Lucene search

K
ibmIBMBA7DDF52CA98D664390133915CDD092BBB639AEA4E911EB487134FB1F8A967A9
HistoryMay 17, 2019 - 6:35 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Access Manager for Enterprise Single Sign-On

2019-05-1706:35:01
www.ibm.com
33

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Summary

These issues were also addressed by IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On.

Vulnerability Details

CVEID: CVE-2019-2684 DESCRIPTION: An unspecified vulnerability related to the Java SE RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/159776 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

IBM Security Access Manager for Enterprise Single Sign-On 8.2.1, 8.2.2

Remediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by IBM WebSphere Application Server which is shipped with IBM Security Access Manager for Enterprise Single Sign-On.

Principal Product and Version(s) Affected Supporting Product and Version Affected Supporting Product Security Bulletin
IBM Security Access Manager for Enterprise Single Sign-On 8.2.1 IBM WebSphere Application Server 8.5 Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2019 CPU
IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 IBM WebSphere Application Server 8.5 Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2019 CPU

Workarounds and Mitigations

None

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for BA7DDF52CA98D664390133915CDD092BBB639AEA4E911EB487134FB1F8A967A9