Lucene search

K
ibmIBMC05450FFDB392481643414F88F9150BF56385662E006B27CB5BA3386DA5295BC
HistoryAug 19, 2022 - 11:26 p.m.

Security Bulletin: Multiple vulnerabilities in the IBM SDK for Java™ Technology Edition January 2015 CPU affect WebSphere Business Services Fabric

2022-08-1923:26:06
www.ibm.com
5

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.975 High

EPSS

Percentile

100.0%

Summary

There are multiple vulnerabilities in IBM® SDK for Java™ Technology Edition that is used by WebSphere Business Services Fabric. These issues were disclosed as part of the IBM SDK for Java™ Technology Edition updates in January 2015.

Vulnerability Details

CVEID: CVE-2014-3566 DESCRIPTION: Multiple products could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and calculate the plaintext of secure connections.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97013 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVEID: CVE-2014-6593**
DESCRIPTION:** An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100153 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-0400**
DESCRIPTION:** An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100149 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVEID: CVE-2015-0410**
DESCRIPTION:** An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/100151 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

  • IBM WebSphere Business Services Fabric Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x
  • IBM WebSphere Business Services Fabric for z/OS Versions 6.0.0, 6.0.2, 6.1.0, 6.1.2, 6.2.x, 7.0.x

Remediation/Fixes

Install WebSphere Application Server interim fixes as appropriate for your current WebSphere Business Services Fabric version as described in the Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU document.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_business_modelerMatch7.0.0.3
OR
ibmwebsphere_business_modelerMatch7.0.0.2
OR
ibmwebsphere_business_modelerMatch7.0.0.1
OR
ibmwebsphere_business_modelerMatch7.0
OR
ibmwebsphere_business_modelerMatch6.2.0.2
OR
ibmwebsphere_business_modelerMatch6.2.0.1
OR
ibmwebsphere_business_modelerMatch6.2
OR
ibmwebsphere_business_modelerMatch6.1.2
OR
ibmwebsphere_business_modelerMatch6.1
OR
ibmwebsphere_business_modelerMatch6.0.2
OR
ibmwebsphere_business_modelerMatch6.0

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.975 High

EPSS

Percentile

100.0%