9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
A security vulnerability has been identified in IBM SDK that could affect DataQuant for z/OS.
CVEID: CVE-2019-2816
CVSS Base Score: 4.8
**DESCRIPTION:**A flaw in the java.net API incorrectly converts some Unicode characters when converting Internalized Domain Name URLs into KC normalized form. As a result, characters with syntactic significance (colon, slash etc.) can be injected into URLs.
The fix ensures that illegal characters in IDN URLs are detected and handled gracefully.
CVEID: CVE-2019-2766
CVSS Base Score: 3.1
**DESCRIPTION:**A flaw in the java.net component allows untrusted code to elevate its file access privileges.
The fix corrects the flaw.
CVEID: CVE-2019-11771
CVSS Base Score: 8.4
**DESCRIPTION:**On the AIX platform, various binaries in the IBM JRE/SDK contain inappropriate absolute RPATHs, which may allow local users to inject code into JVM processes launched by other users with higher privileges.
The fix removes the unsafe RPATHs.
CVEID: CVE-2019-11775
CVSS Base Score: 8.4
**DESCRIPTION:**A flaw in OpenJ9’s JIT compiler allows untrusted code to elevate its privileges and execute arbitrary code.
The fix corrects the flaw.
CVEID: CVE-2019-2786
CVSS Base Score: 3.4
**DESCRIPTION:**A flaw in the java.security.AccessController API allows untrusted code to elevate its privileges.
The fix corrects the flaw.
CVEID: CVE-2019-11772
CVSS Base Score: 8.4
**DESCRIPTION:**A flaw in OpenJ9’s String.getBytes() implementation allows untrusted code to elevate its privileges and execute arbitrary code.
The fix adds bounds checks to correct the flaw.
CVEID: CVE-2019-2769
CVSS Base Score: 5.3
**DESCRIPTION:**A flaw in the java.util component allows an attacker to inflict a DoS via malicious serialized data which triggers an OutOfMemoryError.
The fix ensures that this type of malicious data is detected and handled gracefully.
CVEID: CVE-2019-2762
CVSS Base Score: 5.3
**DESCRIPTION:**A flaw in the java.lang component allows an attacker to inflict a DoS via malicious serialized data which triggers an OutOfMemoryError.
The fix ensures that this type of malicious data is detected and handled gracefully.
CVEID: CVE-2019-7317
CVSS Base Score: 6.8
**DESCRIPTION:**A vulnerability in the libpng code which is used by the java.awt.SplashScreen API may allow untrusted code to elevate its privileges.
The fix updates the libpng code to the level which addresses the flaw.
CVEID: CVE-2019-4473
CVSS Base Score: 8.4
**DESCRIPTION:**On the AIX platform, various binaries in the IBM JRE/SDK contain inappropriate absolute RPATHs, which may allow local users to inject code into JVM processes launched by other users with higher privileges.
The fix removes the unsafe RPATHs.
DataQuant for z/OS 2.1
Steps to update JRE - DataQuant:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm dataquant for z/os | eq | 2.1 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P