Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB8BB28CB59403D76B2A95C8494CFB748BC173FFC4D90F4B4EC299DE20491DE0A
HistoryJun 17, 2018 - 2:57 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)

2018-06-1714:57:53
www.ibm.com
20

5.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:P/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Versions 6 and 7 that are used by Tivoli Netcool/OMNIbus. These were disclosed as part of the IBM Java SDK updates in January 2015.

Vulnerability Details

CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See _<https://exchange.xforce.ibmcloud.com/vulnerabilities/100153&gt;_ for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-0383 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C)

CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Tivoli Netcool/OMNIbus 7.3.0
Tivoli Netcool/OMNIbus 7.3.1
Tivoli Netcool/OMNIbus 7.4.0
Tivoli Netcool/OMNIbus 8.1.0

Remediation/Fixes

Product

| VRMF| APAR| Remediation/First Fix
—|—|—|—
OMNIbus | 7.3.0.15| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24039199&gt;
OMNIbus| 7.3.1.12| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24036687&gt;
OMNIbus| 7.4.0.6| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24036690&gt;
OMNIbus | 8.1.0.2| IV69293| <http://www-01.ibm.com/support/docview.wss?uid=swg24038348&gt;

Related

ibm 80
f5 4
nessus 32
openvas 33
vmware 2
threatpost 1
fedora 3
ubuntucve 3
cve 4
kaspersky 1
prion 3
zdt 2
packetstorm 2
veracode 3
debiancve 3
redhat 4
oraclelinux 3
centos 4
mageia 1
debian 3
osv 2
amazon 2
ubuntu 2
suse 2
ibm
ibm
Security Bulletin: Three vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation and IBM FileNet BPM (CVE-2014-6593, CVE-2015-0410, and CVE-20150-0383)
2018-06-17 12:10:11
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM InfoSphere Optim Performance Manager (CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)
2021-07-08 21:30:52
Security Bulletin: Multiple vulnerabilities in IBM Java runtime affect ClearQuest Web and ClearQuest EmailRelay (CVE-2014-6593, CVE-2015-0383, CVE-2015-0410)
2018-09-29 18:04:03
f5
f5
K16353 : Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16353 - Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
K16352 : Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
nessus
nessus
Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
2015-01-21 00:00:00
Oracle Java SE 5 < Update 76 / 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities
2015-02-12 00:00:00
Fedora 20 : java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 (2015-8251)
2015-05-29 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Windows
2015-02-02 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Linux
2015-02-02 00:00:00
Fedora Update for java-1.8.0-openjdk FEDORA-2015-8251
2015-06-09 00:00:00
vmware
vmware
VMware product updates address critical information disclosure issue in JRE.
2015-04-02 00:00:00
VMware product updates address critical information disclosure issue in JRE
2015-04-02 00:00:00
threatpost
threatpost
VMware Fixes Java Information Disclosure Vulnerability
2015-04-03 11:03:15
fedora
fedora
[SECURITY] Fedora 21 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc21
2015-05-17 06:40:01
[SECURITY] Fedora 22 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc22
2015-05-26 03:54:26
[SECURITY] Fedora 20 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc20
2015-05-27 16:03:58
ubuntucve
ubuntucve
CVE-2015-0383
2015-01-21 00:00:00
CVE-2014-6593
2015-01-21 00:00:00
CVE-2015-0410
2015-01-21 00:00:00
cve
cve
CVE-2015-0383
2015-01-21 18:59:00
CVE-2014-6593
2015-01-21 15:28:00
CVE-2015-0410
2015-01-21 18:59:00
kaspersky
kaspersky
KLA10530 JRE update for multiple VMware products
2015-04-02 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 15:28:00
Design/Logic Flaw
2015-01-21 18:59:00
Security feature bypass
2015-01-21 18:59:00
zdt
zdt
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-05 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy Exploit
2015-08-13 00:00:00
packetstorm
packetstorm
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
2015-08-12 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-06 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 05:07:16
Denial Of Service (DoS)
2019-05-02 05:07:17
Denial Of Service (DoS)
2019-05-02 05:07:17
debiancve
debiancve
CVE-2014-6593
2015-01-21 15:28:00
CVE-2015-0383
2015-01-21 18:59:00
CVE-2015-0410
2015-01-21 18:59:00
redhat
redhat
(RHSA-2015:0067) Critical: java-1.7.0-openjdk security update
2015-01-21 00:00:00
(RHSA-2015:0085) Important: java-1.6.0-openjdk security update
2015-01-26 00:00:00
(RHSA-2015:0068) Important: java-1.7.0-openjdk security update
2015-01-20 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.7.0-openjdk security update
2015-01-21 00:00:00
java-1.6.0-openjdk security update
2015-01-26 00:00:00
centos
centos
java security update
2015-01-21 05:35:44
java security update
2015-01-26 19:17:49
java security update
2015-01-21 05:42:52
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2015-01-24 17:32:04
debian
debian
[SECURITY] [DSA 3147-1] openjdk-6 security update
2015-01-30 15:57:44
[SECURITY] [DLA 157-1] openjdk-6 security update
2015-02-24 18:21:33
[SECURITY] [DSA 3144-1] openjdk-7 security update
2015-01-29 21:57:46
osv
osv
openjdk-6 - security update
2015-01-30 00:00:00
openjdk-6 - security update
2015-02-24 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2015-02-11 19:38:00
Critical: java-1.7.0-openjdk
2015-01-22 14:18:00
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-01-27 00:00:00
OpenJDK 7 vulnerabilities
2015-01-28 00:00:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-02-02 12:04:48
Security update for java-1_7_0-openjdk (important)
2015-03-16 12:05:47

5.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:P/A:C

JSON
Related for B8BB28CB59403D76B2A95C8494CFB748BC173FFC4D90F4B4EC299DE20491DE0A
ibm80f54nessus32openvas33vmware2threatpost1fedora3ubuntucve3cve4kaspersky1prion3zdt2packetstorm2veracode3debiancve3redhat4oraclelinux3centos4mageia1debian3osv2amazon2ubuntu2suse2