IBMBF2D60114950512E0F3FEAD89E446861206018571958A4958505E3FEB29DAC64Security Bulletin: Multiple vulnerabilities in IBM® SDK Java™ affects IBM WebSphere Application Server that is bundled with SmartCloud Cost Management
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Summary
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM WebSphere Application Server. It is bundled and shipped with IBM SmartCloud Cost Management.
These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”.
Vulnerability Details
Review security bulletin Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)** **for vulnerability details and information about fixes.
Affected Products and Versions
Affected Principal Product and Version
| ** Affected Supporting Product and Version**
—|—
IBM SmartCloud Cost Management V2.1.0, V2.1.0.1| IBM WebSphere Application Server V7.0.0.19
IBM Tivoli Usage Accounting Manager V7.3| IBM WebSphere Application Server V7.0.0.11
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N