5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
IBM Java SDK is shipped as a component of IBM DB2 Recovery Expert for Linux, UNIX, and Windows . Information about a security vulnerability affecting IBM Java SDK has been published in a security bulletin.
CVEID: CVE-2015-4872**
DESCRIPTION:** An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
IBM DB2 Recovery Expert for Linux, UNIX, and Windows versions 3.1 through 4.1
Replace existing JRE with JRE V7 SR9-Fix Pack 1 (http://www-01.ibm.com/support/docview.wss?uid=swg21639279).
You can replace the IBM Runtime Environment, Java™ Technology Edition that is installed with IBM DB2 Recovery Expert for Linux, UNIX, and Windows with the latest IBM Runtime Environment, Java™ Technology Edition following the detailed instructions provided in the tech-note “Updating the JRE for DB2 Recovery Expert for Linux, UNIX and Windows”.
CPE | Name | Operator | Version |
---|---|---|---|
db2 recovery expert for linux, unix and windows | eq | 4.1.0 | |
db2 recovery expert for linux, unix and windows | eq | 3.1.0 |