5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
81.8%
There is vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.1.10 and earlier that is used by IMS™ Enterprise Suite: SOAP Gateway, Connect API for Java, Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates for October 2015.
CVEID: CVE-2015-4872** **
DESCRIPTION: An invalid (too short) RSA key might be accepted under certain circumstances.
The fix ensures that invalid RSA keys are rejected correctly.
This issue affects Java deployments which use SSL/TLS communication and/or the java.security.cert.CertPath API. The only solution is to upgrade the JRE.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Explorer for Development of the IMS™ Enterprise Suite Versions 3.2 and earlier.
Connect API for Java component of the IMS™ Enterprise Suite Versions 3.2 and earlier.
The SOAP Gateway component of the IMS™ Enterprise Suite Versions 3.1 and earlier…
Fixes
Product
|
VRMF
|
APAR
| Download URL
—|—|—|—
IMS Enterprise Suite Explorer for Development V3.2
|
3.2.1.0
|
N/A
| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
IMS Enterprise Suite Connect API for Java V3.1
|
3.1.0.8
|
N/A
| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.
IMS Enterprise Suite Connect API for Java V3.2
|
3.2.0.1
|
_ _
N/A
| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.
IMS Enterprise Suite SOAP Gateway V3.1
|
3.1.0.4
|
N/A
| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.
CPE | Name | Operator | Version |
---|---|---|---|
ibm ims enterprise suite for z/os | eq | 3.2 |