2.x | IT10005 | [ fsmfix1.3.2.0_IT10005](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT10005>) \nFlex System Manager | 1.3.1.x | IT10005 | [ fsmfix1.3.1.0_IT10005](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.1.0_IT10005>) \nFlex System Manager | 1.3.0.x | IT10005 | Upgrade to FSM 1.3.2.0 and follow the appropriate remediation for all vulnerabilities, or contact IBM Support and refer to this APAR to obtain a limited availability FSM SMIA fix for version 1.3.0.x. \n \nYou should verify applying this configuration change does not cause any compatibility issues.\n\n## Workarounds and Mitigations\n\nNone.\n\n## Reference\n\n * [Complete CVSS Guide](<http://www.first.org/cvss/cvss-guide.html>)\n * [On-line Calculator V2](<http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2>)\n * [IBM Java SDK Security Bulletin \u2014 Jan 2015](<http://www-01.ibm.com/support/docview.wss?uid=swg21695474>)\n * [IBM Java SDK Security Bulletin \u2014 Oct 2014](<http://www-01.ibm.com/support/docview.wss?uid=swg21688283>)\n\n**Related Information** \n[IBM Secure Engineering Web Portal](<http://www-01.ibm.com/software/test/wenses/security/>) \n[IBM Product Security Incident Response Blog](<https://www.ibm.com/blogs/PSIRT>) \n\n\n**Acknowledgement**\n\nNone.\n\n**Change History** \n05 May 2015: Original Copy Published \n29 July 2015: Updated APAR and SMIA Remediation locations\n\n* The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n**Disclaimer**\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"AS IS\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2019-01-31T01:55:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Oracle Java SE Runtime Environment, Versions 1.6.0 and 1.7.0 affect IBM Flex System Manager (FSM) SMIA Configuration Tool.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6457", "CVE-2014-6468", "CVE-2014-6512", "CVE-2014-6517", "CVE-2014-6558", "CVE-2014-6593", "CVE-2015-0410"], "modified": "2019-01-31T01:55:01", "id": "8EE5FD2B7726D031DAE048A3473AF9B6D6BBCDE630D4CA6375EB64AE8D8A9FAD", "href": "https://www.ibm.com/support/pages/node/866736", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:55:11", "description": "## Summary\n\nWebSphere Business Modeler, WebSphere Integration Developer, WebSphere Business Services Fabric, WebSphere Process Server and WebSphere Business Monitor are shipped as components of WebSphere Dynamic Process Edition. Information about security vulnerabilities affecting these products have been published in security bulletins. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>)[_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3566_](<https://vulners.com/cve/CVE-2014-3566>) \n**DESCRIPTION:** Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>)[_https://exchange.xforce.ibmcloud.com/vulnerabilities/97013_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/97013>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Dynamic Process Edition 6.1, 6.2, 7.0 \n\nIf you are using an unsupported version, IBM strongly recommends to upgrade.\n\n## Remediation/Fixes\n\nPlease consult the security bulletins \n\n\n * [Security Bulletin: Vulnerability in IBM Java Runtimes affect Websphere Business Modeler Advanced and Websphere Business Modeler Basic (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21701056>)\n * [Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593) ](<http://www-01.ibm.com/support/docview.wss?uid=swg21700896>)\n * [Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Business Services Fabric (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21699929>)\n * [Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Business Services Fabric](<http://www-01.ibm.com/support/docview.wss?uid=swg21697228>)\n * [Security Bulletin: Vulnerability in IBM WebSphere Application Server affects WebSphere Process Server and WebSphere Process Server Hypervisor Editions (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21699922>)\n * [Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java\u2122 Technology Edition January 2015 CPU affect WebSphere Process Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21697229>)\n * [Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Business Monitor (CVE-2015-0138)](<http://www-01.ibm.com/support/docview.wss?uid=swg21700865>)\nfor vulnerability details and information about fixes. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-15T07:02:46", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities have been identified in bundled products shipped with WebSphere Dynamic Process Edition (CVE-2015-0138, CVE-2014-3566, CVE-2014-6593, CVE-2015-0400, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3566", "CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-15T07:02:46", "id": "F3758093EA44146C6BB9180D4A89ECCFA58C42ADF8707A861E087BF54975924C", "href": "https://www.ibm.com/support/pages/node/259559", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T05:48:04", "description": "## Summary\n\nIBM Content Collector for SAP Applications ships IBM SDK Java\u2122 Technology Edition, Version 6 and Version 7, which have security vulnerabilities that might be exposed within the use of Content Collector for SAP Applications. \n\n## Vulnerability Details\n\n \n**CVE ID:** [CVE-2014-3566](<https://vulners.com/cve/CVE-2014-0411>)[](<https://vulners.com/cve/CVE-2014-0963>)[](<https://vulners.com/cve/CVE-2014-0963>) \n**Description: ** \nProduct could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy \nEncryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections. \n.** \nCVSS:** \nCVSS Base Score: 4.30 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97013> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (**AV:N/AC:M/Au:N/C:P/I:N/A:N****)** \n \n\n\n**CVE ID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n**CVE ID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID:** [](<https://vulners.com/cve/CVE-2014-0963>)[](<https://vulners.com/cve/CVE-2014-0963>)[CVE-2014-6457](<https://vulners.com/cve/CVE-2014-0453>) [](<https://vulners.com/cve/CVE-2014-0963>)** \nDescription:** \nAn unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n**CVSS:** \nCVSS Base Score: 4.00 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97148>[](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92490>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n**CVE ID:** [](<https://vulners.com/cve/CVE-2014-0963>)[](<https://vulners.com/cve/CVE-2014-0963>)[CVE-2014-6468](<https://vulners.com/cve/CVE-2014-0453>) [](<https://vulners.com/cve/CVE-2014-0963>)** \nDescription:** \nAn unspecified vulnerability related to the Hotspot component has complete confidentiality impact, complete integrity impact, and complete availability impact. \nThis vulnerability only applies to the Solaris platform. \n**CVSS:** \nCVSS Base Score: 6.90 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/97138> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C) \n \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash. \n\n## Affected Products and Versions\n\nIBM Content Collector for SAP Applications V4.0\n\nIBM Content Collector for SAP Applications V3.0\n\nIBM Content Collector for SAP Applications V2.2\n\n## Remediation/Fixes\n\nIBM provides patches for the affected version. Follow the installation instructions in the README files that is included in the patch. \n\n**_Product_**| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nIBM Content Collector for SAP Applications| 4.0.0.0| HE12214| Apply Interim Fix 1, which is available from Fix Central \nIBM Content Collector for SAP Applications| 3.0.0 \nFix Pack 1| HE12213| Apply Interim Fix 4, which is available from Fix Central \nIBM Content Collector for SAP Applications| 2.2.0 \nFix Pack 2| HE12207| Apply Interim Fix 2, which is available from Fix Central** (This version has reached end of support)** \n \nSee <http://www.ibm.com/support/docview.wss?uid=swg24038935> (for V4.0) and <http://www.ibm.com/support/docview.wss?uid=swg24038934> (for V3.0) respectively, for the download details. \nThe IBM Content Collector for SAP Applications Version 2.2.0 has reached end of support. \n\n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 3.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2018-06-17T12:09:29", "type": "ibm", "title": "Security Bulletin: IBM Content Collector for SAP Applications affected by vulnerabilities in IBM SDK Java\u2122 Technology Edition, Version 6 and Version 7 (CVE-2014-3566, CVE-2014-4244, CVE-2014-4263, CVE-2014-6457, CVE-2014-6468)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0411", "CVE-2014-0453", "CVE-2014-0963", "CVE-2014-3566", "CVE-2014-4244", "CVE-2014-4263", "CVE-2014-6457", "CVE-2014-6468"], "modified": "2018-06-17T12:09:29", "id": "21DCD60F05F101131A882E7474AD57C6F427B431166473D46B1F1AFD8AEDC9CB", "href": "https://www.ibm.com/support/pages/node/520229", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:46:04", "description": "## Summary\n\nEmbedded Websphere Application Server (eWAS) v7.0.x is shipped as a component of Tivoli Integrated Portal (TIP v2.1 and v2.2). The version of eWAS has been affected by multiple security vulnerabilities, as described below. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-1121_](<https://vulners.com/cve/CVE-2017-1121>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121173_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121173>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-5983_](<https://vulners.com/cve/CVE-2016-5983>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116468_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116468>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-8919_](<https://vulners.com/cve/CVE-2016-8919>)** \nDESCRIPTION:** IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118529_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118529>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nTivoli Integrated Portal version 2.1.0 - 2.1.0.5 \n\nTivoli Integrated Portal version 2.2.0.0 - 2.2.0.17\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nTivoli Integrated Portal version \n\n2.1.0 - 2.1.0.5 \n\n2.2.0 - 2.2.0.17\n\n| embedded Websphere Application Server version 7.0.x| [Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997743>) \n \n[](<http://www-01.ibm.com/support/docview.wss?uid=swg21990060>)[Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990060>) \n \n[Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \nThe Websphere security bulletin above provides a link to the required iFix to remediate the vulnerability. However, the iFix requires either eWAS 7.0.0.31 or higher installed. \n \nTIP does not support upgrading Websphere fixpack independently. TIP 2.2.0.15 or TIP 2.2.0.17 must be applied which will upgrade eWAS to 7.0.0.31 and above. Once TIP FP has been applied, the Websphere iFix can be applied as described in the Websphere bulletin. \n\n## Workarounds and Mitigations\n\nPlease refer to WAS iFix as described above\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:35:47", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5983", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T15:35:47", "id": "B0435D245CEA6490D5CFD38D5F0BF6DEE8017B36FA413D190293E5EB84544630", "href": "https://www.ibm.com/support/pages/node/292021", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T17:45:53", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. \nIBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. \nInformation about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM SmartCloud Cost Management V2.1.0.1| Tivoli Integrated Portal V2.2.0.7 \n \nIBM WebSphere Application Server 7.0.0.19 \nIBM SmartCloud Cost Management V2.1.0| Tivoli Integrated Portal V2.2.0.1 \n \nIBM WebSphere Application Server 7.0.0.19 \n \nTivoli Usage and Accounting Management V7.3.0.0, V7.3.0.1, V7.3.0.2, V7.3.0.3, V7.3.0.4| Tivoli Integrated Portal 2.2.0.0 \n \nIBM WebSphere Application Server 7.0.0.11 \n \n \n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with Tivoli Integrated Portal. Tivoli Integrated Portal is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager. \n \n\n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM SmartCloud Cost Management V2.1.0.1| IBM WebSphere Application Server 7.0.0.19 \n \nTivoli Integrated Portal V2.2.0.7 | [Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997743>) \n \n[Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21998850>) \nIBM SmartCloud Cost Management V2.1.0| IBM WebSphere Application Server 7.0.0.19 \n \nTivoli Integrated Portal V2.2.0.1 \nTivoli Usage and Accounting Management 7.3.0.0, 7.3.0.1, 7.3.0.2, 7.3.0.3, 7.3.0.4| IBM WebSphere Application Server 7.0.0.11 \n \nTivoli Integrated Portal 2.2.0.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:28", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2017-1121)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5983", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T22:33:28", "id": "24154670B8CC3EB03C11F4CFFCD12D680AF81E5BF7B5E295FE2642969C84E9B2", "href": "https://www.ibm.com/support/pages/node/609277", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-28T22:08:29", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Tivoli Integrated Portal. \nIBM Tivoli Integrated Portal is in turn shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management. \nInformation about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section.\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nIBM SmartCloud Cost Management V2.1.0.1| Tivoli Integrated Portal V2.2.0.7 \n \nIBM WebSphere Application Server 7.0.0.19 \nIBM SmartCloud Cost Management V2.1.0| Tivoli Integrated Portal V2.2.0.1 \n \nIBM WebSphere Application Server 7.0.0.19 \n \nTivoli Usage and Accounting Management V7.3.0.0, V7.3.0.1, V7.3.0.2, V7.3.0.3, V7.3.0.4| Tivoli Integrated Portal 2.2.0.0 \n \nIBM WebSphere Application Server 7.0.0.11 \n \n \n## Remediation/Fixes\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server which is shipped with Tivoli Integrated Portal. Tivoli Integrated Portal is shipped with IBM SmartCloud Cost Management and IBM Tivoli Usage Accounting Manager. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM SmartCloud Cost Management V2.1.0.1| IBM WebSphere Application Server 7.0.0.19 \n \nTivoli Integrated Portal V2.2.0.7 | [Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \n[Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Tivoli Integrated Portal (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21998850>) \nIBM SmartCloud Cost Management V2.1.0| IBM WebSphere Application Server 7.0.0.19 \n \nTivoli Integrated Portal V2.2.0.1 \nTivoli Usage and Accounting Management 7.3.0.0, 7.3.0.1, 7.3.0.2, 7.3.0.3, 7.3.0.4| IBM WebSphere Application Server 7.0.0.11 \n \nTivoli Integrated Portal 2.2.0.0 \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n24 Feb 2017: Original version published\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSNHG7\",\"label\":\"Tivoli Usage and Accounting Manager\"},\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Component\":\"Security\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"2.1.0.0;2.1.0.1;7.3;7.3.0.1;7.3.0.2;7.3.0.3;7.3.0.4\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:28", "type": "ibm", "title": "Security Bulletin: Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM SmartCloud Cost Management and Tivoli Usage and Accounting Management (CVE-2016-8919)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5983", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T22:33:28", "id": "96F7970728800B0EA1F359155E0D440D3914E976DFC09CEAD452C7D7EA6BE61B", "href": "https://www.ibm.com/support/pages/node/619377", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:51:21", "description": "## Summary\n\nIBM Forms Experience Builder could be susceptible to allowing for a denial of service, cause by an error in Apache POI Libraries\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-3574_](<https://vulners.com/cve/CVE-2014-3574>)** \nDESCRIPTION:** Apache POI is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. An attacker could exploit this vulnerability using a specially-crafted OOXML file to consume all available CPU resources and cause a denial of service. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95768_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95768>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-3529_](<https://vulners.com/cve/CVE-2014-3529>)** \nDESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error within the OPC SAX setup. An attacker could exploit this vulnerability using a specially-crafted OpenXML file containing an XML external entity declaration to read arbitrary files on the system. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/95770_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/95770>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\n \n \n**CVEID:** [_CVE-2016-5000_](<https://vulners.com/cve/CVE-2016-5000>)** \nDESCRIPTION:** Apache POI could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when XLSX2CSV example uses Java's XML components to parse OpenXML files. An attacker could exploit this vulnerability using an XML document containing an external entity reference to read arbitrary files on the system. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115530_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115530>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nIBM Forms Experience Builder 8.5 \nIBM Forms Experience Builder 8.5.1 \nIBM Forms Experience Builder 8.6\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation** \n---|---|---|--- \nIBM Forms Experience Builder| 8.5.0| LO91324| To obtain the fix and installation assistance for these versions, contact IBM Support. \nIBM Forms Experience Builder| 8.5.1| LO91324 \nIBM Forms Experience Builder| 8.6.0| LO91324| [Download and Install 8.6.4](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Collaboration%20Solutions&product=ibm/Lotus/IBM+Forms+Experience+Builder&release=8.6.3.1&platform=All&function=fixId&fixids=8.6.4-FormsExpBldr&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2018-06-16T20:07:27", "type": "ibm", "title": "Security Bulletin: IBM Forms Experience Builder could be susceptible to Apache POI Vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3529", "CVE-2014-3574", "CVE-2016-5000"], "modified": "2018-06-16T20:07:27", "id": "9AEF7943FC15601E8764D0053EBD7C1FB2D252A0A9CD314B104D203C2E9C2EB1", "href": "https://www.ibm.com/support/pages/node/289669", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T21:56:00", "description": "## Summary\n\nIBM WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition. \n \nA potential code execution security vulnerability has been identified in WebSphere Application Server. \n \nThis issue was also addressed by IBM Business Process Manager Standard and IBM Tivoli System Automation Application Manager which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise edition. The issue was also addressed by IBM Tivoli Monitoring, Jazz for Service Management, and SmartCloud Cost Manager which are shipped with IBM Cloud Orchestrator Enterprise edition. \n\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-5983_](<https://vulners.com/cve/CVE-2016-5983>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116468_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116468>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n\n## Affected Products and Versions\n\nIBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3 \n\n * IBM WebSpshere Application Server 8.5.5 through 8.5.5.7\n * Business Process Manager 8.5.6 \n * Tivoli System Application Automation Manager 4.1\n \nIBM Cloud Orchestrator V2.3, V2.3, 0.1 \n\n * IBM WebSpshere Application Server 8.0.1 through 8.0.11\n * Business Process Manager 8.5.0.1\n \nIBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3 \n\n * IBM WebSpshere Application Server 8.5.5 through 8.5.5.7\n * SmartCloud Cost Manager 2.1.0.5 - 2.1.0.4\n * IBM Tivoli Monitoring 6.3.0.2\n * Jazz for Service Management 1.1.0.1\n \nIBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1 \n\n * IBM Tivoli Monitoring 6.3.0.1\n * Business Process Manager 8.5.0.1 \n * SmartCloud Cost Manager 2.1.0.3\n * Jazz for Service Management 1.1.0.1\n\n## Remediation/Fixes\n\nThis issue has been addressed by IBM Cloud Orchestrator and Enterprise Edition and WebSphere Application Server which is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition. \n\nFix information details for IBM Cloud Orchestrator: \n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Orchestrator | V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.3, V2.3.0.1| Upgrade to Fix Pack 4 (2.4.0.4) of IBM Cloud Orchestrator. \n\n[_https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049_](<https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049>) \n \nIBM Cloud Orchestrator | V2.5, V2.5.0.1 | For 2.5 versions, upgrade to Fix Pack 2 (2.5.0.2) or later of IBM Cloud Orchestrator. \nAfter you upgrade to 2.5.0.2, apply the following fix: \n[_http://www-01.ibm.com/support/docview.wss?uid=swg27045667_](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>)\n\nReview affected supporting product security bulletin for vulnerability details and fix information. \n \nIBM Cloud Orchestrator | V2.5.0.2| Apply the following fix: \n[_http://www-01.ibm.com/support/docview.wss?uid=swg27045667_](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>)\n\nReview affected supporting product security bulletin for vulnerability details and fix information. \n \n \nFix information details for IBM Cloud Orchestrator Enterprise Edition: **Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Orchestrator Enterprise Edition| V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.3, V2.3.0.1| Upgrade to Fix Pack 4 (2.4.0.4) of IBM Cloud Orchestrator Enterprise. \n\n[_https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049_](<https://www-01.ibm.com/support/docview.wss?uid=swg2C4000049>) \n \nIBM Cloud Orchestrator Enterprise Edition| V2.5,V2.5.0.1 | For 2.5 versions, upgrade to Fix Pack 2 (2.5.0.2) of IBM Cloud Orchestrator. \nAfter you upgrade to 2.5.0.2, apply the following fix [_http://www-01.ibm.com/support/docview.wss?uid=swg27045667_](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>)\n\nReview affected supporting product security bulletin for vulnerability details and fix information. \n \nIBM Cloud Orchestrator Enterprise Edition| V2.5.0.2| Apply the following fix: \n[_http://www-01.ibm.com/support/docview.wss?uid=swg27045667_](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>)\n\nReview affected supporting product security bulletin for vulnerability details and fix information. \n \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server, and additionally identified in supporting products Business Process Manager, Tivoli System Application Automation Manager which are shipped with IBM Cloud Orchestrator. **Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| IBM WebSphere Application Server 8.5 through 8.5.5.7 \n\nBusiness Process Manager 8.5.0.1 through 8.5.6 \n\nTivoli System Application Automation Manager 4.1\n\n| [_Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983)_](<http://www-01.ibm.com/support/docview.wss?uid=swg21990060>) \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by IBM Tivoli Monitoring, and Jazz for Service Management which are shipped with IBM Cloud Orchestrator Enterprise edition. Notice SmartCloud Cost Manager is shipped as component IBM Cloud Orchestrator Enterprise. **Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.0.2, V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3| IBM WebSphere Application Server 8.5.5 through 8.5.5.7 \n \nSmartCloud Cost Manager 2.1.0.5- 2.1.0.4 | [](<http://www-01.ibm.com/support/docview.wss?uid=swg21988026>) [Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990060>) \nTivoli System Application Automation Manager 4.1| [Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-5983)](<http://www-01.ibm.com/support/docview.wss?uid=swg21991898>) \nJazz for Service Management 1.0.1 | [Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)](<http://www.ibm.com/support/docview.wss?uid=swg21998805>) \nIBM Tivoli Monitoring 6.3.0.2| [Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg21995683>) \nBusiness Process Manager 8.5.5| [Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Dynamic Process Edition, and WebSphere Lombardi Edition](<http://www-01.ibm.com/support/docview.wss?uid=swg21986205>) \nIBM Cloud Orchestrator Enterprise Edition V2.3, V2.3.0.1| IBM Tivoli Monitoring 6.3.0.1 Business Process Manager 8.5.0.1| Contact [_IBM Support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:19", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-5983)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5983", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T22:33:19", "id": "0BD574407A9D1EAF67D3017E4CBBBF5313A9500377797BC2DC85E1005D630F54", "href": "https://www.ibm.com/support/pages/node/619365", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T17:45:49", "description": "## Summary\n\nThere is a security vulnerability in WebSphere Application Server, IBM Business Process Manager, and IBM Tivoli System Automation Application Manager that is shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. \nAdditionally, the vulnerability affects Jazz\u2122 for Service Management and IBM Tivoli Monitoring, which are shipped with Cloud Orchestrator Enterprise. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-8919_](<https://vulners.com/cve/CVE-2016-8919>)** \nDESCRIPTION:** IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118529_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118529>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version** \n---|--- \n \nIBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.3 | \n\n * WebSphere Application Server V8.5.5 through V8.5.5.11 \n * Business Process Manager 8.5.5 through V8.5.7 CF201703 \n * IBM Tivoli System Automation Application Manager V4.1 \n \nIBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2,V2.4.0.3, V2.4.0.4 | \n\n * WebSphere Application Server V8.5.0.1 through V8.5.5.10 \n * IBM Business Process Manager Standard V8.5.0.1 through 8.5.6 CF2 \n * IBM Tivoli System Automation Application Manager V4.1 \n \nIBM Cloud Orchestrator V2.3, V2.3.0.1 | \n\n * IBM WebSphere Application Server V8.0, V8.0.11 \n * IBM Business Process Manager Standard V8.5.0.1 \n \nIBM Cloud Orchestrator Enterprise V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.3 | \n\n * WebSphere Application Server V8.5.5 through V8.5.5.11 \n * Business Process Manager 8.5.5 through V8.5.7 CF201703 \n * IBM Tivoli System Automation Application Manager 4.1 \n * IBM Tivoli Monitoring 6.3.0.2 \n * Jazz\u2122 for Service Management V1.1.0.1 through V1.1.2.1 \n \nIBM Cloud Orchestrator Enterprise V2.4, V2.4.01, V2.4.0.2,V2.4.0.3, V2.4.0.4 | \n\n * WebSphere Application Server V8.5.0.1 through V8.5.5.10 \n * IBM Business Process Manager Standard V8.5.0.1 through 8.5.6 CF2 \n * IBM Tivoli System Automation Application Manager 4.1 \n * IBM Tivoli Monitoring 6.3.0.1 through V6.3.0.2\n * Jazz\u2122 for Service Management V1.1.0.1 through V1.1.2.1 \n \nIBM Cloud Orchestrator Enterprise V2.3, V2.3.0.1 | \n\n * IBM WebSphere Application Server V8.0, V8.0.11 \n * IBM Business Process Manager Standard V8.5.0.1\n * IBM Tivoli Monitoring V6.3.0.1 \n * Jazz\u2122 for Service Management V1.1.0.1 \n \n## Remediation/Fixes\n\nThese issues were addressed by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise through the bundled products IBM WebSphere Application Server, IBM Business Process Manager, and IBM Tivoli System Automation Application Manager, which are shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. \nAdditionally, these issues were also addressed by Jazz\u2122 for Service Management, IBM Tivoli Monitoring, and IBM SmartCloud Cost Management that are shipped with IBM Cloud Orchestrator Enterprise. \n\nFix delivery details for IBM Cloud Orchestrator and Cloud Orchestrator Enterprise:\n\n**Product**| **VRMF**| **Remediation/First Fix** \n---|---|--- \nIBM Cloud Orchestrator and Cloud Orchestrator Enterprise| V2.5, V2.5.0.1, V2.5.0.2,V2.5.0.3| For 2.5 versions, upgrade to Fix Pack 4 (2.5.0.4) of IBM Cloud Orchestrator. \n[_http://www-01.ibm.com/support/docview.wss?uid=swg27045667_](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667>) \nAfter you upgrde, apply the appropriate Interim to your environment as soon as practical. For details, see [Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \nV2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4 | For 2.4 versions, upgrade to Fix Pack 4 (2.4.0.5) of IBM Cloud Orchestrator. \n[_http://www-01.ibm.com/support/docview.wss?uid=swg27045667_](<http://www-01.ibm.com/support/docview.wss?uid=swg27045667#2405>) \nV2.3, V2.3.0.1 | [Notice product withdrawal announcement as per ENUS917-138](<https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/8/897/ENUS917-138/index.html&request_locale=en>)\n\nContact [_IBM Support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \n## Workarounds and Mitigations\n\nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server, IBM Business Process Manager, and IBM Tivoli System Automation Application Manager, which are shipped with IBM Cloud Orchestrator. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.3| \n\n * WebSphere Application Server V8.5.5 through V8.5.5.11 \n| \n\n[Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \n * IBM Business Process Manager Standard V8.5.7 CF3\n| \n\n[Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997477>) \n \n * IBM Tivoli System Automation Application Manager 4.1\n| \n\n[Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997765>) \nIBM Cloud Orchestrator V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4| \n\n * WebSphere Application Server V8.5.0.1 through V8.5.5.10 \n| [Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \n * IBM Business Process Manager Standard V8.5.0.1 through V8.5.6 CF2\n| \n\n[Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997477>) \n \n * IBM Tivoli System Automation Application Manager 4.1 \n| \n\n[Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997765>) \nIBM Cloud Orchestrator V2.3, V2.3.0.1 | \n\n * IBM WebSphere Application Server V8.0, V8.0.11 \n * IBM Business Process Manager Standard V8.5.0.1\n| \n\nContact [_IBM Support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \nRefer to the following security bulletins for vulnerability details and information about fixes addressed by WebSphere Application Server, IBM Business Process Manager, IBM Tivoli System Automation Application Manager, IBM Tivoli Monitoring, and Jazz\u2122 for Service Management, which are shipped with IBM Cloud Orchestrator Enterprise Edition. \n\n**Principal Product and Version(s)**| **Affected Supporting Product and Version**| **Affected Supporting Product Security Bulletin** \n---|---|--- \nIBM Cloud Orchestrator Enterprise Edition V2.5, V2.5.0.1, V2.5.0.2, V2.5.0.3| \n\n * WebSphere Application Server V8.5.5 through V8.5.5.11 \n * | \n\n[Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \n * IBM Business Process Manager Standard V8.5.0.1 through V8.5.6 CF2\n| \n\n[Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997477>) \n \n * IBM Tivoli System Automation Application Manager 4.1\n| \n\nSecurity Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-8919) \n \n * IBM Tivoli Monitoring 6.3.0.1 through V6.3.0.2\n| \n\n[Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22004242>) \n \n * Jazz\u2122 for Service Management V1.1.0.1 through V1.1.2.1\n| \n\n[Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21998805>) \nIBM Cloud Orchestrator Enterprise Edition V2.4, V2.4.0.1, V2.4.0.2, V2.4.0.3, V2.4.0.4| \n\n * WebSphere Application Server V8.5.0.1 through V8.5.5.10 \n| \n\n[Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \n * IBM Business Process Manager Standard V8.5.0.1\n| \n\n[Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997477>) \n \n * IBM Tivoli System Automation Application Manager 4.1\n| \n\nSecurity Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Tivoli System Automation Application Manager (CVE-2016-8919) \n \n * IBM Tivoli Monitoring 6.3.0.1 through V6.3.0.2\n| \n\n[Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server](<http://www-01.ibm.com/support/docview.wss?uid=swg22004242>) \n \n * Jazz\u2122 for Service Management V1.1.0.1 through V1.1.2.1\n| \n\n[Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21998805>) \nIBM Cloud Orchestrator Enterprise Edition V2.3, V2.3.0.1| \n\n * IBM WebSphere Application Server V8.0, V8.0.11 \n * IBM Business Process Manager Standard V8.5.0.1\n * IBM Tivoli Monitoring V6.3.0.1 \n * Jazz\u2122 for Service Management V1.1.0.1\n| \n\nContact [_IBM Support_](<https://www-947.ibm.com/support/servicerequest/newServiceRequest.action>) \n \n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T22:33:33", "type": "ibm", "title": "Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-8919)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5983", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T22:33:33", "id": "C612DD0F96E731C74D37192DB9C9761CDA43F60B2620F7A37877545924C9A161", "href": "https://www.ibm.com/support/pages/node/609303", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:46:04", "description": "## Summary\n\nWebsphere Application Server (WAS) Full profile is shipped as a component of Jazz for Service Management (JazzSM) and WAS has been affected by multiple security vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2017-1121_](<https://vulners.com/cve/CVE-2017-1121>)** \nDESCRIPTION:** IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121173_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121173>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n**CVEID:** [_CVE-2016-5983_](<https://vulners.com/cve/CVE-2016-5983>)** \nDESCRIPTION:** IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116468_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116468>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID:** [_CVE-2016-8919_](<https://vulners.com/cve/CVE-2016-8919>)** \nDESCRIPTION:** IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118529_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118529>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nJazz for Service Management version 1.1.0 - 1.1.3\n\n## Remediation/Fixes\n\nPrincipal Product and Version(s)\n\n| Affected Supporting Product and Version| Affected Supporting Product Security Bulletin \n---|---|--- \nJazz for Service Management version 1.1.0 - 1.1.3| Websphere Application Server Full Profile 8.5.5| [Security Bulletin: Potential Cross-site scripting vulnerability in WebSphere Application Server (CVE-2017-1121)](<http://www-01.ibm.com/support/docview.wss?uid=swg21997743>) \n \n[Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983)](<http://www-01.ibm.com/support/docview.wss?uid=swg21990060>) \n \n[Security Bulletin: Denial of Service with WebSphere Application Server (CVE-2016-8919)](<http://www-01.ibm.com/support/docview.wss?uid=swg21993797>) \n \n| \n| \n \n \n## Workarounds and Mitigations\n\nPlease refer to WAS iFix\n\n## ", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-17T15:35:19", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with Jazz for Service Management (CVE-2017-1121, CVE-2016-5983, CVE-2016-8919)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5983", "CVE-2016-8919", "CVE-2017-1121"], "modified": "2018-06-17T15:35:19", "id": "F775CB7FDFF7FE8D917CBED07EA98427F88ED764F9B29FECEAB1C5D83B3CE8B6", "href": "https://www.ibm.com/support/pages/node/291945", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-02-21T01:55:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 1.6 and 1.7 that is used by IBM Integration Designer (IID) and WebSphere Integration Developer (WID). These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect IBM Integration Designer and WebSphere Integration Developer.\n\n## Remediation/Fixes\n\nTo fully mitigate these vulnerabilities, an additional fix for IBM Integration Designer and WebSphere Integration Developer is required (JR52950): \n\n\n * [_WebSphere Integration Developer V7.0.0.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Integration+Developer&fixids=7.0.0.5-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V7.5.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=7.5.1.2-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.0.1.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.0.1.3-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.5.0.x_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.0.1-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.5.5_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.5.0-WS-IID-IFJR52950&source=SAR>)\n * [_IBM Integration Designer V8.5.6_](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FIBM+Integration+Designer&fixids=8.5.6.0-WS-IID-IFJR52950&source=SAR>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Integration Designer (IID) and WebSphere Integration Developer (WID)(CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-15T07:02:47", "id": "FDB57FF6EA60D91604B03B14B5C488515270CCC82B932E16CB8CF68BB9DEC1A9", "href": "https://www.ibm.com/support/pages/node/259779", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:38:02", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, that is used by Rational Developer for System z. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n**Principal Product and Version(s)**\n\n| **Affected Supporting Product and Version** \n---|--- \nRational Developer for System z, versions 9.1.x, 9.0.x, 8.5.x, 8.0.x | \n\n * IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 8 and earlier releases\n * IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 Fix Pack 2 and earlier releases\n * IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 2 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 and earlier releases\n * IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 2 and earlier releases \n \n## Remediation/Fixes\n\nNone\n\n## Workarounds and Mitigations\n\nBy default Rational Developer for System z relies on System SSL defaults for active cipher suites, and by default, System SSL enables the RSA-EXPORT cipher suites for SSLv3 and TLSv1.0 (The cipher is not supported in TLSv1.1 and TLSv1.2). \nThe RSA-EXPORT ciphers are:\n\n * TLS_RSA_EXPORT_WITH_RC4_40_MD5 (\"03\" or \"0003\") \n * TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (\"06\" or \"0006\")\n \n \nYou can explicitly disable the usage of the RSA-EXPORT ciphers by adding the GSK_V3_CIPHER_SPECS environment variable, ensuring that the environment variable character string does not include ciphers \"03\" or \"06\". \n \nRational Developer for System z has two components that utilize System SSL: \n\n * RSE, which is used when a client connects to the host. You must specify the GSK_V3_CIPHER_SPECS environment variable in rsed.envvars, by default located in /etc/rdz. \n * Debug Manager, by means of an AT-TLS policy. You must create a file holding the GSK_V3_CIPHER_SPECS environment variable and reference it via the Envfile keyword in the TTLSGroupAdvancedParms section.\n \n** \nNotes:**\n\n * The RSED started task must be recycled for changes in rsed.envvars to be picked up. \n * The AT-TLS policy must be re-activated for the update to be picked up.\n * \n\n\nYou should verify applying this configuration change does not cause any compatibility issues.\n\n## ", "cvss3": {}, "published": "2020-10-27T15:51:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for System z CVE-2015-0138", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2020-10-27T15:51:50", "id": "3087E890AD1B34329596C16C2C76C102E962CDA62DC06323CFC97E0BC299949A", "href": "https://www.ibm.com/support/pages/node/259571", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:55:05", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition. These vulnerabilities affect WebSphere DataPower XC10 versions 2.1 and 2.5. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange cipher suite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nWebSphere DataPower XC10 Appliance 2.1 \nWebSphere DataPower XC10 Appliance 2.5 \nWebSphere DataPower XC10 Virtual Appliance 2.5\n\n## Remediation/Fixes\n\n**Product**\n\n| **VRMF**| **APAR**| **Remediation/First Fix** \n---|---|---|--- \nWebSphere DataPower XC10 Appliance| \n\n2.1\n\n| \n\nIT07840 \n\n| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&amp;release=2.1.0.3&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.1.0.3&platform=All&function=all>) \nWebSphere DataPower XC10 Appliance| \n\n2.5\n\n| \n\nIT07840 \n\n| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&amp;release=2.5.0.4&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \nWebSphere DataPower XC10 Virtual Appliance| \n\n2.5\n\n| \n\nIT07840 \n\n| [http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&amp;product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&amp;release=2.5.0.4&amp;platform=All&amp;function=all](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+DataPower+XC10+Appliance&release=2.5.0.4&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nThe only mitigation is to apply the recommended fix. If you are using the WebSphere eXtreme Scale Java client to communicate with the appliance, a fix must be applied to the client as well, if that client is used to make SSL connections to servers other than the appliance. Refer to CVE-2015-0138 in the latest WebSphere eXtreme Scale security bulletin for more information. \n\n \n \n--- \n--- \n \n## ", "cvss3": {}, "published": "2018-06-15T07:02:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere DataPower XC10 Appliance: CVE-2015-0138, CVE-2014-6593, CVE-2015-0410", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-15T07:02:45", "id": "6D535A3AEF65DAA651A7961CBD4354AE631F476BC694CF73D20623E7518799AB", "href": "https://www.ibm.com/support/pages/node/260341", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T05:48:02", "description": "## Summary\n\nThree security vulnerabilities exist in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM. See the individual description for the details. \n\n\n## Vulnerability Details\n\n**CVEID: **[**_CVE-2014-6593_**](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) ** \n \n \n**CVEID: **[**_CVE-2015-0410_**](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) ** \n \n**CVEID: **[**_CVE-2015-0383_**](<https://vulners.com/cve/CVE-2015-0383>)** \nDESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See **[**_https://exchange.xforce.ibmcloud.com/vulnerabilities/100148_**](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100148>)** for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C) ** \n\n\n## Affected Products and Versions\n\nIBM FileNet Content Manager 5.1.0, 5.2.0, 5.2.1 (includes CSS) \nIBM Content Foundation 5.2.0, 5.2.1 (includes CSS) \nIBM FileNet BPM 4.5.1, 5.0.0, 5.2.0\n\n## Remediation/Fixes\n\nUpgrade to Java Runtime Environment (JRE) 1.6.0 SR16 FP3 or higher to avoid the security vulnerabilities listed in this Security Bulletin. By installing the applicable fixes in the table below, the private IBM JRE used by Process Engine (PE), Content Engine (CP/CPE) and Content Search Services (CSS) will be updated to 1.6.0 SR16 FP3. \n \n\n\n**Product**| **VRMF**| **Remediation/First Fix Available** \n---|---|--- \nFileNet Content Manager| 5.1.0, \n5.2.0, \n5.2.1| 5.2.0.3-P8CPE-IF006 - April 8, 2015 \n5.2.1.0-P8CPE-IF002 - April 8, 2015 \n5.1.0.0-P8CSS-IF011 - April 8, 2015 \n5.2.0.2-P8CSS-IF003 - April 8, 2015 \n5.2.1.0-P8CSS-IF001 - April 8, 2015 \nIBM Content Foundation| 5.2.0, \n5.2.1| 5.2.0.3-P8CPE-IF006 - April 8, 2015 \n5.2.1.0-P8CPE-IF002 - April 8, 2015 \n5.2.0.2-P8CSS-IF003 - April 8, 2015 \n5.2.1.0-P8CSS-IF001 - April 8, 2015 \nFileNet BPM| 4.5.1 \n5.0.0, \n5.2.0| 4.5.1.4-P8PE-IF007 - April 8, 2015 \n5.0.0.8-P8PE-IF001 - April 8, 2015 \neProcess-5.2.0-001.005 \u2013 April 10, 2015 \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T12:10:11", "type": "ibm", "title": "Security Bulletin: Three vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM (CVE-2014-6593, CVE-2015-0410, and CVE-20150-0383)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2018-06-17T12:10:11", "id": "224CA938B26C2905673996CDA40E1CBAD59E76C109D191E99E6B02ED34BACAC9", "href": "https://www.ibm.com/support/pages/node/527197", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-02-21T01:47:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireline Platform. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\nCVE-ID: [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \nDESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n\nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/10053> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\nCVE-ID: [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>) \nDESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)\n\nCVE-ID: [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \nDESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.\n\nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\nAffected eWAS Versions: IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.4, Version 8.0.0.0 through 8.0.0.10, Version 7.0.0.0 through 7.0.0.35, Version 6.1.0.0 through 6.1.0.47 are affected. This does not occur on IBM SDK, Java Technology Editions shipped with WebSphere Application Servers Fix Packs 8.5.5.5, 8.0.0.11 and 7.0.0.37 or later.\n\nPlease consult the security bulletin [_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU_](<http://www.ibm.com/support/docview.wss?uid=swg21695362>) for vulnerability details.\n\n## Affected Products and Versions\n\nPrincipal Product and Version(s)\n\n| Affected IBM WebSphere Application Server Version \n---|--- \nTivoli Netcool Performance Manager version 1.3.1, 1.3.2, 1.3.3, 1.4.0| WAS version 6.1, 7.0, 8.0, 8.5 \n \n## ", "cvss3": {}, "published": "2018-06-17T14:56:36", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK shipped with WebSphere Application Server affects Netcool Performance Manager TNPM Wireline January 2015 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-17T14:56:36", "id": "E40D19CB074EC5FCE3429D6887B91290E1CC9895C7BA0550EB97612103C6D12D", "href": "https://www.ibm.com/support/pages/node/255987", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:38:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM Rational Synergy. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\n\u00b7 Rational Synergy release 7.2.1.3 ifix01 or earlier. \n\u00b7 Rational Synergy release 7.2.0.7 or earlier. \n\u00b7 Rational Synergy release 7.1.0.7.005 or earlier.\n\n## Remediation/Fixes\n\nReplace the JRE used in Rational Synergy. \n \n**Steps to download and replace JRE in Rational Synergy:** \n1\\. Open the list of [_Synergy downloads on Fix Central_](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7ERational&product=ibm/Rational/Rational+Synergy&release=All&platform=All&function=all&source=fc>)\n\n2\\. Select the SDK and Readme for Rational Synergy which applied to your release as follows: \n \n**Note:** The fix will use the following naming convention: \n**_&lt;V.R.M.F&gt;_**_-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-_**_&lt;platform&gt;_**** \n \n**Where **&lt;V.R.M.F&gt; = release **&amp; **&lt;platform&gt; = operating system**\n\n \no Rational Synergy 7.2.1 (uses 7.2.1.3 release designation) \n \nExample: **7.2.1.3-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-Linux**\n\no Rational Synergy 7.2.0 (uses 7.2.0.7 release designation) \n \nExample: **7.2.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-Windows **\n\no Rational Synergy 7.1 (uses 7.1.0.7 release designation) \n \nExample: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-AIX \n**Example: **7.1.0.7-Rational-RATISYNE-JavaSE-SDK-6.0.16.3-Solaris**\n\n3\\. Follow the steps in the [_Install instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27042896>) to replace the JRE.\n\n \nFollow the steps in the [_HPUX_Install Instructions_](<http://www.ibm.com/support/docview.wss?uid=swg27045456>) to replace the JRE if your Synergy Platform is on HPUX. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2020-12-22T16:37:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Synergy (CVE-2015-0138, CVE-2014-6593,CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2020-12-22T16:37:26", "id": "6A04D5E4C99A2F50DCD4C5B4FAF20AD2C3B16AD9EA922F5FEE4DF718AE506672", "href": "https://www.ibm.com/support/pages/node/258745", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:51:10", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n \n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>) \n** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n \nThis vulnerability is also known as the FREAK attack. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>) \n** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \n \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1\n\n## Remediation/Fixes\n\nApply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view: \n \n**For SiteProtector 3.0:** \n \nSiteProtector Core Component: ServicePack3_0_0_7.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_0_0_6.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_37.xpu \n \n \n**For SiteProtector 3.1.0:** \n \nSiteProtector Core Component: ServicePack3_1_0_4.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_1_0_4.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_19.xpu \n \n \n**For SiteProtector 3.1.1:** \n \nSiteProtector Core Component: ServicePack3_1_1_2.xpu \nEvent Collector Component: RSEvntCol_WINNT_ST_3_1_1_2.xpu \nAgent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_7.xpu \nUpdate Server Component: UpdateServer_3_1_1_2.pkg \nEvent Archiver Component: EventArchiver_3_1_1\u00ad_2.pkg \nEvent Archiver Importer Component: EventArchiverImporter_3_1_1_2.zip \nManual Upgrader Component: MU_3_1_1_3.xpu\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T21:23:11", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2014-6593, CVE-2015-0138 , CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-16T21:23:11", "id": "A49F9EFECEFD840DBA180620BA6247AF2908F0E8D2F8C691E6322205046D5645", "href": "https://www.ibm.com/support/pages/node/258085", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:49:04", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server, which is needed for the RequisiteWeb component of Rational RequisitePro. These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n** \nCVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nRational RequisitePro versions: \n \n\n\n**Version**\n\n| \n\n**Status** \n \n---|--- \n \n7.1.4.x (all versions)\n\n| \n\nAffected \n \n7.1.3.x (all versions)\n\n| \n\nAffected \n \n7.1.2.x (all versions)\n\n| \n\nAffected \n \n7.1.1.x (all versions)\n\n| \n\nAffected \n \n## Remediation/Fixes\n\nReview [Security Bulletin 1695362](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) from WebSphere Application Server for instructions on upgrading your corresponding WebSphere Application Server installation with the IBM Java SDK fix. \n \nFor 7.1.1.x and 7.1.2.x, review [Document 1390803](<http://www-01.ibm.com/support/docview.wss?uid=swg21390803>) for instructions on how to apply updates for WebSphere Application Server. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-17T05:01:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational RequisitePro", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-17T05:01:44", "id": "FCD129E64F8AFD3CC312891053A4285AC4560DE837C45AEC7B72F65706C01690", "href": "https://www.ibm.com/support/pages/node/261081", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-08T10:57:46", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 6 and 7, that is used by IBM InfoSphere Optim Performance Manager. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0383_](<https://vulners.com/cve/CVE-2015-0383>) \n**DESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact. \nCVSS Base Score: 5.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100148_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100148>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C) \n\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 4.1. through 4.1.1 \n\nIBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows version 5.1 through 5.3.1\n\n## Remediation/Fixes\n\nYou must replace the IBM\u00ae Runtime Environment, Java\u2122 Technology Edition that is installed with IBM InfoSphere Optim Performance Manager for DB2 on Linux, UNIX, and Windows with the latest IBM\u00ae Runtime Environment, Java\u2122 Technology Edition. Detailed instructions are provided in the tech-note \"[_Updating the IBM Runtime Environment, Java\u2122 Technology Edition for InfoSphere Optim Performance Manager_](<http://www.ibm.com/support/docview.wss?uid=swg21640535>)\". \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2021-07-08T21:30:52", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM InfoSphere Optim Performance Manager (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0383", "CVE-2015-0410"], "modified": "2021-07-08T21:30:52", "id": "1B7D434E2F1C8DB76634F8CA2E3ABB8CF42C847FA670A06F5CA0DCC0AE9301F5", "href": "https://www.ibm.com/support/pages/node/257177", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2023-06-24T05:57:45", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 5, 6, and 7** that are used by Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo Industry Solutions (including Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities), Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, Change and Configuration Management Database, TRIRIGA for Energy Optimization (previously known as Intelligent Building Management), and SmartCloud Control Desk. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n \n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)\n\n## Affected Products and Versions\n\nThe following IBM Java versions are affected: \n \n\u00b7 IBM SDK, Java 2 Technology Edition, Version 5.0 Service Refresh 16 Fix Pack 6 and earlier \n\u00b7 IBM SDK, Java Technology Edition, Version 6 Service Refresh 16 and earlier \n\u00b7 IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 and earlier \n\u00b7 IBM SDK, Java Technology Edition, Version 7 Service Refresh 7 and earlier** \n\u00b7 IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 1 and earlier** \n\nIBM supplied the Java Runtime Environment (JRE) from the IBM SDK Java Technology Edition Versions with the following:\n\nThe 7.1.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Asset Management for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java 2 Technology Edition Version 5.\n\nThe 7.2.x versions of Tivoli Asset Management for IT, Tivoli Service Request Manager, and Tivoli Change and Configuration Management Database bundled the JRE from IBM SDK Java 2 Technology Edition Version 5.\n\nThe 7.5.x versions of Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, Maximo for Utilities, and SmartCloud Control Desk bundled the JRE from IBM SDK Java Technology Edition Version 6.\n\nThe 7.6.x versions of Maximo Asset Management bundled the JRE from IBM SDK Java Technology Edition Version 7.\n\nTRIRIGA for Energy Optimization 1.1.x bundled the JRE from IBM SDK Java Technology Edition Version 6.\n\nIt is likely that earlier unsupported versions are also affected by these vulnerabilities. Remediation is not provided for product versions that are no longer supported. IBM recommends that customers running unsupported versions upgrade to the latest supported version of products in order to obtain remediation for the vulnerabilities.\n\n## Remediation/Fixes\n\nThere are two areas where the vulnerabilities in the Java SDK/JDK or JRE may require remediation: \n1\\. Application Server \u2013 Update the Websphere Application Server. Refer to [_JDK Fixes for Websphere Application Server_](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) for additional information on updating and maintaining the JDK component within Websphere. Customers with Oracle Weblogic Server, which is not an IBM product and is not shipped by IBM, will also want to update their server. \n2\\. Browser Client - Update the Java plug-in used by the browser on client systems, using the remediated JRE version referenced on [_developerWorks Java__TM__ Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>) or referenced on [_Oracle\u2019s latest Critical Patch Update_](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) (which can be accessed via [_developerWorks Java__TM__ Technology Security Alerts_](<http://www.ibm.com/developerworks/java/jdk/alerts/>)). Updating the browser Java plug-in may impact some applets such as Maximo Asset Management Scheduler. Download from IBM FixCentral the latest [_Maximo Asset Management Scheduler Interim Fix_](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/Maximo+Asset+Management+Scheduler&release=All&platform=All&function=all&source=fc>) for Version 7.1 or the latest [_Maximo Asset Management Fix Pack_](<http://www-933.ibm.com/support/fixcentral/swg/quickorder?parent=ibm~Tivoli&product=ibm/Tivoli/IBM+Maximo+Asset+Management&release=All&platform=All&function=all&source=fc>) for Version 7.5, which includes the resolution for APAR IV11560. \n \nDue to the threat posed by a successful attack, IBM strongly recommends that customers apply fixes as soon as possible.\n\n## Workarounds and Mitigations\n\nUntil you apply the fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so IBM strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\n\n## ", "cvss3": {}, "published": "2022-09-22T03:02:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Asset and Service Management", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-09-22T03:02:31", "id": "BCF51D77CBD205786D05C4D39C68EB7B11A8D4D268F03AEF88EC8A6D66DD05DF", "href": "https://www.ibm.com/support/pages/node/256551", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:51:34", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR8 that is used by IBM B2B Advanced Communications. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100153> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/#/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1 \nIBM B2B Advanced Communications 1.0.0.2\n\n## Remediation/Fixes\n\nThe recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available. \n \n\n\n**_Fix_**| **_VRMF_**| **_APAR_**| **_How to acquire fix_** \n---|---|---|--- \nInterim Fix 1.0.0.2_2| 1.0.0.2| IT07760| IBM Fix Central &gt; [](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.1&platform=All&function=fixId&fixids=IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media&includeSupersedes=0>)[B2B_Advanced_Communications_V1.0.0.2_2_iFix_Media](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Other%2Bsoftware&product=ibm/Other+software/Multi-Enterprise+Integration+Gateway&release=1.0.0.2&platform=All&function=fixId&fixids=IBM_B2B-Advanced_Communications_V1.0.0.2_2_iFix_Media&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T19:43:33", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM B2B Advanced Communications (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-16T19:43:33", "id": "B2AF94E4B4104CFC171D34D738F1AFC4758C45D61D537CBC43031028CB7E0EA4", "href": "https://www.ibm.com/support/pages/node/259077", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:52:09", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 that are used by IBM SPSS Collaboration and Deployment Services. These issues were disclosed as part of the IBM Java SDK updates in January 2015 and the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability disclosure.\n\n## Vulnerability Details\n\n \n**CVEID:** [CVE-2015-0138](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \nThis vulnerability is also known as the FREAK attack. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \n \n**CVEID:** [CVE-2015-0410](<https://vulners.com/cve/CVE-2015-0410>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n \n**CVEID:** [CVE-2014-6593](<https://vulners.com/cve/CVE-2014-6593>) \n**DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n## Affected Products and Versions\n\nIBM SPSS Collaboration and Deployment Services: 4.2.1, 5.0, 6.0, 7.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical. \n \n[**SPSS Collaboration and Deployment Services 4.2.1 Interim Fix installs JRE 6.0.16.3 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039657>) \n \n \n[**SPSS Collaboration and Deployment Services 5.0 Interim Fix installs JRE 6.0.16.3 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039676>) \n \n \n[**SPSS Collaboration and Deployment Services 6.0 Interim Fix installs JRE 6.0.16.3 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039677>) \n \n \n[**SPSS Collaboration and Deployment Services 7.0 Interim Fix installs JRE 7.0.8.10 Update to address security vulnerabilities**](<http://www-01.ibm.com/support/docview.wss?uid=swg24039660>) \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T13:14:44", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 1.5, 1.6 and 1.7 affect IBM SPSS Collaboration and Deployment Services: (CVE-2015-0138, CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-16T13:14:44", "id": "B54B951BA69A45A42C22316F65849B1B272FBE0A1CC0C81E82AED4F7B134F2FE", "href": "https://www.ibm.com/support/pages/node/258207", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-02-21T01:55:21", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Dynamic Process Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM WebSphere Dynamic Process Edition 6.1, 6.2, 7.0\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Dynamic Process Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:25", "id": "8B40FDB56EA15CA7B7ECA96D1F0C65FAF9869A403B3A24B57330B0554D1A9FE3", "href": "https://www.ibm.com/support/pages/node/248359", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-06-24T06:01:03", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * IBM WebSphere Business Services Fabric Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n * IBM WebSphere Business Services Fabric for z/OS Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-08-19T18:23:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Business Services Fabric (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-08-19T18:23:31", "id": "0A52855EBC106D332F7FF9458EEA842DA6D00FB27F4E8ECAF4647C6AF1B0DBD3", "href": "https://www.ibm.com/support/pages/node/248369", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 7R1 Service Refresh 2 and earlier releases that is used by IBM MQLight. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Vulnerability Details\n\n**CVEID:** [](<https://vulners.com/cve/CVE-2014-6593>)[_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153> for the current score. \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID: **[](<https://vulners.com/cve/CVE-2015-0138>)[](<https://vulners.com/cve/CVE-2015-0138>)[_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)_ \n_**DESCRIPTION: **A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n\n\n**CVEID: **[_CVE-2015-0410 \n_](<https://vulners.com/cve/CVE-2015-0410>)**DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nThe vulnerabilities affect users of IBM MQ Light V1.0 and V1.0.0.1 on all platforms.\n\n## Remediation/Fixes\n\nDownload and install the appropriate MQ Light Server for your platform as shown below: \n \n\n\n**Platform**| **License Type**| **APAR**| **Remediation/Fix** \n---|---|---|--- \nWindows| Developer| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&amp;product=ibm/WebSphere/IBM+MQ+Light&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=IBM-MQ-Light-Windows-x64-developer-L150325-IT07780&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-developer-L150325-IT07780&includeSupersedes=0>) \nWindows| Production| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&amp;product=ibm/WebSphere/IBM+MQ+Light&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=IBM-MQ-Light-Windows-x64-production-L150325-IT07780&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Windows-x64-production-L150325-IT07780&includeSupersedes=0>) \nLinux| Developer| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&amp;product=ibm/WebSphere/IBM+MQ+Light&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=IBM-MQ-Light-Linux-x64-developer-L150325-IT07780&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-developer-L150325-IT07780&includeSupersedes=0>) \nLinux| Production| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&amp;product=ibm/WebSphere/IBM+MQ+Light&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=IBM-MQ-Light-Linux-x64-production-L150325-IT07780&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Linux-x64-production-L150325-IT07780&includeSupersedes=0>) \nMac| Developer| IT07780| [http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&amp;product=ibm/WebSphere/IBM+MQ+Light&amp;release=All&amp;platform=All&amp;function=fixId&amp;fixids=IBM-MQ-Light-Mac-x64-developer-L150325-IT07780&amp;includeSupersedes=0](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/IBM+MQ+Light&release=All&platform=All&function=fixId&fixids=IBM-MQ-Light-Mac-x64-developer-L150325-IT07780&includeSupersedes=0>) \n \nThe following link describes how to re-use the data from your existing installation: \n[_http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm _](<http://www.ibm.com/support/knowledgecenter/SSBJCR_1.0.0/com.ibm.mq.koa.doc/tmql_data.htm>)\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:40", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MQ Light (CVE-2014-6593, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2018-06-15T07:02:40", "id": "7E327BBFF3C6248340BB4D02D0AED4CFA65A1C13329D0793D3B72E11E963D084", "href": "https://www.ibm.com/support/pages/node/257819", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-12-02T21:37:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM License Metric Tool v9, v7.5 &amp; v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 &amp; v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-6593_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n\n\n**CVEID:** [_CVE-2015-0400_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n \n \n \n\n\n**CVEID:** [_CVE-2015-0410_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n## Affected Products and Versions\n\nIBM License Metric Tool v9, v7.5 &amp; v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 &amp; v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9\n\n## Remediation/Fixes\n\nFor IBM License Metric Tool v9 and IBM Endpoint Manager for Software Use Analysis v9 \n\n * Upgrade your installation to version 9.2.0.0.\n \nFor IBM License Metric Tool v7.5 &amp; v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 &amp; v7.2.2 \n\n * Apply fixes provided in the following technote: <http://www-01.ibm.com/support/docview.wss?uid=swg21695362>\n * Note, that v7.5 use WebSphere 7, and v7.2.2 use WebSphere 6.1\n\n## Workarounds and Mitigations\n\nThere are no workarounds/mitigations available.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\nOff \n\n[_IBM Java SDK Security Bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg21695474>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n[{\"Product\":{\"code\":\"SS8JFY\",\"label\":\"IBM License Metric Tool\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Component\":\"--\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.2.2;7.5;9.0;9.0.1;9.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Product\":{\"code\":\"SSHT5T\",\"label\":\"Tivoli Asset Discovery for Distributed\"},\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Component\":\"\",\"Platform\":[{\"code\":\"\",\"label\":\"\"}],\"Version\":\"7.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {}, "published": "2022-08-19T18:23:31", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9, v7.5 & v7.2.2, IBM Tivoli Asset Discovery for Distributed v7.5 & v7.2.2 and IBM Endpoint Manager for Software Use Analysis v9 - CVE-2014-6593, CVE-2015-0400, C", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-08-19T18:23:31", "id": "0D6B664C1C93334BA26D9D6EC44803B39EFCE24CAC95129F591720474BAD51CA", "href": "https://www.ibm.com/support/pages/node/258821", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T06:08:41", "description": "## Summary\n\nPrevious releases of IBM QRadar Security Information and Event Manager, IBM QRadar Vulnerability Manager and IBM QRadar Risk Manager are affected by multiple vulnerabilities reported in the IBM SDK Java Technology Edition Version 6 and 7.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-0453_](<https://vulners.com/cve/CVE-2014-0453>)\n\n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n_CVSS Base Score:_ 4 \n_CVSS Temporal Score:_ See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/92490_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92490>) for the current score \n_CVSS Environmental Score:_*: Undefined \n_CVSS Vector:_ (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n_CVSS Base Score:_ 4 \n_CVSS Temporal Score:_ See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \n_CVSS Environmental Score:_*: Undefined \n_CVSS Vector:_ (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n \n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \n \n_CVSS Base Score:_ 4 \n_CVSS Temporal Score:_ See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \n_CVSS Environmental Score:_*: Undefined \n_CVSS Vector:_ (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * IBM QRadar SIEM 7.2.3 Patch 4 and below.\n * IBM QRadar SIEM 7.1 MR2 Patch 8 and below.\n * IBM QRadar Vulnerability Manager 7.2.3 Patch 4 and below.\n * IBM QRadar Risk Manager 7.2.3 Patch 4 and below.\n * IBM QRadar Risk Manager 7.1 MR2 Patch 8 and below.\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for each named product as soon as practical. Please see below for information about the fixes available. \n\n_Product_| _Remediation/First Fix_ \n---|--- \n \n * IBM QRadar SIEM 7.2.3\n * IBM QRadar Vulnerability Manager 7.2.3\n * IBM QRadar Risk Manager 7.2.3\n| [IBM QRadar SIEM 7.2.4 Patch 1](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security%2BSystems&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.2.0&platform=All&function=fixId&fixids=7.2.4-QRADAR-QRSIEM-988458&includeSupersedes=0>) \n \n * IBM QRadar SIEM 7.1 MR2\n * IBM QRadar Risk Manager 7.1 MR2\n| [IBM QRadar SIEM 7.1 MR2 Patch 9](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.1.0&platform=Linux&function=fixId&fixids=7.1.0-QRADAR-QRSIEM-989724&includeSupersedes=0>) \n \n## Workarounds and Mitigations\n\nNone \n\n \n**\n\n## ", "cvss3": {}, "published": "2022-02-23T17:02:11", "type": "ibm", "title": "Security Bulletin: IBM QRadar SIEM can be affected by several vulnerabilities in the IBM Java Runtime Environment (CVE-2014-0453, CVE-2014-4263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0453", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2022-02-23T17:02:11", "id": "BE9D2D904E7CA83543DFC946C3B3E45C2D3BCF72E299A05839DBB505E1C6FE03", "href": "https://www.ibm.com/support/pages/node/520241", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:51:58", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 6, 7 that are used by IBM InfoSphere Information Server and IBM InfoSphere Data Click.These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n\\-- IBM InfoSphere Information Server versions 8.0, 8.1, 8.5, 8.7, 9.1, 11.3 and 11.3.1 running on all platforms \n\\-- IBM InfoSphere Data Click version 10.0 running on Linux\n\n## Remediation/Fixes\n\n**_Product_**\n\n| **_VRMF_**| **_APAR_**| **_Remediation/First Fix_** \n---|---|---|--- \nInfoSphere Information Server| 11.3.1| JR50959| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR50959_services_engine_*>) \nInfoSphere Information Server| 11.3| JR50959| \\--Follow instructions in the [_README_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR50959_services_engine_*>) \nInfoSphere Data Click| 10.0| JR50959| Contact IBM customer support to obtain the fix. \nInfoSphere Information Server| 9.1| JR50959| \\--Apply [_JR50959_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is91_JR50959_services_engine*>) \nInfoSphere Information Server| 8.7| JR50959| \\--Apply IBM InfoSphere Information Server version [_8.7 Fix Pack 2_](<http://www-01.ibm.com/support/docview.wss?uid=swg24034359>) \n\\--Apply [_JR50959_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8702_JR50959_services_engine*>) \nInfoSphere Information Server| 8.5| JR50959| \\--Apply IBM InfoSphere Information Server version [_8.5 Fix Pack 3_](<http://www-01.ibm.com/support/docview.wss?uid=swg24033513>) \n\\--Apply [_JR50959_](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is8503_JR50959_services_engine*>) \nInfoSphere Information Server| 8.1| None| Contact IBM customer support. \nInfoSphere Information Server| 8.0| None| Contact IBM customer support. \n \nNote: \nThe same fix may be listed under multiple vulnerabilities. Installing the fix addresses all vulnerabilities to which the fix applies. Also, some fixes require installing both a fix pack and a subsequent patch. While the fix pack must be installed first, any additional patches required may be installed in any order. \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-16T14:07:13", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server and IBM InfoSphere Data Click (CVE-2014-04263, CVE-2014-4244)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-04263", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-16T14:07:13", "id": "62ED307AE50D2DD8FD98BC7FC6E5B6568331CD82C5DFB8F2433DF487FDCF11DE", "href": "https://www.ibm.com/support/pages/node/247961", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nWebSphere Lombardi Edition 7.1, 7.2\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Lombardi Edition (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:25", "id": "852EE307BCED8B2EC1AED4AD1C6489591CF734B8BB57A11023D914585AA3C82A", "href": "https://www.ibm.com/support/pages/node/248361", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:58:11", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 5.0 SR16-FP6 and earlier, 6 SR16 and earlier and 7 SR7 and earlier that are used by IBM WebSphere MQ. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [CVE-2014-4263](<https://vulners.com/cve/CVE-2014-4263>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94606> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [CVE-2014-4244](<https://vulners.com/cve/CVE-2014-4244>)** \nDESCRIPTION:** An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/94605> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>) \n**DESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM JRE 5 (maintenance levels older than SR16 FP6) provided by WebSphere MQ 7.0.1.12 and earlier on all platforms (except IBM i and z/OS) \n\nIBM JRE 6 (maintenance levels older than SR16) provided by WebSphere MQ 7.1.0.5 and earlier and WebSphere MQ 7.5.0.4 and earlier on all platforms (except IBM i and z/OS)\n\nIBM JRE 7 (maintenance levels older than SR7) provided by WebSphere MQ 8.0.0.0 on all platforms (except IBM i and z/OS)\n\nIBM JRE 7 (maintenance levels older than SR7) provided by WebSphere MQ 8.0.0.1 on HP-UX\n\n## Remediation/Fixes\n\nWebSphere MQ 7.0.1: Apply fix pack [7.0.1.13](<http://www-01.ibm.com/support/docview.wss?rs=171&uid=swg27014224>) when available. In the interim apply [APAR IT06182](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.0.*&platform=All&function=aparId&apars=IT06182>) \nWebSphere MQ 7.1: Apply [fix pack 7.1.0.6](<http://www-01.ibm.com/support/docview.wss?uid=swg27024302>). \nWebSphere MQ 7.5: Apply[ fix pack 7.5.0.5](<http://www-01.ibm.com/support/docview.wss?uid=swg27038184>) when available. In the interim apply [APAR IV67334](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+MQ&release=7.1.*&platform=All&function=aparId&apars=IV67334>) \nWebSphere MQ 8.0: Apply[ fix pack 8.0.0.1](<http://www-01.ibm.com/support/docview.wss?uid=swg27043086>) (except HP-UX). For HP-UX apply [fix pack 8.0.0.2](<http://www-01.ibm.com/support/docview.wss?uid=swg27043086>) when available, in the interim contact IBM Support\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere MQ (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068 )", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:02:23", "id": "2F5D0AB0CE69E23F1B88B2B2A3C1755C57D9B3E19BDCC9022A78DA62F9078F00", "href": "https://www.ibm.com/support/pages/node/523515", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:41:41", "description": "## Summary\n\nAn attacker can monitor a long-lived encrypted CCRC session and potentially decrypt the entire session.\n\n## Vulnerability Details\n\n| **Subscribe to My Notifications to be notified of important product support alerts like this.**\n\n * Follow [this link](<https://www.ibm.com/systems/support/myview/subscription/css.wss/subscriptions?methodName=startSearchToSubscribe&uctug_rational_dcfsbblurb_2013-11-05_myn_adoption_promo>) for more information (requires login with your IBM ID) \n---|--- \n \n**CVE ID: **[**CVE-2014-0411**](<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0411>) \n \n**Description: **Timing differences based on the validity of messages can be exploited to decrypt an entire SSL session. The exploit is not trivial, requiring a man-in-the-middle position and a long time (around 20 hours). ClearCase Remote Client is vulnerable to this attack if a single operation runs for such a long time. \n \n**CVSS Base Score**: 4** \nCVSS Temporal Score**: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90357> for the current score \n**CVSS Environmental Score***: Undefined \n**CVSS Vector: **(AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nOnly the ClearCase Remote Client/ClearTeam Explorer component of ClearCase is affected. \n \n\n\n**ClearCase Remote Client/ClearTeam Explorer version**\n\n| \n\n**Status** \n \n---|--- \n \n8.0.1 through 8.0.1.3\n\n| \n\nAffected \n \n8.0 through 8.0.0.10\n\n| \n\nAffected \n \n7.1.2 through 7.1.2.13\n\n| \n\nAffected \n \n7.1.0.x, 7.1.1.x (all versions and fix packs)\n\n| \n\nAffected \n \n7.0.x\n\n| \n\nNot affected \n \n## Remediation/Fixes\n\nThe solution is to upgrade to a newer fix pack of ClearCase. Please see below for information on the fixes available. \n \n\n\n**Affected Versions**\n\n| \n\n** Applying the fix** \n \n---|--- \n \n8.0.1.x\n\n| Install [Rational ClearCase Fix Pack 4 (8.0.1.4) for 8.0.1](<http://www.ibm.com/support/docview.wss?uid=swg24037660>) \n \n8.0.0.x\n\n| Install [Rational ClearCase Fix Pack 11 (8.0.0.11) for 8.0](<http://www.ibm.com/support/docview.wss?uid=swg24037659>) \n \n7.1.2.x (except HP-UX)\n\n| Install [Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24037658>) \n \n7.1.1.x (except HP-UX) \n7.1.0.x (except HP-UX)\n\n| Install [Rational ClearCase Fix Pack 14 (7.1.2.14) for 7.1.2](<http://www.ibm.com/support/docview.wss?uid=swg24037658>)\n\n * **Note:** 7.1.2.14 inter-operates with all 7.1.1.x systems, and can be installed in the same way as 7.1.1.x fix packs. \n7.1.2.x, 7.1.1.x, 7.1.0.x (HP-UX)| Customers with extended support contracts should install [Rational ClearCase Fix Pack 16 (7.1.2.16)](<http://www.ibm.com/support/docview.wss?uid=swg24038914>) \n \n**Notes: **\n\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), you should update the Java\u2122 Virtual Machine used by Eclipse to include a fix for CVE-2014-0411. Contact the supplier of your Eclipse or Java\u2122 Virtual Machine for instructions on updating Eclipse.\n * ClearCase 7.1.x for HP-UX uses the HP\u00ae JRE for J2SE\u2122 HP-UX\u00ae 11i platform, adapted by IBM for IBM Software, Version 5.0. The fixes for this issue came in a later Java update for this platform, and are now available in a later ClearCase fix pack.\n * Additional vulnerabilities in Java as used by Rational ClearCase have been published. Please review [**Security Bulletin: Java security vulnerabilities in ClearCase Remote Client (CVE-2014-4263, CVE-2014-4244)** ](<http://www.ibm.com/support/docview.wss?uid=swg21688432>)to determine whether these vulnerabilities apply to your deployment.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-07-10T08:34:12", "type": "ibm", "title": "Security Bulletin: SSL timing vulnerabilities in ClearCase Remote Client (CVE-2014-0411)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0411", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-07-10T08:34:12", "id": "E57295B2DF96E63714F13E4379EC8E7A499283CEEA7CE0853AF9B05661E32ED1", "href": "https://www.ibm.com/support/pages/node/243721", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:58:11", "description": "## Summary\n\nMultiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere MQIPT, a patch for these are available in IBM SDK, Java\u2122 Technology Edition, Version 7 Service Refresh 7 Fix Pack 1\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>) \n**DESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\nIBM SDK, Java\u2122 Technology Edition, Version 7 (maintenance levels older than service refresh 7 fix pack 1) provided by WebSphere MQIPT 2.1 on all platforms.\n\n## Remediation/Fixes\n\nUpdate the JRE component following the instructions contained in this link:[http://www.ibm.com/support/docview.wss?uid=swg21678663](<http://www-01.ibm.com/support/docview.wss?uid=swg21678663>) \n \nUpdated JREs for MQIPT can be downloaded from the[ MS81: WebSphere MQ Internet Pass-Thru](<http://www.ibm.com/support/docview.wss?uid=swg24006386>) SupportPac page, via the Download package link, in the Security Update JRE for MS81 section.\n\n## Workarounds and Mitigations\n\nNone known\n\n## ", "cvss3": {}, "published": "2018-06-15T07:02:20", "type": "ibm", "title": "Security Bulletin: IBM WebSphere MQ Internet Pass-Thru is affected by multiple vulnerabilities in IBM SDK, Java\u2122 Technology Edition, Version 7 (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:02:20", "id": "197EF92FCE113509445473DC2A0A3868F1E4E3F85729FE180CEE7BE93038759E", "href": "https://www.ibm.com/support/pages/node/522465", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T01:55:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition that is used by WebSphere Process Server and IBM Business Process Manager. These issues were disclosed as part of the IBM Java SDK updates in July 2014.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-4263_](<https://vulners.com/cve/CVE-2014-4263>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94606_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94606>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n**CVEID:** [_CVE-2014-4244_](<https://vulners.com/cve/CVE-2014-4244>) \n**DESCRIPTION:** An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/94605_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/94605>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)\n\n**CVEID: **[_CVE-2014-3068_](<https://vulners.com/cve/CVE-2014-3068>)** \nDESCRIPTION:** A vulnerability in the Java Certificate Management System (CMS) keystore provider potentially allows brute-force private key recovery from CMS keystores. \nCVSS Base Score: 2.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/93756_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/93756>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:H/Au:S/C:P/I:P/A:N)\n\n## Affected Products and Versions\n\n * WebSphere Process Server 6.1.x, 6.2.x, and 7.0.x\n * IBM Business Process Manager Standard 7.5.x, 8.0.x, and 8.5.x\n * IBM Business Process Manager Express 7.5.x, 8.0.x, and 8.5.x\n * IBM Business Process Manager Advanced 7.5.x, 8.0.x, and 8.5.x\n\n## Remediation/Fixes\n\nInstall WebSphere Application Server interim fixes as appropriate for your current WebSphere Application Server version as described in the [_Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server July 2014 CPU _](<http://www.ibm.com/support/docview.wss?uid=swg21680418>)document.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2018-06-15T07:01:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Process Server and IBM Business Process Manager (CVE-2014-4263, CVE-2014-4244, CVE-2014-3068)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3068", "CVE-2014-4244", "CVE-2014-4263"], "modified": "2018-06-15T07:01:25", "id": "7AFD831E411484DC59D0DA340F759DCA912A2DA0ED4530B43686C65AAE16898B", "href": "https://www.ibm.com/support/pages/node/248327", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-21T05:46:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireless Platform . These issues were disclosed as part of the IBM Java SDK updates in January 2015. \n\n## Vulnerability Details\n\nThe following advisories are included in the IBM\u00ae SDK Java\u2122 Technology Edition and WebSphere Application Server may be vulnerable to them. Interim fixes for HP Platforms will be available by 03/31/2015. \n** \nCVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>_ for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n** \nCVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n** \nCVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \nPlease consult the security bulletin [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Jan 2015 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>) for vulnerability details. \n\n## Affected Products and Versions\n\nAffected Product and Version(s)\n\n| Product and Version shipped as component \n---|--- \nTivoli Network Performance Manager 1.4| Bundled the Jazz for Service Management version 1.1.0.2, IBM WebSphere version 8.5.0.1 and the JRE from IBM SDK Java 2 Technology Edition Version 7. \nTivoli Network Performance Manager 1.3.2| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \nTivoli Network Performance Manager 1.3.1| Bundled the TIP version 2.1.0.x, IBM WebSphere version 7.0.0.x and the JRE from IBM SDK Java 2 Technology Edition Version 6. \n \n## Remediation/Fixes\n\nDownload and apply interim fix based on your WebSphere version in [**_Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server Jan 2015 CPU_**](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>)\n\n## ", "cvss3": {}, "published": "2018-06-17T14:56:41", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU shipped with IBM Tivoli Network Performance Manager Wireless Platform", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2018-06-17T14:56:41", "id": "2190DAA62F94768329E88E60874ECF86CAB45B388541D0E0F41C0302C925560A", "href": "https://www.ibm.com/support/pages/node/527123", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-06-24T05:56:59", "description": "## Abstract\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, IBM SDK, Java Technology Edition, Version 7 Service Refresh 8 that is used the following IMS\u2122 Enterprise Suite components: Connect API for Java, SOAP Gateway, and Explorer for Development. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability.\n\n## Content\n\n**Vulnerability Details** \n\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>) \n**DESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n\nThis vulnerability is also known as the FREAK attack.\n\nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)\n\n \n**AFFECTED PRODUCTS and VERSIONS:** \nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nThe SOAP Gateway component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nConnect API for Java component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \n \n**REMEDIATION: ** \nThe recommended solution is to apply the fix as soon as is practical. Please see below for information on the fixes available. \n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n\n \n**AFFECTED PRODUCTS and VERSIONS:** \nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nThe SOAP Gateway component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nConnect API for Java component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \n \n \n**REMEDIATION: ** \nThe recommended solution is to apply the fix as soon as is practical. Please see below for information on the fixes available. \n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n \n**AFFECTED PRODUCTS and VERSIONS:** \nExplorer for Development of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nThe SOAP Gateway component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \nConnect API for Java component of the IMS\u2122 Enterprise Suite Versions 3.1 and earlier. \n \n \n**REMEDIATION: ** \nThe recommended solution is to apply the fix as soon as is practical. Please see below for information on the fixes available. \n \n \n \n \n**Fixes:** \n \n\n\n**_Product_**\n\n| \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| **_Download URL_** \n---|---|---|--- \n \n_IMS Enterprise Suite Connect API for Java V3.1_\n\n| \n\n_3.1.0.7_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n_IMS Enterprise Suite Connect API for Java V2.2_\n\n| \n\n_2.2.0.7_\n\n| \n\n_N/A_\n\n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n_IMS Enterprise Suite Explorer for Development V3.1_\n\n| \n\n_3.1.1.4_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \n \n_IMS Enterprise Suite SOAP Gateway V3.1_\n\n| \n\n_3.1.0.3_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n_IMS Enterprise Suite SOAP Gateway V2.2_\n\n| \n\n_2.2.0.5_\n\n| \n\n_N/A_ \n\n\n \n| [__https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite__](<https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite>) \nPlease follow the instructions on the download site to get the updated Java. \n \n \n \n**Workarounds and Mitigations** \nNone known \n\n\n**Acknowledgement**\n\nCVE-2015-0138 was reported to IBM by Karthikeyan Bhargavan of the PROSECCO team at INRIA\n\n \n \n \n**Change History** \n_2 April 2015: Original_ \n \n**", "cvss3": {}, "published": "2022-09-25T21:21:12", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IMS\u2122 Enterprise Suite: Connect API for Java, SOAP Gateway, and Explorer for Development (CVE-2015-0138, CVE-2015-0410, CVE-2014-6593)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0138", "CVE-2015-0410"], "modified": "2022-09-25T21:21:12", "id": "EC972C692BE3023B72017E1A0E500647A4508BA18E2201793D3A30F3A4FFF8F1", "href": "https://www.ibm.com/support/pages/node/258963", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-24T06:06:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 6.0 that is used by IBM WebSphere Application Server embedded in IBM InfoSphere Global Name Management. These issues were disclosed as part of the IBM Java SDK updates in January 2015.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0410_](<https://vulners.com/cve/CVE-2015-0410>)** \nDESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100151_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100151>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) \n \n \n\n\n**CVEID:** [_CVE-2015-0400_](<https://vulners.com/cve/CVE-2015-0400>)** \nDESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information. \nCVSS Base Score: 5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100149_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100149>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) \n\n \n \n \n\n\n**CVEID:** [_CVE-2014-6593_](<https://vulners.com/cve/CVE-2014-6593>)** \nDESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/100153_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n\n## Affected Products and Versions\n\nIBM Global Name Management 5.0\n\n## Remediation/Fixes\n\nFrom the [_WebSphere Security Bulletin_](<http://www-01.ibm.com/support/docview.wss?uid=swg21695362>): \n \nApply Interim Fix [_PI33406_](<http://www-01.ibm.com/support/docview.wss?uid=swg24039304>): Will upgrade you to IBM SDK, Java Technology Edition, Version 6R1 Service Refresh 8 Fix Pack 3 \n\n**\\--OR--**\n\nApply IBM Java SDK shipped with WebSphere Application Server Fix pack 11 (8.0.0.11) or later (targeted to be available 17 August 2015). \n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {}, "published": "2022-04-20T17:04:55", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Global Name Management 5.0 (CVE-2014-6593, CVE-2015-0400, CVE-2015-0410)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6593", "CVE-2015-0400", "CVE-2015-0410"], "modified": "2022-04-20T17:04:55", "id": "17B08F6F44F4DFD4020907C209D995B8B4BE03B83FAA709EEF0B6474E13631F8", "href": "https://www.ibm.com/support/pages/node/526735", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-21T01:46:37", "description": "## Summary\n\nThe \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability affects IBM\u00ae Runtime Environment Java\u2122 Technology Edition that is used by IBM Tivoli Monitoring (ITM). \n \nGSKit is an IBM component that is used by IBM Tivoli Monitoring. The GSKit that is shipped with IBM Tivoli Monitoring contains a security vulnerability for the \u201cFREAK: Factoring Attack on RSA-EXPORT keys\" TLS/SSL client and server vulnerability. ITM has addressed the CVE.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2015-0138_](<https://vulners.com/cve/CVE-2015-0138>)** \nDESCRIPTION:** A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers. \n \nThis vulnerability is also known as the FREAK attack. \n \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691_](<http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n**\n\n### \n\n** \nThe Java remediation below