Lucene search

K
ibmIBMB5608E8C11D38B0FC757A91B0521FB5519A206F6E6783F1B21EC479AB8EAE2BA
HistoryMar 25, 2021 - 10:35 a.m.

Security Bulletin: A vulnerability in IBM Java SDK affects IBM License Metric Tool v9 (CVE-2020-14782).

2021-03-2510:35:07
www.ibm.com
14
ibm
java sdk
license metric tool
cve-2020-14782
vulnerability
unauthenticated attacker
low integrity impact

EPSS

0.002

Percentile

58.9%

Summary

There is an unspecified vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM License Metric Tool. This issue was disclosed as part of the IBM Java SDK updates in Oct 2020.

Vulnerability Details

CVEID:CVE-2020-14782
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190100 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM License Metric Tool All

Remediation/Fixes

Upgrade to version 9.2.23 or later using the following procedure:

In BigFix console, expand IBM License Reporting (ILMT) node under Sites node in the tree panel.
Click Fixlets and Tasks node. Fixlets and Tasks panel will be displayed on the right.
In the Fixlets and Tasks panel locate Upgrade to the latest version of IBM License Metric Tool 9.x fixlet and run it against the computer that hosts your server.

Workarounds and Mitigations

None