IBMB313494090BD6646936BBA966F9EA9258676693E16E6E2DB399C69B9C2D5D78DSecurity Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM MessageSight (CVE-2015-4872)
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Summary
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 and 7R1 that is used by IBM MessageSight. These issues were disclosed as part of the IBM Java SDK updates for October 2015.
Vulnerability Details
CVEID: CVE-2015-4872
DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/107361> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Affected Products and Versions
IBM MessageSight 1.2 and 1.1
Remediation/Fixes
Product
| VMRM| APAR| First Fix
—|—|—|—
IBM MessageSight| 1.2| IT12295| 1.2.0.3-IBM-IMA-IF``IT12295
| 1.1| IT12620 | 1.1.0.1-IBM-IMA-``IFIT12620
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm messagesight | eq | 1.1 | |
| ibm messagesight | eq | 1.2 |
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N