Lucene search

IBMBC088E130E96BA027D5E51B4B16DEF5EA4464B9233FCC400D67C0A4F90975B07

HistoryJun 18, 2018 - 1:31 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK 7 affect IBM Systems Director (CVE-2015-4872 CVE-2015-4840 CVE-2015-4903 )

2018-06-1801:31:23

www.ibm.com

0.009 Low

EPSS

Percentile

82.5%

JSON

Summary

There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Systems Director . These issues were disclosed as part of the IBM Java SDK updates in October 2015.

Vulnerability Details

CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability related to the Security component has no confidentiality impact, partial integrity impact, and no availability impact.CVSS
Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107361 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-4840 DESCRIPTION: An unspecified vulnerability related to the 2D component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107353 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-4903 DESCRIPTION: An unspecified vulnerability related to the RMI component could allow a remote attacker to obtain sensitive information.CVSS
Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/107357 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Affected Products and Versions

From the IBM System Director command line enter smcli lsver to determine the level of IBM System Director installed.

IBM Systems Director:

5.2.x.x
6.1.x.x
6.2.0.x
6.2.1.x
6.3.0.0
6.3.1.x
6.3.2.x
6.3.3.x
6.3.5.0
6.3.6.0
6.3.7.0

Remediation/Fixes

For Releases 5.2.x.x, 6.1.x.x , 6.2.x.x , 6.3.0.0 to 6.3.3.x IBM recommends upgrading to a fixed, supported version of the product.

Follow the instructions mentioned under http://www-947.ibm.com/support/entry/portal/support/ and search for Tech note 767946525 to apply the fix for releases:

6.3.5.0
6.3.6.0
6.3.7.0

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm systems directoreqany

CPE	Name	Operator	Version
	ibm systems director	eq	any

0.009 Low

EPSS

Percentile

82.5%

JSON

Related for BC088E130E96BA027D5E51B4B16DEF5EA4464B9233FCC400D67C0A4F90975B07