Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBB0EB38A592AB2649D1917AF112EE190EA4BF664AC07FB1463EA8F39EE61007D
HistoryJun 01, 2022 - 1:05 p.m.

Security Bulletin: Vulnerability in IBM Java SDK affect IMS™ Enterprise Suite: SOAP Gateway, Connect API for Java, Explorer for Development (CVE-2015-4872).

2022-06-0113:05:44
www.ibm.com
12

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON

Summary

There is vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.1.10 and earlier that is used by IMS™ Enterprise Suite: SOAP Gateway, Connect API for Java, Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates for October 2015.

Vulnerability Details

CVEID: CVE-2015-4872** **
DESCRIPTION: An invalid (too short) RSA key might be accepted under certain circumstances.
The fix ensures that invalid RSA keys are rejected correctly.
This issue affects Java deployments which use SSL/TLS communication and/or the java.security.cert.CertPath API. The only solution is to upgrade the JRE.

CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Explorer for Development of the IMS™ Enterprise Suite Versions 3.2 and earlier.
Connect API for Java component of the IMS™ Enterprise Suite Versions 3.2 and earlier.
The SOAP Gateway component of the IMS™ Enterprise Suite Versions 3.1 and earlier…

Remediation/Fixes

Fixes

Product

|

VRMF

|

APAR

| Download URL
—|—|—|—

IMS Enterprise Suite Explorer for Development V3.2

|

3.2.1.0

|

N/A

| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite

IMS Enterprise Suite Connect API for Java V3.1

|

3.1.0.8

|

N/A

| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.

IMS Enterprise Suite Connect API for Java V3.2

|

3.2.0.1

|

_ _
N/A

| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.

IMS Enterprise Suite SOAP Gateway V3.1

|

3.1.0.4

|

N/A

| https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=swg-imsentersuite
Please follow the instructions on the download site to get the updated Java.

CPENameOperatorVersion
ibm ims enterprise suite for z/oseq3.2

Related

ibm 100
f5 2
debiancve 1
cve 1
prion 1
ubuntucve 1
nessus 30
redhat 6
veracode 12
ubuntu 1
oraclelinux 3
centos 3
openvas 27
debian 1
amazon 2
suse 7
mageia 1
ibm
ibm
Security Bulletin: Vulnerability in IBM Java SDK affect Rational Automation Framework (CVE-2015-4872)
2018-06-17 05:10:30
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM WebSphere Appliance Management Center (CVE-2015-4872)
2018-06-15 07:04:15
Security Bulletin: A vulnerability in IBM Java SDK affects IBM PureApplication System. (CVE-2015-4872)
2018-06-15 07:05:23
f5
f5
K93203055 : Java vulnerability CVE-2015-4872
2015-11-20 00:00:00
SOL93203055 - Java vulnerability CVE-2015-4872
2015-11-20 00:00:00
debiancve
debiancve
CVE-2015-4872
2015-10-21 23:59:00
cve
cve
CVE-2015-4872
2015-10-21 23:59:00
prion
prion
Design/Logic Flaw
2015-10-21 23:59:00
ubuntucve
ubuntucve
CVE-2015-4872
2015-10-21 00:00:00
nessus
nessus
Oracle JRockit R28 < R28.3.8 Multiple Vulnerabilities (October 2015 CPU)
2015-10-21 00:00:00
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2015:2518)
2015-11-30 00:00:00
Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20151118)
2015-11-19 00:00:00
redhat
redhat
(RHSA-2015:2518) Important: java-1.5.0-ibm security update
2015-11-25 00:00:00
(RHSA-2015:2508) Critical: java-1.6.0-ibm security update
2015-11-23 00:00:00
(RHSA-2015:2086) Important: java-1.6.0-openjdk security update
2015-11-18 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 05:19:47
Unspecified Vulnerability
2019-05-02 05:19:47
Authentication Bypass
2019-05-02 05:19:33
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2015-12-03 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2015-11-18 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
java-1.7.0-openjdk security update
2015-10-21 00:00:00
centos
centos
java security update
2015-11-18 19:46:16
java security update
2015-10-21 23:14:14
java security update
2015-10-21 23:24:30
openvas
openvas
RedHat Update for java-1.6.0-openjdk RHSA-2015:2086-01
2015-11-19 00:00:00
CentOS: Security Advisory for java (CESA-2015:2086)
2021-04-21 00:00:00
Debian: Security Advisory (DLA-346-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 346-1] openjdk-6 security update
2015-11-24 08:56:52
amazon
amazon
Important: java-1.6.0-openjdk
2015-12-14 10:00:00
Critical: java-1.7.0-openjdk
2015-10-27 13:52:00
suse
suse
Security update for java-1_7_0-openjdk (important)
2015-11-02 17:11:48
Security update for java-1_7_0-openjdk (important)
2015-11-02 16:34:56
Security update for java-1_7_0-openjdk (important)
2015-11-04 16:14:26
mageia
mageia
Updated java-1.8.0-openjdk packages fix security vulnerabilities
2015-10-25 19:34:48

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for BB0EB38A592AB2649D1917AF112EE190EA4BF664AC07FB1463EA8F39EE61007D
ibm100f52debiancve1cve1prion1ubuntucve1nessus30redhat6veracode12ubuntu1oraclelinux3centos3openvas27debian1amazon2suse7mageia1