There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Directory Server (SDS).
CVEID: CVE-2018-3180 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded, JRockit JSSE component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and low availability impact.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/151497> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
CVEID: CVE-2018-1890 DESCRIPTION: IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/152081> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)
Product | Product Version | Java Version |
---|---|---|
IBM Security Directory Server | 6.4 - 6.4.0.17 | 8.0.5.29 & below |
Product | Product VRMF | Java VRMF | Remediation |
---|---|---|---|
IBM Security Directory Server | 6.4.0.18 | 8.0.5.30 | 8.0.5.30-ISS-JAVA-FP0030 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security directory server | eq | 6.4 |