Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB892E6DDD2043AD25A84B33AE4FC3F18A7E39D06BB44F4BED23DE68891B4CDF8
HistoryMar 29, 2023 - 1:48 a.m.

Security Bulletin: Vulnerabilities in IBM Java SDK affects IBM SAN Volume Controller and Storwize Family (CVE-2014-6593, CVE-2015-0410)

2023-03-2901:48:02
www.ibm.com
14

0.698 Medium

EPSS

Percentile

98.0%

JSON

Summary

There are vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 that is used by IBM SAN Volume Controller and Storwize Family. These issue was disclosed as part of the IBM Java SDK updates in Jan 2015.

Vulnerability Details

CVEID: CVE-2014-6593

DESCRIPTION: A flaw in the TLS implementation allows a man-in-the-middle attacker to force the connection into plaintext. The TLS implementation provides communications security by encrypting the data while being transferred over a computer network.
CVSS Base Score: 4
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-0410

DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/100151&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

IBM SAN Volume Controller
IBM Storwize V7000
IBM Storwize V5000
IBM Storwize V3700
IBM Storwize V3500

All products are affected when running code releases 1.1 to 7.4.

Remediation/Fixes

IBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500 to the following code level or higher:

7.3.0.10
7.4.0.3

Latest SAN Volume Controller Code
Latest Storwize V7000 Code
Latest Storwize V5000 Code
Latest Storwize V3700 Code
Latest Storwize V3500 Code

Workarounds and Mitigations

Although IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.

Related

ibm 85
f5 4
nessus 37
vmware 2
cvelist 2
threatpost 1
kaspersky 1
prion 2
zdt 2
cve 2
ubuntucve 2
packetstorm 2
veracode 2
debiancve 2
openvas 30
redhat 10
centos 4
amazon 3
oraclelinux 4
mageia 1
aix 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Image Construction and Composition Tool (CVE-2015-0410 and CVE-2014-6593)
2018-06-15 07:03:24
Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models, (CVE-2014-6593 and CVE-2015-0410)
2023-02-18 01:45:50
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Data Studio Web Console. (CVE-2014-6593, CVE-2015-0410)
2018-06-16 13:10:05
f5
f5
K16353 : Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16353 - Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16352 - Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
nessus
nessus
Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
2015-01-21 00:00:00
VMware vSphere Update Manager Java Vulnerability (VMSA-2015-0003)
2015-05-01 00:00:00
Oracle Java SE 5 < Update 76 / 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities
2015-02-12 00:00:00
vmware
vmware
VMware product updates address critical information disclosure issue in JRE.
2015-04-02 00:00:00
VMware product updates address critical information disclosure issue in JRE
2015-04-02 00:00:00
cvelist
cvelist
CVE-2014-6593
2015-01-21 15:00:00
CVE-2015-0410
2015-01-21 18:00:00
threatpost
threatpost
VMware Fixes Java Information Disclosure Vulnerability
2015-04-03 11:03:15
kaspersky
kaspersky
KLA10530 JRE update for multiple VMware products
2015-04-02 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 15:28:00
Security feature bypass
2015-01-21 18:59:00
zdt
zdt
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-05 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy Exploit
2015-08-13 00:00:00
cve
cve
CVE-2014-6593
2015-01-21 15:28:29
CVE-2015-0410
2015-01-21 18:59:50
ubuntucve
ubuntucve
CVE-2014-6593
2015-01-21 00:00:00
CVE-2015-0410
2015-01-21 00:00:00
packetstorm
packetstorm
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-06 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
2015-08-12 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 05:07:16
Denial Of Service (DoS)
2019-05-02 05:07:17
debiancve
debiancve
CVE-2014-6593
2015-01-21 15:28:29
CVE-2015-0410
2015-01-21 18:59:50
openvas
openvas
VMware NSX updates address critical information disclosure issue in JRE (VMSA-2015-0003)
2015-10-27 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Windows
2015-02-02 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Linux
2015-02-02 00:00:00
redhat
redhat
(RHSA-2015:0136) Important: java-1.5.0-ibm security update
2015-02-05 00:00:00
(RHSA-2015:0068) Important: java-1.7.0-openjdk security update
2015-01-20 00:00:00
(RHSA-2015:0085) Important: java-1.6.0-openjdk security update
2015-01-26 00:00:00
centos
centos
java security update
2015-01-26 19:17:49
java security update
2015-01-21 05:35:44
java security update
2015-01-21 05:42:52
amazon
amazon
Important: java-1.6.0-openjdk
2015-02-11 19:38:00
Critical: java-1.7.0-openjdk
2015-01-22 14:18:00
Important: java-1.8.0-openjdk
2015-01-22 14:20:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.6.0-openjdk security update
2015-01-26 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2015-01-24 17:32:04
aix
aix
Multiple vulnerabilities in current releases of IBM SDK Java Technology Edition; issues disclosed in the Oracle Feb 2015 Critical Patch Update vulnerability and two additional Vuln
2015-02-19 10:53:54

0.698 Medium

EPSS

Percentile

98.0%

JSON
Related for B892E6DDD2043AD25A84B33AE4FC3F18A7E39D06BB44F4BED23DE68891B4CDF8
ibm85f54nessus37vmware2cvelist2threatpost1kaspersky1prion2zdt2cve2ubuntucve2packetstorm2veracode2debiancve2openvas30redhat10centos4amazon3oraclelinux4mageia1aix1