DATABASE RESOURCES PRICING ABOUT US

{"id": "C43D2CB156B7BD39FC113EAD22568306F95463D3E29CC3A697EB085F142533BB", "vendorId": null, "type": "ibm", "bulletinFamily": "software", "title": "Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities", "description": "## Summary\n\nSecurity vulnerabilities have been addressed in IBM Cognos Analytics 11.0.13 FP4. These vulnerabilities have also been addressed in previous versions of IBM Cognos Analytics 11.1.x . \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-12402](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165956>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4520](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4520>) \n** DESCRIPTION: **IBM Cognos Analytics could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182395](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182395>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4730](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4730>) \n** DESCRIPTION: **IBM Cognos Analytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) \n \n** CVEID: **[CVE-2019-12086](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-4471](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4471>) \n** DESCRIPTION: **IBM Cognos Analytics could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for a sensitive cookie in an HTTPS session. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163780](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163780>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14060](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183422>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4305](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4305>) \n** DESCRIPTION: **IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information caused by the improper setting of a cookie. IBM X-Force ID: 160951. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160951](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160951>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4724](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4724>) \n** DESCRIPTION: **IBM Cognos Analytics could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Content Backup page. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172130](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172130>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-12814](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12814>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue. By sending a specially-crafted JSON message, an attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/162875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/162875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4354](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4354>) \n** DESCRIPTION: **IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178506](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178506>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-17267](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267>) \n** DESCRIPTION: **FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-4329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4653](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4653>) \n** DESCRIPTION: **IBM Cognos Analytics is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. \nCVSS Base score: 5.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170964](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170964>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-4722](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4722>) \n** DESCRIPTION: **IBM Cognos Analytics could allow a remote attacker to obtain sensitive information via a stack trace due to mishandling of certain error conditions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172128](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172128>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4561](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4561>) \n** DESCRIPTION: **IBM Cognos Analytics DQM API allows submitting of all control requests in unauthenticated sessions. This allows a remote attacker who can access a valid CA endpoint to read and write files to the Cognos Analytics system. \nCVSS Base score: 10 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2593>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-4732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4732>) \n** DESCRIPTION: **IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-4441](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4441>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and Liberty could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 163177. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163177](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163177>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-4300](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4300>) \n** DESCRIPTION: **IBM Cognos Analytics is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176607](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176607>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L) \n \n** CVEID: **[CVE-2020-9546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14892](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14892>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using commons-configuration 1 and 2 JNDI classes. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177106](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177106>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14893](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using the xalan JNDI gadget. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12406](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12406>) \n** DESCRIPTION: **Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/170974](<https://exchange.xforce.ibmcloud.com/vulnerabilities/170974>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2017-18214](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18214>) \n** DESCRIPTION: **Node.js moment module is vulnerable to a denial of service. A remote attacker could exploit this vulnerability to cause a low severity regular expression denial of service. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/135364](<https://exchange.xforce.ibmcloud.com/vulnerabilities/135364>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-11771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2018-15494](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15494>) \n** DESCRIPTION: **Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the DataGrid component. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148556](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148556>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-14379](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SubTypeValidator.java. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-16942](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the commons-dbcp class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-1547](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547>) \n** DESCRIPTION: **OpenSSL could allow a local authenticated attacker to obtain sensitive information, caused by the ability to construct an EC group missing the cofactor using explicit parameters instead of using a named curve. An attacker could exploit this vulnerability to obtain full key recovery during an ECDSA signature operation. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167020](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167020>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-1549](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to include protection in the event of a fork() system call to ensure that the parent and child processes do not share the same RNG state. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167021](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167021>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-1563](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in PKCS7_dataDecode and CMS_decrypt_set1_pkey. By sending an overly large number of messages to be decrypted, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167022>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-8141](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8141>) \n** DESCRIPTION: **Node.js dot package could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Function(). By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8840](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840>) \n** DESCRIPTION: **Multiple Huawei products could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data without proper validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-11771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11771>) \n** DESCRIPTION: **Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the inclusion of unused RPATHS in AIX builds. An attacker could exploit this vulnerability to inject code and gain elevated privileges on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163989>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-2762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2769](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163878](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163878>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-4473](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4473>) \n** DESCRIPTION: **Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-11113](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10969](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178546>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-20190](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20190>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to a class(es) of JDK Swing. By sending a specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195243](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195243>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10086](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2016-1000031](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20330](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330>) \n** DESCRIPTION: **A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173897](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173897>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-2964](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2964>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169270](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169270>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2973](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2973>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169279](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169279>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2978](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2978>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2981](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2981>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169287](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169287>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2983](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2983>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169289](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169289>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2989](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2989>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169295>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-4723](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4723>) \n** DESCRIPTION: **IBM Cognos Analytics could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings in New Data Server Connection page. \nCVSS Base score: 4.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172129](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172129>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Analytics 11.1 \n\n\nIBM Cognos Analytics 11.0\n\n## Remediation/Fixes\n\n**For IBM Cognos Analytics 11.1.x : **\n\nThe listed vulnerabilities have been addressed in previously released versions of IBM Cognos Analytics 11.1.x .The recommended solution is to apply the latest available fix for the version as soon as practical.\n\n[IBM Cognos Analytics 11.1.7 FP2](<https://www.ibm.com/support/pages/ibm-cognos-analytics-1117-fix-pack-2> \"IBM Cognos Analytics 11.1.7 FP2\" )\n\n**For IBM Cognos Analytics 11.0.x:**\n\nThe recommended solution is to apply the latest available version of IBM Cognos Analytics 11.0.x.\n\n[IBM Cognos Analytics 11.0.13 Fix Pack 4](<https://www.ibm.com/support/pages/node/6402561> \"IBM Cognos Analytics 11.0.13 Fix Pack 4\" )\n\n**IBM Cognos Analytics in Cloud**\n\nAll applicable vulnerabilities have been addressed on IBM Cognos Analytics Cloud environments and no further action is required.\n\n## Workarounds and Mitigations\n\nNone \n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[IBM Java SDK Security Bulletin (July 2020)](<https://www.ibm.com/support/pages/node/6256562> \"\" )\n\n[IBM Java SDK Security Bulletin (April 2020)](<https://www.ibm.com/support/pages/node/6206154> \"\" )\n\n[IBM Java SDK Security Bulletin (January 2020)](<https://www.ibm.com/support/pages/node/5736807> \"\" )\n\n[IBM Java SDK Security Bulletin (October 2019)](<https://www.ibm.com/support/pages/node/1120071> \"\" )\n\n## Acknowledgement\n\n## Change History\n\n28 May 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTSF6\",\"label\":\"IBM Cognos Analytics\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"11.1, 11.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "published": "2021-05-28T22:23:43", "modified": "2021-05-28T22:23:43", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "baseScore": 8.3}, "severity": "HIGH", "exploitabilityScore": 8.6, "impactScore": 8.5, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 6.0}, "href": "https://www.ibm.com/support/pages/node/6451705", "reporter": "IBM", "references": [], "cvelist": ["CVE-2016-1000031", "CVE-2017-18214", "CVE-2018-11771", "CVE-2018-15494", "CVE-2019-10086", "CVE-2019-11771", "CVE-2019-12086", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-16942", "CVE-2019-17267", "CVE-2019-20330", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-2949", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2989", "CVE-2019-4305", "CVE-2019-4441", "CVE-2019-4471", "CVE-2019-4473", "CVE-2019-4653", "CVE-2019-4722", "CVE-2019-4723", "CVE-2019-4724", "CVE-2019-4730", "CVE-2019-4732", "CVE-2020-10969", "CVE-2020-11113", "CVE-2020-14060", "CVE-2020-14062", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2830", "CVE-2020-4300", "CVE-2020-4329", "CVE-2020-4354", "CVE-2020-4520", "CVE-2020-4561", "CVE-2020-8141", "CVE-2020-8840", "CVE-2020-9546", "CVE-2021-20190"], "immutableFields": [], "lastseen": "2022-10-01T01:53:26", "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["JAVA_APR2020_ADVISORY.ASC", "JAVA_JAN2020_ADVISORY.ASC", "JAVA_JULY2019_ADVISORY.ASC", "JAVA_JULY2020_ADVISORY.ASC", "OPENSSL_ADVISORY31.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:1644"]}, {"type": "amazon", "idList": ["ALAS-2019-1268", "ALAS-2019-1269", "ALAS-2020-1330", "ALAS-2020-1344", "ALAS-2020-1345", "ALAS-2020-1354", "ALAS-2020-1365", "ALAS-2020-1434", "ALAS2-2019-1246", "ALAS2-2019-1268", "ALAS2-2019-1269", "ALAS2-2019-1316", "ALAS2-2019-1372", "ALAS2-2020-1387", "ALAS2-2020-1395", "ALAS2-2020-1396", "ALAS2-2020-1403", "ALAS2-2020-1406", "ALAS2-2020-1410", "ALAS2-2020-1421", "ALAS2-2020-1424", "ALAS2-2020-1456", "ALAS2-2020-1464", "ALAS2-2020-1491"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-20722", "ATLASSIAN:CRUC-8382", "ATLASSIAN:FE-7164", "ATLASSIAN:FE-7345", "ATLASSIAN:JRASERVER-70971", "CRUC-8382", "FE-7164", "FE-7345", "JRASERVER-70971", "JRASERVER-73244"]}, {"type": "attackerkb", "idList": ["AKB:8AA21692-1900-4944-98AB-BEC257302198", "AKB:D2A597A3-7440-4A06-A6A8-A03D0D606E4D", "AKB:F2D4025C-F05C-4176-8CD8-E725997B20B8"]}, {"type": "centos", "idList": ["CESA-2019:1810", "CESA-2019:1811", "CESA-2019:1815", "CESA-2019:1839", "CESA-2019:1840", "CESA-2019:3127", "CESA-2019:3128", "CESA-2019:3136", "CESA-2019:3157", "CESA-2019:3158", "CESA-2020:0122", "CESA-2020:0157", "CESA-2020:0194", "CESA-2020:0196", "CESA-2020:0541", "CESA-2020:0632", "CESA-2020:1506", "CESA-2020:1507", "CESA-2020:1508", "CESA-2020:1509", "CESA-2020:1512", "CESA-2020:2968", "CESA-2020:2969", "CESA-2020:2985"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2018-1066", "CPAI-2019-0232", "CPAI-2020-1346"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisco", "idList": ["CISCO-SA-20181107-STRUTS-COMMONS-FILEUPLOAD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:5EA35272975027EBFB62DFE2535B7B4B", "CFOUNDRY:79AEA0CB72178344BEE07C9B9FEA86F0", "CFOUNDRY:DBBC716FD85510861511BDE10DD24963"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1661176564"]}, {"type": "cve", "idList": ["CVE-2016-1000031", "CVE-2017-18214", "CVE-2018-11771", "CVE-2018-15494", "CVE-2019-10086", "CVE-2019-10202", "CVE-2019-11771", "CVE-2019-12086", "CVE-2019-12402", "CVE-2019-12406", "CVE-2019-12814", "CVE-2019-14379", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-16942", "CVE-2019-17267", "CVE-2019-20330", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-2949", "CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2989", "CVE-2019-4305", "CVE-2019-4441", "CVE-2019-4471", "CVE-2019-4473", "CVE-2019-4653", "CVE-2019-4722", "CVE-2019-4723", "CVE-2019-4724", "CVE-2019-4730", "CVE-2019-4732", "CVE-2020-10969", "CVE-2020-11113", "CVE-2020-14060", "CVE-2020-14062", "CVE-2020-14338", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2601", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2830", "CVE-2020-4300", "CVE-2020-4329", "CVE-2020-4354", "CVE-2020-4520", "CVE-2020-4561", "CVE-2020-8141", "CVE-2020-8840", "CVE-2020-9546", "CVE-2021-20190"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1492-1:295A9", "DEBIAN:DLA-1798-1:61C44", "DEBIAN:DLA-1798-1:E389B", "DEBIAN:DLA-1831-1:3FBA4", "DEBIAN:DLA-1831-1:5617B", "DEBIAN:DLA-1879-1:41860", "DEBIAN:DLA-1886-1:1F7C1", "DEBIAN:DLA-1886-1:800E7", "DEBIAN:DLA-1896-1:572E2", "DEBIAN:DLA-1896-1:853E6", "DEBIAN:DLA-1932-1:82F68", "DEBIAN:DLA-1932-1:8690A", "DEBIAN:DLA-1943-1:5F5AB", "DEBIAN:DLA-1943-1:9AD98", "DEBIAN:DLA-2023-1:1648B", "DEBIAN:DLA-2023-1:974CB", "DEBIAN:DLA-2030-1:DE561", "DEBIAN:DLA-2030-1:F7B6F", "DEBIAN:DLA-2111-1:8FC8D", "DEBIAN:DLA-2111-1:E5D8F", "DEBIAN:DLA-2128-1:493E1", "DEBIAN:DLA-2128-1:E0A22", "DEBIAN:DLA-2135-1:08B42", "DEBIAN:DLA-2135-1:92903", "DEBIAN:DLA-2179-1:B7152", "DEBIAN:DLA-2179-1:DDD4A", "DEBIAN:DLA-2193-1:EADDD", "DEBIAN:DLA-2270-1:4546C", "DEBIAN:DLA-2270-1:A2D41", "DEBIAN:DLA-2325-1:3ADA8", "DEBIAN:DLA-2325-1:AE4C3", "DEBIAN:DLA-2638-1:5B442", "DEBIAN:DLA-2638-1:AB692", "DEBIAN:DSA-4452-1:F65D2", "DEBIAN:DSA-4485-1:63763", "DEBIAN:DSA-4486-1:B09C5", "DEBIAN:DSA-4539-1:42F6F", "DEBIAN:DSA-4540-1:F4ED8", "DEBIAN:DSA-4542-1:03F2D", "DEBIAN:DSA-4542-1:432E5", "DEBIAN:DSA-4546-1:99674", "DEBIAN:DSA-4548-1:39CE3", "DEBIAN:DSA-4605-1:EA4B2", "DEBIAN:DSA-4621-1:E16D0", "DEBIAN:DSA-4662-1:57790", "DEBIAN:DSA-4668-1:C5B44", "DEBIAN:DSA-4734-1:B2386"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-1000031", "DEBIANCVE:CVE-2017-18214", "DEBIANCVE:CVE-2018-11771", "DEBIANCVE:CVE-2018-15494", "DEBIANCVE:CVE-2019-10086", "DEBIANCVE:CVE-2019-12086", "DEBIANCVE:CVE-2019-12402", "DEBIANCVE:CVE-2019-12814", "DEBIANCVE:CVE-2019-14379", "DEBIANCVE:CVE-2019-14892", "DEBIANCVE:CVE-2019-14893", "DEBIANCVE:CVE-2019-1547", "DEBIANCVE:CVE-2019-1549", "DEBIANCVE:CVE-2019-1563", "DEBIANCVE:CVE-2019-16942", "DEBIANCVE:CVE-2019-17267", "DEBIANCVE:CVE-2019-20330", "DEBIANCVE:CVE-2019-2762", "DEBIANCVE:CVE-2019-2769", "DEBIANCVE:CVE-2019-2816", "DEBIANCVE:CVE-2019-2949", "DEBIANCVE:CVE-2019-2964", "DEBIANCVE:CVE-2019-2973", "DEBIANCVE:CVE-2019-2978", "DEBIANCVE:CVE-2019-2981", "DEBIANCVE:CVE-2019-2983", "DEBIANCVE:CVE-2019-2989", "DEBIANCVE:CVE-2020-10969", "DEBIANCVE:CVE-2020-11113", "DEBIANCVE:CVE-2020-14060", "DEBIANCVE:CVE-2020-14062", "DEBIANCVE:CVE-2020-14577", "DEBIANCVE:CVE-2020-14578", "DEBIANCVE:CVE-2020-14579", "DEBIANCVE:CVE-2020-14621", "DEBIANCVE:CVE-2020-2590", "DEBIANCVE:CVE-2020-2593", "DEBIANCVE:CVE-2020-2601", "DEBIANCVE:CVE-2020-2654", "DEBIANCVE:CVE-2020-2754", "DEBIANCVE:CVE-2020-2755", "DEBIANCVE:CVE-2020-2756", "DEBIANCVE:CVE-2020-2757", "DEBIANCVE:CVE-2020-2781", "DEBIANCVE:CVE-2020-2800", "DEBIANCVE:CVE-2020-2830", "DEBIANCVE:CVE-2020-8141", "DEBIANCVE:CVE-2020-8840", "DEBIANCVE:CVE-2020-9546", "DEBIANCVE:CVE-2021-20190"]}, {"type": "f5", "idList": ["F5:K01106224", "F5:K15320518", "F5:K25206238", "F5:K26555255", "F5:K41913011", "F5:K44070243", "F5:K51591999", "F5:K54213762", "F5:K55053009", "F5:K55136511", "F5:K62103028", "F5:K64928095", "F5:K73422160", "F5:K85742355", "F5:K91117041", "F5:K95453343", "F5:K97324400"]}, {"type": "fedora", "idList": ["FEDORA:0730C6051059", "FEDORA:0D4A66058533", "FEDORA:18A7960877B3", "FEDORA:25EFF30D8E39", "FEDORA:26A3B606353E", "FEDORA:277F560476FA", "FEDORA:2ED3A6058506", "FEDORA:30E656126A67", "FEDORA:3A8E53113E9B", "FEDORA:3F8B2606CFA7", "FEDORA:45E8A60321BE", "FEDORA:4D359608778C", "FEDORA:4FB5560427DA", "FEDORA:53C3261278CC", "FEDORA:5E5506051725", "FEDORA:6F5D4605A6B2", "FEDORA:758FA61278EA", "FEDORA:772A7605712B", "FEDORA:7CFF660874FE", "FEDORA:882916051CFA", "FEDORA:929076060E6D", "FEDORA:A09EE6087595", "FEDORA:A3E68610D7CA", "FEDORA:A8ABE60560A2", "FEDORA:AE8886060E81", "FEDORA:BA292604B38E", "FEDORA:BFF95608779F", "FEDORA:C91E46060E8C", "FEDORA:D0EEB329B7C6", "FEDORA:D3F4E61F0A04", "FEDORA:D5B9832944F0", "FEDORA:D948D608771F", "FEDORA:DA60861278C0", "FEDORA:DDF27606E7CA", "FEDORA:E5CE8640A272", "FEDORA:EF5B36120D8F", "FEDORA:F015D61278C8", "FEDORA:F22596075DBD"]}, {"type": "freebsd", "idList": ["10E3ED8A-DB7F-11EA-8BDF-643150D3111D", "21D59EA3-8559-11EA-A5E2-D4C9EF517024", "9E0C6F7A-D46D-11E9-A1C7-B499BAEBFEAF", "A6CF65AD-37D2-11EA-A1C7-B499BAEBFEAF", "BD159669-0808-11EB-A3A4-0019DBB15B3F", "C1265E85-7C95-11E7-93AF-005056925DB4", "D70C9E18-F340-11E8-BE46-0019DBB15B3F"]}, {"type": "gentoo", "idList": ["GLSA-201911-04", "GLSA-202006-22", "GLSA-202008-24", "GLSA-202101-19", "GLSA-202209-15"]}, {"type": "github", "idList": ["GHSA-297X-8XJ4-VCXV", "GHSA-446M-MV8F-Q348", "GHSA-4W82-R329-3Q67", "GHSA-53X6-4X5P-RRVV", "GHSA-58P8-9G59-Q2HR", "GHSA-5949-RW7G-WX7W", "GHSA-5P34-5M6P-P58G", "GHSA-5WW9-J83M-Q7QX", "GHSA-6FPP-RGJ9-8RWC", "GHSA-6PHF-73Q6-GH87", "GHSA-758M-V56V-GRJ4", "GHSA-7X9J-7223-RG5M", "GHSA-84CM-X2Q5-8225", "GHSA-9VVP-FXW6-JCXR", "GHSA-C265-37VJ-CWCC", "GHSA-CF6R-3WGC-H863", "GHSA-CMFG-87VQ-G5G4", "GHSA-F3J5-RMMP-3FC5", "GHSA-GWW7-P5W4-WRFV", "GHSA-HRMR-F5M6-M9PQ", "GHSA-J823-4QCH-3RGM", "GHSA-MX7P-6679-8G3Q", "GHSA-QMQC-X3R4-6V39", "GHSA-W4JQ-QH47-HVJQ"]}, {"type": "githubexploit", "idList": ["3A4AAB02-CCAA-51EA-8324-41D2F506E5A2", "3BE6C242-DF61-5FB1-AF29-941FEF80A127", "5EDF02C1-5DDC-5B0E-BF23-677048091107", "95E9031F-A021-5296-ADC3-71E43A95A049", "B4CCD6DC-671B-58FE-9826-B4F9C361A650"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200610-01-FASTJASON", "HUAWEI-SA-20200722-01-JSON"]}, {"type": "ibm", "idList": ["005BEBF506CCF33E4F5413948FD5D525CD71253A26E30C58CD0892DC694DCDEB", "0076A42200CA79BB4F38036CC5133B052749C172669E11C84EDFD56B71758FB7", "008B0D501A1CB8226ABFE1582856F4EF756D398AE0B7847587583CD244F7DABA", "00EF24AD7F1E1413A0AFDCF92DF50FDAF033030148B0E6912A77A61D879692D4", "01BAD5183A1A9316D2E815F9EE5B380900016BB451F5B507CB87FB2DD0843B17", "01D5910DF84D54BE1E6CC202E786D0A9A848F723AB639F74679C5DDB15761610", "021D820AD16A576E5FDD576972F5D4413AAA3EEB77F2CE672632AF14321E859E", "02372BB95E80FEBB3F4C0EDDB60D767813459FF5F1AA49CA993E9AF801012934", "02FD10030B8366010758D75673B2286A0CD064A8561853F6F314CF7B7BC8B298", "0325674816C69B1F0E9250DD7785E4BA14A44726DE4AB580123B6BB10C66304B", "03556BA00A297388EE7761F7750627BF8B1C2010B4575F6F1F3EC2A2EFF18E66", "0379C9040F7E8982FD18FFF1727FD0676E6F3BCB92CA33BC6BBB1D9F7F79D8B4", "037DC92C3964B9BE83FE00549FB0CE6C44ACB2D76406400ED57CA4D310EF3538", "038FC6FC32ADA76051B86D8EC9A28BCB8180BA43C6D4FE4B024AAB068E75C977", "039E5092DFA0381EF116954A3BC7F449C092196DBDFB4D2B4817918324BA8B1C", "03A21E2CEB2AE80B0CB3845788EE2C252B219A2161281A588F3A3FABD346F890", "03BD9C6A634D56977256D0EB02550574DC21A677D8E08EEB57FD8C5F206D469F", "044165EE232CC81442DA70BD26B04FAFF8E3B4BF88F8CEC52534CD79809DF1A8", "049759B1D5421ABE3E83A71D032E850BC0F5FD7B89FF7113E36CC5FC4AD7ACBD", "053C6BABA42DFA7FDEFCC4DD0B963FFE1384C9C0AD1C3F61F96CCC0DD6CB0DBB", "05EBC3EA4B66B19728BB66D5DC71F429C8B7233EC5AC3CB0DA401B57D74514F3", "05FA7A6FECA57F2CDC18AA8601FFE769F365C89CA7A8A4A64C71821B699FCBCE", "060AB19AD695C599AF3E58AA2203A86F00B0AC7994445445EFA458E68E516566", "07988475CE9095B9471700FFB4FFB199A58AB32837E3178BE094D53E97B8461A", "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "0836ECB1FD0E0AA5DF87295E28498227D24010D9527657984675E9209703BB86", "08382CF5553CB60BBAC21C338E155F745267EB1822043DBC4403188C9FB0BBB6", "089B564037CD6CBF124F570A0074A8E6C37E90240BCF8C5297D2EBD444E34F18", "090201D26BDAF2ACEC4F343501E455D1CE05BA4B3F26626C1B305BD1F8F8E230", "097574DBE8B129258FECCD686F9A79FB39E53849649280ABF8D520CC498C4166", "09ABABD524310CB6F76FB7F0A80C1126E5C6C8D3D87340E9CEF6A3A6B1C34C3C", "09B467A690A375FEDE58982F66B115C3C14F7CA2BBD41FF09935D70B60A8DE19", "0A21DD909D351941C52872A568A2A4CF8166D424D0794E2540A61F620D9AAB72", "0A5B13C8983BE4491518367535A0427B2CBE5B0B75C8384C4657D2E9D8B12509", "0AF44030170DD5D957DFDF43A4F1F6D53BF74A36302A9511410AF5585710B3E1", "0AF4568867479D47E4352B7E039C8B495FFD7D263FC7B6E5D521CCBE61FFC605", "0B09741FE06E2E625FB963A5453D96B370F6DAD3A083406E8DC077D44E61E93F", "0B514A4D985C804E9D871718A449B020E5562B0C9B2D2EEC8954ED21993BE345", "0B5B5926FEA915F4A87817295F9680EE2CD489066C2233DBD1DE9415F3256752", "0C05EC9386B0ADD43379208AF170D4998F0E1EEB1750A287152B9742E29AD921", "0C0EA83E08C7ABD6E529887E7CCA2FD2C9F7688760B17A04B0D89D4DB8F1BF60", "0C672C2CC5F0C1F5FBB6D9826D4536D926D2BDDFD1227AF7577FD7287592B75C", "0CA122180FFBCE50BC034AB8F4162C49BBDAC371413884BCA8D7FC92D2846746", "0D52379972AC05F5FC604E8E8D08771C518A83622281FBBCB1618B17559FBE16", "0DA17C74C5124DBC27B216E034A4368ACA79BAC815F0F67CAF630F1E1A3F7D16", "0DD7AF43DE97763E0D93D1D019F9D4F482815C909438E3FDD9E285D6B2ED40B7", "0E26C1E75D33872AA23B4DD43BE3FF25AB4C9F6989E962CFE75A9AF9B6DFA28F", "0E85F055F69C36F1AFCDA9AA4C7476B24B7826864D94024DCA43C8F828A3D547", "0EA5DDF7D8ED330966222EC13380158E6377EB3E625758DBCE9B763B67A0B659", "0EC3EB1A4765F9C940914A7C89057639E72383731BE6502A92F0F01A42D0CB76", "0F460154E67E723D1B9349987EF6F5F6E8A468862976C7E2F903D6DAFBA1B854", "0F7D9DE1707D7D6C2B2883F5DE54F3D4D790F48177743DCC3A98112083E76EB7", "0FDDE6A08B461D29C2AE5E7667527E75DE2ADD7BD595A38370A51E3EB55E24EF", "101FF39CC211D0F2AAEA7FFDF01B21E485FFDBD3618EE94DC0F87A5FF85A750B", "105F2C7972D030B4E0E819EDBA43D49B4ACC5F7D13DBB5F0C81CDC066FAB98CF", "106AD49A338E7AC7F1FC75B40B662360FA7CA624A79EA47916C2CF681A2E59E6", "10FBEBB14A30BC73B75E0DF3E1AC14E07BC218A2AAE122217F23444AA2EEB55D", "1149BE00A7C05AD4DC5DF4BC6CE1153E5FA772FF33CAAC0512461F771BF4CB83", "11AC7F14B60A5C486180C6662F02676A29D51924B42EC510A55CFB87D09F8654", "11E3FAFA71BA3238580CD71A75578A0EC101F8076FB77EBE38261CC78640BB7E", "12389B125B8EA224F0AFE02F42609D024AA2ED38F652930C17331BAB5FE126D9", "126B68DF7D94FF4A271BD328B84B0F650FD1FEDE6DF7EA0D1451383DA938C9AB", "126E1024546918D07264839DD88F2FF75D58789A0F611D0689966886112B533B", "1292286F29372CD8F681A7B073DE92BE1736555827B7FF4E4ACCDF53A7880964", "1331C130BFA13DB642E8F77CF94F82A82ABD7E82C8F47A74C25626EEFC1FA2A6", "1348B69A5ADC5112122597252D83C7B174ADD281B98527A94A9CE731BF61639E", "1360BEF97E01B87A4E58CA581A1F32ECD385845F24783D4980B6E64F68F389FB", "1423E0FEA8FCE1DF46D9F62FDF7F0F14D3FA4A6D10B145FEDE4DB657FF9D3467", "142732D03AE7247F6EF67E3BCFBA5E05A0189509A419BAD40A8B8714DBE0191F", "145E025E365BDFC1A801DCAF334696FAA0743EACB2DD4B64DA5B90ECE492ABE2", "146E5B6C7DEF48D9B9132CEF69C4B99A3655374C8A833C5CDB62A212794B3988", "14C97104BCF75D000EB0338B3459ECEA0D1ADC44700E4D1225D84D331BF1A88C", "14CE1C0F0672808C0E65E21F3A2B51E9E6A07DE08545CA9662A13423765AA94B", "151664D44B7940A78C0F29EC88272FD346BD06DCBAFEA5C9CAD32616E0EB8352", "153E6A7F45307CFCCB059FF4B2B47706B9B7537249313FCA40E45F238F62CC08", "157962F9B3DB294165DFF14635E6089F37B7870F261E4208696A5FE06EE6F43C", "161108AA134D79208CDC97DC8C1767C247F27AFB996662C016C5FFA947B51754", "1684DEC3DF3BB9E78C84E76D9D7057965A40ADC07F69C113F4E928D34BF0D671", "16B325BD19C11B9C1DBDAC5CBC72FAD12F8C1EB443B234B8BB5473B4E91ED44A", "16BD53FF8D4AF4008A6B9480C8D62C5AECEF46E4F486EC150D2D9BBC2C7349FC", "16DB31010331CDA102555C2016C4A080DD57DFC6949CFC06DB82104E0598F7E9", "170E4063965BDD4021AA25E9D20451E46806FF23665DC84D00B99CA2E7852264", "17179127276D2C8BCC739D66B23A070D5DCF232A120A9E4EF31DA0C49E8077B9", "174AD4229520D17FD3E302574243012E743E274BE1688AE1FA8BDE962A334F94", "176E1428146C282D851E871707952C3F4A0C7904B6CABDA63202933EDFEB2384", "186A812EC8BE685A06A82835F2DB07583B9993F84BEE52B1FF4EC449933BE498", "1879325E67264056B58E8AD7F16855960BE3D80A459CF04AA2C576744065C438", "188E2EFC9960F668714D843E317115DF913F18A2FDCE258D3CD5B68DC806D78A", "18D984242422866F95B81DD465CAB967B26797D13E68A166EDB40E265805B71C", "18E3835EB48610335189B66CA3B787759BF28CEA62D84163A3574C70FFE6874A", "192CDA805E5F87481C341E0BFE5C832FE604B0303D069C5C770E80C302FE7C8A", "1A698BA7085BA7114DD0CA2CEAAF7FA830FC8173A70608E6F0C5E0CF3021C63E", "1A72C91F6CA7EEB9FAAA834618698CCB61EEC973896F1BBF5482067FC7922767", "1A7668E81452E83AB00678328095567DA17543F8BDE6DB1EE678E96C5B064FD6", "1AF10453648DF6E50FD13383CAC3354F1BE62A0DBDCD7504B40FFEBA471BA53F", "1B20B239AD3161EAA809736483E5A77E89C656E8407697D1F391193D09E07822", "1B8F0281E10790914D004D879AAA702629484840516238DECD288C5C4D9EB634", "1B99BE15EF0865EC7D6CAAD98E1510DF110D3FC32411F14658640A57804FCBB5", "1C1678518312F18585D48228E2C4D89CBF458CAF1277708839EA38E32D0F11E3", "1C2B1F5888896B1434C4030A2ECAD60A72F097817520C11E7B2E61D7CD497A9F", "1CA5EFFF48503220FA8729D288342161A3477C54DF435407E3869B260531E400", "1CD4A80A71C8103200D24FD5394261BBBA205B403AC752CFFC6262C21A8D7F6A", "1D05A0332E896B7A6810B94CB5E1D6F0DE542355F40E02D58EEAE6CEC0A8CCA5", "1D527A951F660BFCA1836671A2A328C87E8B448B01A672269419352520CFA6F1", "1DA2CBB07D7E2C540D55EE75A2FCF12E3A2EBC9BA0A28064A290348DCC390603", "1E11A560B12FED0B2DF738230CEC872A79F561FD6E506F62FE66CF1549D0BCE6", "1EB9F8573A9E928E14652E6C4EA6633663E35B33C744263304C0A5C14EC87569", "1F00311C133EFB9C8719841CB187257E5256EFA863E515FEA28336292A7471C0", "1FBC43AAFB30E12136CC1ABB390199FBDE2B41811DD6B2397DF817A0937D1741", "1FF9FFC202E7A0DBE1798988654CA7472D0F4D460298D2826B51237D13CD7881", "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "2063425609D95966977FEB1F3829088364199EF85CFE81CF93A7988478BD8C84", "20895B7F4EE20D27BA455BF8CEEBC16A47A46F3AE7F323DD812A3BEECC1B20E8", "209015250B80439611FDB1F1A2369A99A49321230511D7CABA730B14E74555E6", "20C726052D51A86CD6F33620FD422BF8D18C05D40FE11F0B4C3E8682BCB671EC", "20FC8D083652BD9620AA16329F2B0D169CF687E1B0F904A9AC013C7517AD365E", "217BB6C17A6FD504F278CE0259F71540873D9ACBEC02EC2F580CED3F0A79FB4A", "21A78502CF868CEFFA6DC5C776E16EE0EDF33BAA9E7F3DE611912CC218BF6C9D", "21B7941CECEBC809AE15F131699A6672CBFEB1364FE3E814F545573CB257B04F", "21D21B6B900E74036C37AA6199307658F5132BE9091971C8994946E3A890EE51", "2251A254E998CC9BF4ED4B2AA6CD412774544CEAEC44FFC10CE86D33B617D968", "22E530F1D70956F99F5FF9FEC58CF36BD3ECF051771DFFFD44F5E67BC973334F", "22EC3C3360B36DA03DEFC47DF7AA94018A0AC2E13D90F2B9F746B4F548BD4779", "22FE69B31A10A2D1A4C8753B638EBDDDA55E81977EC4563B990767DDEB64861F", "231658C132CC9B2BBB3F16825FEC540A339E366D86FA842EB8B5F917A9398921", "231A2A11604AD374097B0D146900B3B8DFF4989DB202DC20C8E0A78D22FB36B9", "2357DB8297BEA926D301BE9958B5D9840454C354F7418394A6CE21491EFB28D2", "2372DC3D7CE5EB7343AB1B7F8117E7D7973FD8B0B4C7F48EC72F7DAA7722441A", "23BEE634200B9E4FA6BA5050B092CB2E8A6676B9A96B4091423D6C937390F9F2", "240EC331B4740D6B70360359CAB6A8BD3720C206F1640F720CD7C8DDE996ABD3", "2440C30E614FCEFD84EA4DAA2AFCF397C1F2661D57BE8867516314EC72175761", "245FEAF3E7F9444B5958781DC69E3F6A353E5088DBEDBC2BC099CD2EDEC0625E", "24798001464ECEFE36C9D592CEB2ABDDA08F3242D6E8CD919394411A8B0F279A", "24AC55C7B7B8EAE76861640D8FE63967C2D6AC120B7117F39C2E95E98BD6B38F", "24AEC5A8760FC5980BAB8A440D0738072380AFE7806B5BD1B2A7D0385F3B123A", "24C0E8E0827CB2EBE6605DAAFD5EE0194B719538B16C6998A82844CB71B50C7E", "24C171D2EBFBD69CF6AEEFB17FADCB6350B347E61036097EF3A9343C6459084D", "24C1EF78324E60477B0E47B81687325BFAB11B34F8AFE6263FEE7EE70052E3FB", "25372E8CB6CEAFC4375A6AF8544B344A68645BEE81B1B3A1D8F08CAAC19D1913", "2537F49BC389A32095FFD04DD90ABD8C245F9F959B3040D4B3B584792F460CCA", "253D2A8042A5A62A38424183A5CDC4B7FD59A72D109CE83AD9572F45CF4DABFA", "25465AE304B2A76CEF5AAA7B2ED23C6230565ED22DF8525A608DE70FB394D75E", "255519D8FC08936029278A93200D3FB4DB86381789F43C66E18CDB6CBF5F7090", "257282661EC40294AA6CD7D16D142C7D834B7703E989C3E4C143A5B9AF27C918", "2600E4AAFF947CBCB850E450A9B49478B472FBB9BEF872B2CF4C28E007115FA2", "26036A953D260DDEA62F061820D0BB69015115A491ABD6977D739678715ADD53", "266AF5CCE2935A1632FAEA2AD2ADEC7D3B1EF6585030A41069E05308C44DE9B2", "266C32AECD9BCC9F1C54099C8FE9B92463A0A02A15157EF458713D15175A641C", "26AE7E28F5E270B5CFD52AEBA6B32C6108986FCB5CA6AAA5326CB8FD0CA73D23", "26C2D2D50BF66B18D568B39D5C0159D92777EF3637170739E97769DB93D44C46", "26DB05D3CC78D099A9DED3224A1B406FB51276651ECB69B479B255ED09EB6204", "2740AB4D54C08908FB6B276E9D3106F5591A8028699951B603BD63F09AE63D3C", "276311EA26EA41FBAE81DFB3042788416A0F2799192780CD6BCD5F7081C47F5C", "27667CC3C4749A1E7C9BA260074409253DD037762DB8CE1B9C5A71B1917B6725", "27E05F77F5930FD9CE77753BFD85443DA41872CE8C0E1205AA76D4132D396EDD", "27F94366700B87ED0AB75446ED1553071AFBD15294D1F93EC247B94B050C04DE", "280F22C59D289D09BF95C27BCBD4E75FDD23E4CB97EDC3D26F891DF09095112C", "281EA77DACE3CB0D203B13E8D960659321E00D0D3AD04C8DD174EF67ABD3975C", "284CBBA54738CDCC2622E07BFF9F42EFB12F4C1E6C35828AFF50C39142CB2FB4", "28A2C71EDE0E1C909579C85700FC4017F15D79281B415762C645CD0CB1D205E1", "28C9D324C04B7FC9ADDA03C476DBA4B48C2F0DF60CBDE796D0F0C8D2F9B4B2B5", "28F8FE772F7744066E89072F94BE119B652D05DADA694784B7CCD72965C551F7", "291A11B053B2918EA077355BE96CC41C7A3C251A50D4A852FC3D0F5B7D13AB3D", "2955FD677307C59BC4E381D8CA0275D629803259C2176CE4E845D6B42BA2E178", "2990C49388FF9A7A95B59BB697358FE746DA4981EA6BE3E4B10DBE45541B3A35", "29B7E8A593B85D211D961E858CD47DDE4578E14A3B0026D2CCBE046945B264FD", "29F531986D8179652F6C1E43A35C26016DB15EAB1F44193216051478664161D6", "2A05D27D0FF61BD5D3C4263E53EB4D34E324CC8F78836E02986EBC35BB76E209", "2A3BE29C61AB5C206E51A18D7963A9C32350407C526C2B7F696349BA022B924F", "2A983186A18AA1F913AEF800B4C60D2AC7C684254587378CEE189FFC5D3B64B6", "2AA1CFF2B38E29406C3390FC3486551F5831608DDF19F081568B5CA436C23A52", "2AFC5A8E16BC71AFE3703E0DDD6A01C2DEC758FA5CF41D9AFF831AA67E5A2468", "2B258825B481BEABD4EE36A758556F643B92CE36BE6FD1E093D5212AC6442E77", "2B3C9C8FEB87062CB2249D828A603478C6CE6A6307CF7103B8825D9FE81CAD3A", "2B4BFF0D4D521D5012752D32EC9AED8D7B42C9CCDA58A0989CACAC0FE91E3799", "2B583BAC13559207D6199DBF313322FD679D7CAC25583ADB0D482CC288326F6B", "2B6108D13710A4D198BEF811C30F056CC2DFF0AE37D527B48AD4CDE706A50365", "2B759C54254EC3513EED6330463E6E239AD470F450B14E61C83618032D59C1FB", "2BD4C17835FEE75B5DD82D43E16DF6D6AFA1DE77CB24213DFD8CE6D73C92BEDD", "2BEB31EAC54470990EEE9B82C09A1018390C42E0CD49B6AF40A517767DFC75AF", "2BF99F31869410C536BD54411719F5604B8D0D6653E37D26D04E6C1D60EFC1AE", "2C667B664D1138B9E26FEEA57AC8A2DC296113D6B6825F553961186FF3571959", "2C79518BB9F288432B5A73B591807F72728C310F80DD4B9E249F3E42D9AB73C6", "2C7995B66DEBE39803F690F1C81D4D2B4B9D7041E51519E344EC18DDCFDEC418", "2C93559F71C13D53057E41586B1B0742AA76740258BBDC0CF3D9E8C3CD3857FA", "2C98851DCD6AD2838CDE7694136457E742F6DF7BD82C26A0C066B482E7ACDF2B", "2CA3BBA259D1C0246BF3E9648B4ED1628834042FC1FD08C57988C2DBA7334A28", "2CACBE41D36AF402D83999A57D2375400B28085518F96D7CC3A00E4877AD60EF", "2D4E5ACF341A63326EA63B36C57A2D2450C37ACBD15D00C0143815E2E93007B3", "2D96AF08DDB385208E5B8EF04A068C7F13B15778AD8429FAB22C8512DC53CCA1", "2E2318F28523CB46C1455FFE9956E9FC95A3F8109411D73887D7D817191E18D0", "2EB3EC5415CB180C489C7AB8A4707E904F165D92DE748B7FFC66F9E86EDB6CB8", "2EF3DB4BFA3E12C4A33894FD2811178CB01A4CB8AB742EFCD63E1707D79B5780", "2EF9FC63A88AA95A1388CB1B1FAF823A0F5784B9EFAE2D168B092BAE16DA4A21", "2F2115F5724B651AC6B9F0B28265F93BC7C9AB2AC6ADC0181AFF86004B79A417", "2F4251685BA34B30404688084043490A08889F63BA25648E7D3DC6F1A6C8F96A", "2FE1744F98154D972959A5B3C1ADD859354AF637B8F1F4F9A05859DF014332A6", "2FE97BC0DB8A3B1BCF85FF8F69828770D4396C7CC3ABD37202D8089D2CADF87B", "2FEDCA99A32964BFF6DBDE002EB4B2F410B145AE312DF12377E547C72DABA460", "2FFDAD2D5FE05A1D3943EC028FB23F061967B243EB759A794CCD7BADB523C5A5", "3006301690BFF127B4045D1F975926CF5ECD8556FAD8F6D959B34526A0BA1916", "3029F9535BE20D2A199498B065F599F47A44CCD33B224D2192F5AE06C62BEDAF", "3073B2863EC3EEE15D79F6F74A31A0A1F9DF2E191852C00E1BB66966D15300AD", "30C160035BB3D7D8CCEFC976E9A66E721135E92A5F2BC6D96A0922DAD970B145", "30C8E70A426A2AEE76446C5BCE898EE543CA89AAEAC54D0BAFC5794D7065AE49", "30D8FE67161E8D4FCCE177A3964E6CF0B24FAA13C9252A61D9FD63AA760FB657", "3145AF0C5406567F174CE24AB15ECCCBF1EDAC271CA314F0505020DA0354DFD8", "3180B65135ED076EBC40E84457FBD56F4194E10FBC96990E6A5A4C6C76779DE8", "318BCB52FA17252557986CEAF25CB3771570A1E2E09915579AC27A10F5B3ED09", "318F53449ACC53366C464B243849BD2A4ADA7E7AE12BFD36706B8B665CA42F2E", "31D7DCC8D683A82E44671DA5A38CDC1A58877727926C937FE8D9FD9EE9FD2370", "329A65086C653260B989EEA343682EF8709205A468F7D69944AC5922648CF08F", "32EB80235F63631068A875B3706EBE57E1F30F49ABBD86F94E0D61C950097183", "335243CD3E153CE71F83C1E35358A1A6961917FF347D3F9AE3F81167F8B8996A", "335D6C66D4390B20F098610CBAE66CF67CB60FEF9BA678B6976E155C6B71908D", "34435D40744A8971C587454187843957770DD25343EB330799C793BD15FDDE9C", "34556322D1F9D180C8DE5E1F63D747B142690F033BA7C453E5CD5ABEF8674435", "349D782AD75FD932D0EBFC4AB410ECF129F3B7FC27E63ACFA87EAF3B80282B7B", "350BE099FE4F017BEA9A4EC2A077996E4B3473A14B0E49A1EEEB72D56826E652", "361E60C13CAC480F4B230437F8B912FD72A2B054A880D08962CBE176EA72D547", "366CE799D9AEE4234CE4D38A22D774A769300127F0319D9238DAEC27C48436E1", "3685B92248F5EF5F87E22332608BA77B6E0CBEC5E65184E9ED006251D92D1762", "368CBA51B2BD334DED3AEF02F93D8E2C55F25EE9132836348C71D421CF78CEF0", "37066BA41BDD8BD24D918C2792565A3077F4BCFF18AFC1D91940D1BCAC970280", "373505685C2504F2E87D285F28BBBB2E73FE52DDBDB53C323BFA4E4CED76480B", "3757DB8A424DB88E245C8F0EDDFE6FE06F8170406FA58010670CD76C8A1ED47C", "3776AD70996EFBADDF76FD6F5AC351B73A4F834D590F094BE2C19B1B4B356D05", "377816BD0C2BB466FAB6827FC6600396C12FFB682B080658BFA602992BF877B8", "37B1C13D57560AD2D5EFC78D9765E406257D9DEC561AC751A89056CBB0B78CDF", "37DB81C8898C236A111B799AAF66BD234156F998C56157416D1E7D09F99E655C", "3806864362596B8F499C9B331631D79EC751CD68B24068ED9B36CFB553A6D005", "38B90E9B0DC10E4DC76F9F12DDEC2E7A19565B69C0B9D2A17405DEAA2D6CB5E3", "38FAB199DF9F4E39A65615F1E108853EF74C41252303325B3AE91FF543CD105A", "39427C69BCDFE8C0B02333381F4C6BC6D4CADF9B5F4D8EDC7C60BFB08C08E1F5", "39807D1224804C1ED4DF9E9B1CDF9DB3C95A5882806B68B2EFFC0D340A45AD41", "39E0FE03DE70FFD2825D58F565E4F845B69355FE61B7E4C279F4ADB31780A7F7", "3A2DFE6DD59E30D471FBD4C15F6019CFD0C300A08FA6AAD5FE0B4152BFE1CDF9", "3A316023122DAAAAC2F4CB0B56E3C5CC516728DF68ADF89F970C29980B333EF1", "3B4BABF4CE1C991071EF3F21C072A350BF812A85FD4B68B4EB9D5804B3FB97BF", "3B85BFA54DBDB23AD47A6AA925F4BD74881F0AF16BD2F18255CAE6A804D9BA4F", "3BEB441D10779A1942BF02B10D6A1555A8433CFB0B2D08C01720323538A45578", "3C4BFCBB3C717294BFF59B59F2618AEFAAABAFB8378CF9BFB5509B69E9275659", "3C757E6C207C325B90893148C70649850957A2F8AB27DE4E6D68D3EA4F71D013", "3CB2A092C6436BD79A8612A3CEE188FA093398871DFEB5B958FBEAF056691055", "3CC59ED4BB758A8F7C6659A02CFDEDD7B8D32169D1E27B410086D8AEE3C0DB3A", "3D04811CD7C9B337157F4E06A7E1B2584D270E7E69B726B8521CEEE31E88AF6A", "3D3BF59CC576F554C3F716540167D85670B56CE61C0AA690764AE05CC62E23C5", "3DEA543F812B23E125C9088AF5301DA14AAE88C8C7706F25F22571DF88A6C6A0", "3DF0EBC27CDC2FA0AE7D540516E7AD82FDC079933E2D3F08627E09F6B9903EB8", "3E177F2379456D1A79BF5DFA21CB891A1F98AE2B2D43B6DAAE51E2BF9EB51CF8", "3E1A954A80868F0F29931CAD92D6814DA29C439369DE3866B623B907BBCDDA4D", "3E6B657C015C16954B98859793FD033350A73E948A9B34DC9CE852E2232B7B0D", "3E90D8B117724A689CF205EB148C972A5AC679705260655DC0A260183EE9C99E", "3EC4E4E14B2BDB7D5D47F4A561D44DCFC04B7D176A42CC15A72A44FC6F4E78B0", "3EFA60BD710C6B4A11A5019EFB5EDFB39DBB8C2B14BF8A0CEF3706BED64762E9", "3F0DB6A6B43161E807AC17CE719A18BD26C81F3134F4959AA51E211376F74BD1", "3F165D58EE48A0720F7D463AA93C65D50F9A941DCC6D565F609CE31843B0FDAD", "3F205E0CDCE939B33B9B9E6084A9561C6DC89A71EB717613241BE3E385F5F914", "3F7BC56A1EE56FBC05AFCAA58E192701847D074F84491EA17BBE64F5C9B050D5", "3FC120799DB15C8946259558329341A224E0A87FC68D7A45E307626082C103AF", "4029D42CC914504E09EE100B22AC6776680410A3D499885D657894142CD104C8", "406FDBAFB731CB22F016C816A536C261EEC243D0EF0DBD325B6391902BC9ABA6", "40F7CBCFB58A3B19B3D79CA6DAD7B6DC2BDC641FF8B170D51B354FDEBE613E4B", "4131855A90470A7C3B01934F40DB846D1F2AA9A16CFDA8C606987102D248F71C", "418A4C8D1E8F2E8A923DFE2C36570B4A5EF7B515E050C0F19513AF3DAE7D2628", "41AFF5735D0A8605C95C723549B7B7730BC6B2EE7863FD8A1272CC539637A71B", "41BB6A57FAD3A6133AC798B9A434DFE0BA0E9AC64CD3258AAECCEAD5451AF287", "41C36090E48F5B49889E2E11A5C031E057EE2A58B8793C22D42E13EC1850E6D5", "41CB9666A88AE67D4A0558674B8CFDA62F160B6DDCBA3C10576515447887CF12", "4212B58ACC9EE88EF5EFA9A4B47162BD75134F54A1D340AAD34532457B0AF8C6", "4223020B90AF919EA98021361F9A17891EA6F508044EB9D3F23F0EDA5BBDDF9F", "422537CB7DA0B51EC03742C69732BF7E841E49D8E76EB1282D4AADCB1A08526A", "42384574F7E0521A92FB391AC5F0C9B49CC1F4E98A72FCE20FF6CB01E05DAF9B", "429AD41B13975D95838FE9C93B4B502F02FEB96917B0AD0763F73D82B9CC21FF", "43090E604FFD17A647BF18798D3F4075DCD6E38C9F91569710640BF1ED71BD39", "43176C8220551038A4495B8A84DFDADEB39D179380C005A74D2C257820801C87", "43739857C7C042606D3BC94E04BCD5E4A895A202D76EF8963B70E7D32C62210D", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "43DA011A37CE03FA64B094E9F5770A93BEF6CF43E03F703E6569EEA76986A4F8", "43FD2DEC48A89038A4DF71B545472C6EC9B601D8954256891076C3541234D542", "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "441A6459C1CBE843EDD7F5C4D862AA7C6F90584EA901F82EF1B6D31B418078EB", "448D8F7A10C8011486C5D85D70C3471DFB15CA561C67B60B7E1CB2BA83B724FA", "44F8F51D369D3F744AF193AB2E497189282F22F94B8B3424EA2B099B5580CD94", "451F72C42C9FA5B3638C6F2233F910FC635FE2A09DB2B0F71474AE8603F61D92", "453DA448AA3F8EA6DA3A115CFC84B0D2B992660D6E9D4C161474E74D8BE8667B", "4585AF22EE5639871A7BF84D8DFE9AC688EFE59814E7A5444DE9DC0EB109E9FF", "45D0E6362EAAD0FF8BA2A916838616D92ACF32C45B5CEECF557F58369F188EF6", "45E477A401A9AB1DE1FDEC74CAEF2D215CB4455BA0FCE47F78E1F65492DC819D", "465A77691B2F05B1C5FAAC7A02CB7D278A82164C3BA7AE66829B4C4FECA4395B", "468957E7ECE017AC323A31CFD237B108C75593118F139922584ABAC37DCE69D7", "46912650F54A45A948123EB45E1EB59B70BA1EAE54B6FF67B927008D7D75AD70", "470748236CF687BBC17C70DFCCF5107CED7FA6CB57B3A02A0A94855B02E20BF9", "47274321AA3430917FC9FF88F99229CD7614CD6268ABCD535250486839A8D636", "47377382FB42339D4CE97A4452C254F07E69CAE5413DDD356B24FAAA26841F46", "479439B5CBE01C1194C7002751D259953C47745B4A1F1D136B486FE86B0AE451", "47C4639A3EF53144FBA7A24BF07D00F061D787E4D1C384E58F223AE28CC86EBB", "480D58613122A96AD57968DE0F88508E140E15C861137E188E543C73FB125099", "4816D302F14237915BDCCE3B3B79E8902E181521B98668433343553FCE04FF69", "484E80FAE1A14CB4A5381B80BC5D666F692E35EDFE6C47B8F37C038AA85F3417", "48884C8E221760F92534E481E23CED02DAD5EBD580D328BCAD26AA27FFD246E7", "48B39E85816F2411F53331874775EF245CA226C6E0E6C4CBFAEC618ABDC8B5D4", "48C8EC651BCD9632651B1D9997820F8B0C55965AC145D82D44F18EB9F50B8BB1", "48F703EEB1BD4582AC38D9DABC8E8756788D5D519B150AB8508B8EE188A9E19E", "49B8460E9D95F7D50E840B7B70FCE2EB364A1ED8ECA0CA0A121E41DC89B55B92", "4A7D85E877988216F11AD7DDC8ECED1B05CB1AA44C219D2D2283330DE7E7E1B0", "4ABA347899E62D111444546AB60C999D1DFAF09E640D551C905BED4CAEE1CAD9", "4AD27285394B544C4F1A04A8729C1D2ACABA5E5C5F725CD0EE680E537DE35EE2", "4B52C00B3B0A0FBF4B32911879D45C69324F48A70DB1C9590421997AE4A65825", "4B81A3DC7183611B0415ECCB103AB240ADE5C0EC9DE7E70D4BD375223AA0228C", "4BB64F82620533514180FBBD22D98224D4AD27139725A0E485662BE0A8761B58", "4BEC8E9463E4B27C09D4E3ECF5C98A9E0D6D193C06E6EFC3DEDB9F41368D7DC0", "4BFA3A2F692D8FC8DE4F07BCA56AA58679411D74D1AC3CD28957EF6A817C1264", "4C09598B2AB18F2AA5E848F624CF012DA021DD4C74EE859E0D0FA652FD29CEA6", "4C149E6F2A02DE48EF008D908A63161BF93C07DD6B16401AC765C3B64D274497", "4C530226C2C82FCA90A29F26A05A9D0BF640534450027EDE7596BB30563A3845", "4C85D2930346AD967159AF4455A7D0489E2962948B89964DEEB838E940D0D79F", "4CA88475F4285A9E6CAE70AFBA4E732B29EB74893449A83EFFDFC90B390E82CA", "4CBB84ABB768CC4DCB1D0505DF4BA09B5302612AD537E78D0F8CFDE58374F322", "4D402398DF7918F2FB1B0D98F58C3D1BABC3690CA9F299CD8DE8C39E7C46F38B", "4D42AAA4F789C7D1BA65614CE73F72CA7B880E7B175E5E14A5BA53020528C9D9", "4D7A6B87CBB13C81AE2E9D54C1278278FD0341DD36500F497D1ABB4C031A2378", "4D9418EB571AB517698E7771BD9FFC99397B18C4277948836176B08FCF7D13D7", "4DD34F3D8D9E74E72A2CB59E61F1312DFFD788D57A830724F7C8476F78F9A3E0", "4DDD411D05DA8C0FEEA7EE08A955C6CC3D9F0907BA8773CF31C690481C85111C", "4E2A0891FC6A9216C5F9B6391FCCE631A5FCFCA9CD4485D154F09E66D094E86B", "4E8F203D973F0F58DD4AF50C40B62FE1A35D193D756CEF82EBFAF93D38E60BAA", "4EAB7A71C935D26CDCB15758F67FFAB122F8AF5DF87444EA0B6E2E3125A23250", "4EEA40866A50FD47B88CDEDFE5D4501E3C595A076C9874F03873B7D7BEC2B0F8", "4F064831320AB374B0F04032973159DC46D8DA9E8046784C26688BD3BF94F17A", "4F2D82A4F724C8AC105424E03F5FBC319EFED1ECC4C4FC502E3EE79470EB24D9", "4F441F1EC2D2D7EA1D9033E689E8C62FE264F17CF627C618EF574955EF8C49D0", "4F83742D4D9E3F03A6481F27A21969D4333962D309ACFDC2D174BF09D63F0F8A", "4F9B97366DEEBEF2DEE9D041B3982BB1DF67BB173569B8AD40A84B319E78729B", "4FB18D178F1A54F4568F82B87500157E5ADEF17F447B84B79FA2BB7073A2FB2A", "4FC3BE52D551A04E7C1806B5F016625A9648BA506428859D352817B2DD998F72", "4FDDAEF0B75E77A06B8D7597974820AA398F5338DCF044E51EA0222441200F4A", "5068E580B2716B61E0BDE3052C7FEF5E5362490263DE0124D897EF42BD96435A", "50EA423A77AFE74D4C99D312D7FA5988DE8629BD8B6A44E2C6A86AC37D0AD6DF", "5100AC8D5E4B9B2820C8E97CB99708D3E6DA55A8125242DB99536FD592D317C2", "51BD39BEE25909EEED0BF937C11093CF42A13C4AB4AB282A7A46125DC62BF978", "51C64898345F327DD93881C52DC0BCDB22915CDD412C72A65BE394B7A650FE83", "51D185DB29AE6E4FAD71119D872DA0F52814A6C17A59AD1AF9B79D0668C33FBB", "521FBC3140A9184ACD54DB259B5C982B7555628E6C09A54B0ED31625D877719A", "528381C9CFB6ECA8B333249B2F75271731400A3A04CC9729C06B54D936548FC9", "52C55E3F117BEC5A4C81BD07F073C455C3A77B620B813ED54D4AAF265197A27D", "532D176661BCBEC8BE03A731D55474DD320250BB0C4A431156B2B65DA6D50581", "5338F5C63C28CFD2FC543F1BEE97CE2095080C242AAD9300A504573A0A0EEE7C", "534BE42CCFEBF334619AFF9C2FB1955CE0C058A0559E49A3D0C26AB6F743C73E", "53514A62D7D9E2E178325FAF1EFBB4FF93020BF2D45F01788543FEAA40036C15", "54E445CDA1B6D464E8EE07BFFEA8105E14A5BCC492D50E718CD98D48B5DCB9A5", "54E686FBB2E60A0BDEAB59EFECEB36D61C77A784661FD44124BD8864158EE317", "54F95B012C42E1776CDC45BEE152DE0DB2BABDE488693A1FA812D235885A3D0C", "552FD8E250C33622C92D4D81FCFD993060B032D714D05723F83EB943297F3CBD", "553917363EFF9E662B09A77DF706DC1C230A6512EED3B471B669E10ADCD3D3DB", "5552B39C1BD3DBC7107B73487086238D9495C788CE5460A76B3AAB0F49923598", "559469A7B8757C4FEC68A2691E04AAA4DF305CE5C4C155425773CC2309F217A0", "55A93A7413D2D17A9FC66D4B2521DEABB349CEC50132C7B6CFC63FBFD532E88F", "55C19F77F19C27DF049BA4BE776B91D036AA327EEE924C65A6E26B0816717EF6", "55DC383A252E7D660F8ADB678D5238042C74174F3DA369A09B97DDB240267EFF", "56163C4E007DEE70225DB50B4AB2AA4BF3EE1E7FDBFEBA9ABB7FD03338374A02", "563934541397DDC0A640CA044FD1AAABD3BA89EA3B7B3A101F97F3FCD502BC6B", "567625FF8DF333D5C563E40EDFFF9516FF13EA40EAFE9A2E68635850284A1A44", "56A4EB08703709B360CB4383013698912F22EF091C5AEEA689DE4ECA7901E903", "56BEABFE33B1A6E4081E3789745DA61E7ED2F6AB2C115CF9D6175CED15B18843", "56D260CC4CB1C373F5B3A09E23A8EB605DFE76F08A09790707C7E16F916F4E6F", "570AF6CDC4F7E864E6852EBD03923041C13A884B424AC254820AD0EEB73694DF", "5710A9F486CA3B34842B504EBB99FC18D9E73CA47B6554192CDD159C1848D8C8", "574FC031AF9B64FDFC8B0BF65E22355456EDFA4CF1ECE74E592CA6972407F30F", "576FB6CB6CD8B5CE4A1504690B7C455D22F3C0398026BA73EF6B8202548E739A", "579F81CD03E8F343CC89DF42B60530A9911E36D65C6D69F1409D05E0CC6B5028", "57B2D7521EC7DF40C6C4D1EAEC35430FAFDAC9ECF2870416B8F4209BBC2D59DE", "57B9CF39C18FB4A06D2E917933FA8D5E3C4A18F982A4708050D5715BD40B9C19", "57BB882F7F5524BA47B77688E8046E805474E9688D5956EA923E5C92D5670EF7", "57F63D1070EE55DDF717756E3140712D7200E59B2A88E2BC677DF98921A46E49", "58E2A7C80CA72D628D1BFB234B6D9CBCBC9E1B2E173D0EED497EAD07AF16AC50", "5918C016B20B5ACA60A7D119FD2C32C94F0627AB911B7E60826658D357145A38", "595A289F9570379EE0A61936294F3471459716F19EADF589CD75DA916FD567DA", "59873E9D68D5BCE48BA1B8F038F5BCC405378071B6D1BD81B4FCD123E38F614A", "59C7965FD6529E626542FE53D8AA2598AFD60D50C670FE5294229EE679BAC6C8", "5A2425933E89E2C50FE1F3B1903983FFF1089EEE55483682712FA0DB9D6A700B", "5A798B79103BEAA9896AAD73A81206ADDC27E56D9D7A1A20F10A58128ED062C0", "5A867D53BF1C045A91BAF34174E260F4492ED9458A27BBD0E5EC08B506CD1CBE", "5ABDB8E8FF34B80C89910A575CC3A19BCB906094A7EAF6B0B05A2411E4E3E5FE", "5B98A1EDC68552BE80877B6A6315E7D94125AAF6F6DAA4196EC4B5C5E1555123", "5BD96B871BD05434767C34A2EFE7173A927EDB78FC30CDF5580CD68CDA14B279", "5BE60AC950D1FBC307466C5D581A5B5339628DDD6C235D6C8EC61AD35FCF6827", "5C5DFFF45F8E55D4C0C4D2A0CEA386DCD310BBBB7EFAEB0D7E114A025F92D87A", "5C7BC518FF1F0A543C31C74A890A166D2023C810EEE97628E171192932C3044F", "5CA4F50EAEB9446848557A5E24071E4BD883AB8CB85627B3A70094376901765E", "5CBF5F1D6FDB26F7B7D0851E8D3E25060DE1D94E8448044398A6450DD68E54A6", "5CC6DB3E26D3BAE7015DFB4D74F64D914D157F4C36E60E5C8AB9FB048FBF3CBB", "5D8CBF1DC42D59EA90FC1E39EEF3F24185536C7DB29D780B85982D4FAAD54812", "5DAAF4203638EBEB43DABAFDC8EEBB308965CA4F01FC190447A6184E6B4DE2CD", "5DF72FA611054534546D74E4B4AB82F241E1AC198E5C5726FDB53162C63451AF", "5E4F47B8B36474BEFBDF90817CE55576A8F5001BB0F9A0171D9F9A512D2EA52D", "5E5C0D906DDDB47A53D421884B82DB26FA92E0D0156BE9B4817E7CB7FE473930", "5E6AC096D5F35D524923422195E5F8BE5ABD6E307943C5F7A48830343C060E96", "5ED570DDC2DC18EDBE3A6F896450F75892C392B6E12D967BD6C8F6E5EB0809E5", "5F1E522907674359F402A2020625D76DEC18F78C51601FDF6F1CC062F78B5BC6", "5FDD411EFE7FCCB2A42647D8A1CFB26D87F65B1DB8BECAB0016FEB3D57AE8C86", "5FE7A510CD15A76A4D6CF022D158B9FC7E8E03226BAF443B1D7C5958D406EEFF", "5FF84A409F6E7810279E556BA90D6C5F78BBDB1F21A37746F6A3CA9B07CE5053", "606B378A921541DF050A6107DE59049765A84DAA8417FBBAAE6E0E7851A1C26F", "6090C932221E51ADB229897A416B6CCCF4B92380897751F9E9E7D222C5B6F5AC", "6154DEF6F23663D7D1FF5A7AC8111991A9724E8158A01D10C2D5BAC51D31ACFA", "61F9B315BA3607D5334F3703EC934F6C6E27108ED8AF409FF14E98685A2E6EC3", "620DEEE8E25F410CD7D5D914617F8424D18C6FBA60049459E6DDEF27E51FE74C", "625BC356F4B1E0407BFEB403346EE4E242A661F463DCB5FEFBD553D0EB23DA53", "628CB36753883231031D529A86E264092FF7A5CF21319F4F245464EF4C4FB0BA", "6319DF1B256EC58709172407AF4A25DE3588354F1CDF0FE760752C81DC6DA075", "639162FDF1F868B89BEC92BD6649146812BA3EC6E2918FE4CCE113215EE729B2", "63A195D73BA31149042774F47A664A599987485976559F76B7782CF2B7DEEC85", "63C0560C61FE9A9777F6402C4988E794A31F66C8118AFA944D2596065F5D0454", "644A8D20EA5C122A543FD2875F814F29458A670A8F81310C4182A6D4DD814E43", "6460D41996E43CB75276902519E15745959E2FFD675E2119EAA294B305A37593", "64936DB1043AFFB68ACA6293C18288E8B3D8252A6898115168646F4A5B00CE7B", "64ADFD088203597B59C398AB3DEF28DC4F72D37A4C48C7FA81C6531EDA6A9877", "64EAC079DC917071B3F5D4347B9D12B05B0383FA0A7FA3A0014E97DDEE4AA80A", "655FA693F075B15B02ED5F3550E038AEB5F311F84F9BBF05F07D4EF8A2E7A57A", "656D4E4927959266DE779084CDF0D6AC91B56C55C3146F4D048F06CBD689AF6C", "659BDD4DD4F05F3734B552AA1C2681A2F596DEB1D8A8650326CF14B08DAAE5ED", "65AC33072AF8ABBAA1E90D22A6164663D0FCF7967CC7051A7C6B601CEA97BF53", "65C6CEE2220BD8F2BF06A7DA52FAE31B05C72037D4DF4346A594A14F3DBA2AF1", "660F79D7F9C6524A14DF2940CF8DA166E39FBB028D628CAF3FD232455DB9F4DC", "661EF6C7BBF8AD251228707DD8EDA4B08D9235BFBAA6C9BCAC49A5F4CECDE3DD", "66FD1EFC7F653046FECD369AECA85C05AB267A5B3073E95A62357DE593A182DE", "673890733653CDC1F2BE7C4661382BEC98F1365E9FE48B17230EF2CF4B722E6B", "67521096E2499B8DA87859FF51DB33A2152163398E0849BDD3366F9B6EE2B17F", "68318E96223B524CE42AC6750332E148C674DE71092AF157B51DD782B15BF046", "686178EF99D6CC99D2735C8BDE704DD29259F271CA4F959DD29447ABB9AE1616", "68659D93A7B4C79150F4B62DF02E4CA34859145C18B4D4E7381CBF880486F5BA", "693658DCE0F371748D69D63EAD5B48AAC0350649F64CFEB925F5CA6BD3E2A97C", "6962957F5260D09A677A1309D083DFF8540395F1FEEF20443AF7D55DBB859EA8", "69C147CB642B39AA3250947FC1868ED542CC9C2C3BED4BA821CAD9BA0F178E84", "69C79DB7169CF870F6B1FDFFBCCD8DCEFED293B79862611C9A5D39778668A20A", "69FB72CCB8D5FCC39004FA966C700C2C3FAC030FB41B36D5BE112D01469B6B39", "6A0D9421C284C29C699BD48273C99B57CF4E764A76760B5A163F68BA4E03AA6F", "6A24D87A773C31C03BF1571EE88A8DE4163C0D85A884A1337E1549CF4D63C230", "6A697B6EA1B88D2AC8BE821E68A30641C2A1633845EDA281A1A868360E3C588D", "6A8DB2CBB1AC03D014A4BD1C57790E168C02866F5520B9B9A5388636B656F01D", "6ABEA86F95DECD03C32F5BD7AF2042BF07A1C544724C672F6BFA6EC88894C596", "6AF6A75AB47A85BD264ED489D020A601CD49E58065CEDF72F8DBC129C0B69CAB", "6B664CCE2190B12216972B3550FAAE4685B736F87954DBB6453900D5AC87DDD4", "6B6F13479A05023E8BD2B97E73C4B7C00B578E9CADB70B9A72B008E52DFDECB7", "6BA96613CB9284A12C5C7BA5B1AF346C52C407C3784639F8A63CA5F6E90563C2", "6C3EF31F91741F415782EDE50130FAA08F82104A8F95D3D369A4047E95CC9A00", "6C4D4EB9D7807C693B16C2062975530048A3EA46E32AD8F8034663AEF684FB85", "6D3425A0F0AC497D9373EB79F701BB6FE45BF2A5671D3550DEFC979312243F52", "6D9CDA8999A9DACC3CC92F31C9B635358761E015053E1E28134A4EC64E7814D4", "6DDE0AB3F5A1C0ECED0D3A1782B11127DF6AF38D29F8D9E53C49DFCD5B38E559", "6E565CAE3A1591BB7813FE2A9DB1F71982D222B38B26020DCF88E9982572688A", "6E7044D0FF9F2ACB1BBDCA032A5F59587B1D83E22427AF92E51A60726F4F6C2D", "6F1592D06BB1DF002F830A106270496FFB711B16D63669CEE77A12354A29AEA7", "6F7D56A1A333BB392C947AE686388E1EC7908A912E30605A97D4FC4D9229ADF3", "6F9B3E5D97FDBB41059AA8C4DDC3F8C6E337642756FF537C16A61C7599D523B9", "6FF13E597CC622DAB3E00AE3C0153856B5FEB64D6ED7DC6EA280C1A30DBC11A3", "70427712BA5BC5CC0FCAD9F41BE90E49714240938954BF076BBFB058FA595319", "705D1AA8DC1EFC5A25852EAE8F70114AEDB618E07145B676E2B502DEDBEBA92D", "70C4449FFFCF2FD59061BD14BA295C881FF23FD6BE30720DB0B37D8281F0B256", "70F94E7024BF4E7B555C60DDD026FCC92D78CF8920C09B5EE7632E5C85B0C2EC", "7108A0C582CA71DB4DB30C520C2DEE6D115196B2AEEE56A3D2159351C72B07C4", "7147366CB236DC971F1C5386B922BCE89B66F27C36AA6630A42E4804E4DCD59D", "71775F8B80AF3BBF0CF10F0859E199AE222B899F2C8DF45901295ABF96EB12C8", "717EA7B7E291CEAF2956470CE508AB38C2BF8E63133D28CF594496671ADDDEE9", "71E44395E58655E8273134852DC45B9BEABAFF032101136A9B3B647B725B127C", "7210CED684D9A65A20FC7A704AAC200089B2E2271E28BB8821D91E74B0F1AFFC", "7294EA54DC7B16106E4A4EA97B3222F45083B261C6D6170F4FF7B3B25814F4FE", "72EF04F51914AFD867DC52617C9910A4A9881F3EFA8738ADD8F00A0F1512A27C", "731B1E3AD4D831E1274B2D14294F24FBD25BC0B665C6C86C8370B47E9A4DEBBB", "7385F936E5D50AC852B0DCFF5EB0E0E39A5872DA50F0A6593F6A60EA8A4CABE6", "73A3E0EC26E7C04E539496094D3D23CBFCF8E05C9DBA546F31450ADA7CD19BFD", "73F18A672E0FB0ED169AFEB1298A7157F2481ACDD9C9CE73639F7965906C8E6E", "7463232BD9391B70113F6779133DEEDF82C2F9FB5E2F9C9C4D0363B332E72184", "74739E18871CD2FB6A97BEDD24781C04A58FE3EE477E9B04BC96DF3C5CC0B134", "7487E6415116FF46DF0716937C6CFB5FCA92C62DC5EFF43DE1A410F2662F279A", "74A64D86F481DEE0890B283DD0C93883DCD1F9CD9011875F5CCF194BC49A6A89", "74E5BA0DD741B213E2EBE1411085F954FAA7766A811E6603516C4ECCEDF6D35A", "757696CF6B25D861147516A0233F27AA8ED63CE44EC3D079E6265FF809DBCB35", "75847106DDA59D969AC0CC5D5D85844498E31446EE547D1D9B1A4B491F5FCBF2", "75FDFC96D0D178C6F9FBEAA3546AD0C706A42D7DCA87D5AF8CDF1F7C9956E3B9", "76D8E68912848DE153B9BA6733006E171A772A367F2F5215E86AC1E208F9B644", "7721744B6CF259BF11FF7B6430AE43A25D620EF548BC9DF53A5A8B7DB5079B31", "77352C82A30EA733694B5D88C0D7D12ED4F6B39811776EF99E8E73A7C6CD693F", "77A28093327290BEEC30BA0FD258343ECA5E3AFE8F5CC46CBAE8878B49FB78B9", "77C9C6375B124FB74B41D2803B9D15B70F1BFFAB59760B5E3B62D8B85AD60B47", "77E3B133711A229EE6F6FD193085A960ED9886D3E5BC54FAB473CB3C4E40D0AF", "77F5DCB1E0BCD22E1A01C754024118CCEE33D4EAB1613380889AAA70E477E4B8", "77FD7148F2FF3FB0EC4A37B376D636011D31307B28ADC907E7865C1EDEE4AD31", "788251FD7397EDDA8B4E4DF8AACBE1D142303877A23213E980EDE042998B46CF", "78A23A47DB00C0627D9DF05F678C808426D04DD0A8CCAE5E98BA35B0CF4A99EF", "790AEE8158E5072311EE0B1D8C1CACC2CAE27CA8C7B75F39AD990B40790CFB8C", "793630FB7FDADAF7CD108829F2AB10D62CA00AE8BF922A393F4236220B6A6A97", "79406287D1F95DEDF7E5162D35819D847D99014E6249D0AF48EAD233F66E3A75", "7A7E2C46981121C4848316714E17DE54302B583229BF30A2ABFE7599824726DC", "7AABFFD7EDE8A56FF3E63014903A8533BF0F07389F0D81F452A4D9AFF5CEB90B", "7AADA2BCD3C437AFA3C3E67E767F613AD2037CB02AF0E9FA64C7DFB2459A1AFC", "7AD0D7DF266CE4E3E8403D1010B4839400C3FF375189EB64CF4D3D9C52368CA5", "7AD1CBCFB3472545624BF7508154AF34ACF5C0947D6DECBFDE00AD65EDA83AEF", "7AF342C73CEC899AAC3DFA8CB3122E74F412366AD82DFA6E9D43B5BAEAC7042F", "7B05B840ACCC17A8D2E2D9B0FD2D6480FB03A9408D40E605B8310E82A4503F00", "7B358FD03090FF2A5BE1385C463564374DC703FD02050E3E51DA3537F113369F", "7B5FB804698B3D35AF883F3D831514AE33ED2DB1AD6280373A1A1F360CAE9AF9", "7BCA26BB8F608B43A4FC09B8EEF859621BA00CC22C5FAB8CD10873E324561C23", "7BE38BC9D9063F34BE9B8AEC73F5518E1D7B0EC8F35109DB2E64EBA48061A6DB", "7C541603826EE8F92E00EFCBD3D70DEFA61FC360840BE8817CA62874690580BC", "7C687A5C4DA5F147CCB651C24229AA31D311EBB13BB2DF3508D7A6085EF3DD7D", "7C9157E346AC79316DDB98434F0E33C3519FE79C9DBB12AEF05930DBF715E4B4", "7C9BDD06BF159B454C3BFD20226B34DBB4EE268B25DF4CDE9AE4899932DD2F00", "7CFD15481B10EF25CA2897D79DF5E964CCBF6F259DAF4C8B56677086A6FA579A", "7D00342863B1B28E48CA30E36FCA81958BC7DACB93ACE050ED87341D3933AD65", "7E0744D5936EDC5F018B0850D801B665D388060D6A81B986BC7AD81C9A78C0EE", "7E120392C6B27EF023444674C7B2E2BB0AF1032844B5941C3D340385D2344B0E", "7E3810136FEF61BFC79D395E6D31F652EA936DDF2169F22C131565764489E4C9", "7EFB522319684542D37BC81717D35991CE91F1752F5381EA6BFA2B84165FC89C", "7F074E985E9433293F83AAA7F6DAA1B51640BE0E9CE150599D1BBD7718BDB08F", "7F1C012CC641EF0CCDD9BC749B665F263D22200F5DA78D27932DB5F6F0D9433E", "7F3172D3AC15497495E8D152D9480F5F0B71D72CAA772AE212C49D27A7D8AAFB", "7F8C5B286D46F7C07594D83B9BEAA8FFE7516BE4B7A585530E218AC7EB0CDC1F", "7FF57F8C687DFEAA7896736CB92BCA5FB54A1D956C67B8D3A8E9D2F796362D4E", "807F02BF5D04D1D709B1D383A56D073A3E2ABB5E058B819FF145C9C80E083AF4", "80D27212499D67F701CC72B196F1D8059AE035E60A498A7C30BD5CE047D5419E", "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "814FC8CB9DBBB6A8CD4BD2D8967364ED3EC4E99ABF182A7BA06C028A20943BFF", "81AFE7A7E77FBF67E0FB38B33E6D43C83FAC543F760A4776D75FC9D2F390DF30", "81B7AB670BEFB05184D65FB2B143CF1FAA2DC34BCE94BEE24FDC24BCF2AAC684", "81C1E90B442C2A0414E332CFEC7A9AF52F07B9A1EB108BD38590638A55A2FA32", "81CA32E83D5CC6A54AEACFA3D9E973D455B176E2840001C827AA012A44356038", "81D5F6F41E5617EDA7FF694BBE43496FC48B7577BB4C9C238127ECCCB1D40118", "822CC9C8BD1EE60B7781E407E8AA84E822138B490540F81DABD8583D172551A0", "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "82936D00277BFB24D711DDE526D1CD366BD17ED7C68CDF976B86CBD7574AE2B5", "829888007050D9C11A7557C40DBAAED034B1097EC4A906EEC0D336ABDA0D0B50", "82F111DA136619957C28ACC4A614EF5DD69961C1045BA708EBE1093456E1BC86", "830F3C757BEAB0AE39DE0DC3A28E36C985538FC690FD1E8F8B51C62301F43387", "8343E9418889E0C118D423FFF70EEFCA49C5A897A2BE7161660C3B81899A5554", "8450E3844A56758A6756AAD90428DBE81790CEE3008B7F3BE6DC26A4C36196CB", "849571742FCE5CF0A2936D2E9A49C2731D5B368A888BD8CDC7379709C898A2DD", "84B9767DD7A78C0C9B3DE5B3A8C3B40CEF4B6327D1D273F478B76F150BC36FAF", "85A203AE5F731A8A23D151364A5CA4469848689E5B34009D9D63DA579273DAD0", "85BBE6E40D91A5BCFCD22B8339EFFD737F1DA713C1EB7F4E7F877D2EDB4B3E80", "85F78AD5EDA5D677569E84E9A00FE2C1134FBD7C41E0B4FDCB67A3048BCF23A2", "85FD47FE3A25DA6523738BD08DC1BA0B9A2E921DA9F3025CFB8AE5976AE08836", "86719F96062687F3EFB1066BAAB597BD841DA2A1607003995B0CBFFDC930A6C6", "8677F08636676A812666D9173BE281822A35EA2589B586A211824F7B588BD018", "867F57E644CA0B9EBAE8F6B4AF3E43E47039153C5F0CFE46A8DE2A9C5715A892", "868FA6DB6C0D6319E1B3081CCB6B4C3817A1853F87C138E75E8C43A455725423", "86BC382413D13FEC49BBCF5FC0129F8B83C058E0C0CDD0CFC599911E284C4FA7", "86D81D4FF071D7D46BB506C67EA7CE93C082F0DB66B01AA7474850EEE2C3CBD5", "870BEA847DD424799963E5867DAF74D2ED3D95FA2CBB891A7AF0D330D30A7BBC", "8714B27B18D765F1326AFEF2579AC2E5C4090BAD7C157B8A00E38F60DBABFAD3", "8740019E07D20644145884886F423212F696418E42B226B6F8C03245820CDE6E", "8742E3042F36F4F23664E3AAAAB8822540DBDF305594295C8E3981C648681AE4", "87657A9DBD35806BDD4EEC7812C124408FD879EE942483C003EF53DB247FE550", "8776FEDA4BF548B972219DEAA9137D6753C0BB6BD63258402F5068E288568FA1", "877DC5435C2CAACA85AAF999F8AF3AE3464E12D069C816B739BA5A9C79C5BF5E", "879386F682CC1455246FD7C829CF91A2F25AB2793DBAA6F53BDE7DB2B8771BF9", "88029D261CBBAB0BF017A811B9DCD6657EBCAE6A8420F5B3E198CCE04D0FAF4B", "88030D4F1517AC9EC8202290C87E6CA9AE0FE862783A643A8EA37C2CBB13C39A", "889AEF340E86A1FF8AE75CD323791BF93186173C5DCEC257F97767066CFAFD1D", "88CA564F4DDB0802DF0DABBB1B2D9B63B5E7F65C00DE5112D86A906BD37EFFFF", "891E5F0424A107621BE648D5F1576C607F7834B3BC114E0F945E5010BA70A9F3", "89289E9A98285CD79B0D3F1F025DD0EAA5E6629F7ADF333B9EF34FE380BACA0A", "89644963C09306BFED75F10E0E61B2E3DCF72B68045675FA54DF9219B54962E4", "8989A6FB77137900F56AD546B4C0C677072A5F5014F205D45B7B1B06BB2C3FA0", "899A7AB412C2C27CEA4E9A3F729848E994AE4603841DF3311214D7F6EA6B1BE5", "89ACD9F772F249B8C3461CAEACC63B4E64EE23BA141F53B980F09E35E1EFF2B4", "8A15D1E8F112C8BF244982A46F7FA76633640A0B46584686EA962563E7E5DB12", "8A198A4000C3B4F286371C54C95FE441200AA6A1683A30FB7D38DD6264700D60", "8A242C548ADF3E615FE6BA32C7E6F5B2DB8B1FA250ABF2329DC20A0FB32D3700", "8A25414E8FED9B3A34B56F03DDCF0BE180EB8F7764BA550EFFBCC83D0E7E8154", "8AEB61826548DDA949641863F93129FEE91E02DC3B949C9D6D3A111A2DF9A0BE", "8AF1EAAAF442835E1677369F8903EC8A857B4F2915891FC5F6BC69C9571BC493", "8B2AA49114B0E5F7D2BB4B82734BAD2524EA50B29A1FE570A4CBAEC23A3CFD3A", "8C2C4E2C0A521DE5440EB6823B48F550EFFAC9F2827DC45DF361442B5CC5D8BF", "8C722873CB01E09D72565830790CEA1A6C7CCFC546391C310640314E98FB432C", "8CA47CFDF8DDFB3E8B671DD9FF50F6B24D8CD89EE049307D284100CAA766C5C3", "8CD65E293EB47E0CBA5C0D0F22B1A987F38561C63CA622E0B8DF45C0546C2B9A", "8D1B1AA82D0BDDFEE37EA9AE5360AD4C6DD4C6EA3811B8ED14557DAE25A0EA03", "8D665301B18803AA4E00AFB5A3D842CD3A0E8810B93F62D1EBFA03754CB12F99", "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "8DAEC6BCDE7A61BCB818037C4AAA2835BC75563C598312914F7766E39155FAB3", "8DF694D8059F82DFBF8BE7B3EF5733B070C811CCA1869CD645CE6875E653E9D8", "8E737BF50E9E3A4AE166F3D6144E1F9A2D9378484192F76E8AC1BAFC288546A1", "8EB77F58C278C12E66BE4977443054DA647C9D7B147CA1276D2616C660497CF4", "8ED1CF98246B1BB39BBB907E1332BDBA42BA9E794B648D0BEC875EBAA967F66A", "8EE7DDBA05D33B836D8AF358160D9FD6C0D36E9D5DDB2CEB0BFC877DAC32340C", "8EFB8A654D3536DD4481500A7680D75E0B2A04D2F63C829CAE130B12A35D7ED3", "8F3EB917B7F8A33D3C9801ABDAF30FC37462F5C9450454A5A970C38AB31C00E0", "8F439D371F020F07BE9A6CE8CDFA373E8641695C767204EF55652E3E6187D4FF", "8F6CC64B7C1D182ABC7251BFF8924BA1D8B73224511670C7FF24148A5021A89B", "8FA526F1AF9369FC21493DBD2F17BC4B607E9A67C62AEC715D85396320F93F72", "8FC8252D06C92F29AE3C11FFC86B7FEAECBBB92836EFADAAE3D8D103F089FF6A", "901986F3574AAF8B9243FC01A9CD48E2FFE3FDD7022BBFF4780FA438EA048CF1", "90284591499066B48777BA7F0A369D6D77E1E66D9BA6B7B854E327D45FBE9674", "90BCD1F0409625338CF0C2E9F91661DFDAB827C3A2736621A217DFFB8F5F8094", "90CEF1E75C1775A1853126DD1E56AC94C337C70F31E9F5DDB6230C09D518C5D0", "90CF485116A952ADEC5B5A85E722DF33D1556D18AE9C7D1F5699712F4EB9F66A", "90F8E7FF4F6735CACCB238688BEAAB2D10A1B629EE426F970E49DA9D26642006", "918EC90267CF1760ED229DE75BD576095419855F5087F191C08D402ADF7504D9", "91B845209D0744CA773D8548DABAB49C996BFD20B099B9194CE3E64B0440CD97", "929D837DD9C3EA90C20AF84418A0A2BB1D61BFBA6F69A8B90EB5479898403F5C", "92C244BD15E0AC6C95C623B0974CEBA4601F56411F46EA0ECC54250192EF3D5C", "93103DADB47ECE291CD24302A51EE0EE88EEE2951FB5B11AFCC18EA14B53296D", "93434CBAD696C9A9ED21895A37DEBFA5D038B00FCEFA12E7E0728BBF81FC440A", "93AF3A0CB685837B7C985687A86604D2436D2B5919B3C105E801C3ADABAF8404", "93F5956C0571EC02D2231FA66A9130E61A7B245AF21B0A172B0D7E01DA91EA75", "94189492419361FC7A7C1F5B63D42432D69D205870923B5F38E59918284E387F", "942E8FACD0350ED3215EB9DD3629B360E18E87D3ABD165831163EDE9AAB16C21", "94740149BF6F0E09FE64342B9294E3BE708B2640CE112CA2C336C51C88B3BB18", "94B8BBE91B121A5FE024C2DD29E8B40D5F5F7CEC89EAB70193F1D14DAF7175F4", "94C8E395B6338085E8461409E580AA61C96EF8DD68BFF191D3C879615D5F2666", "951422AC4D34772C04D6974CCF33FA86CC1A3BB7B2E9AE9004E5656D9C947C24", "9548F3BD922C19C55E9391D4BACA8EA98682FB5BCA396DD8812365F4C30867A0", "957A69E77ED99F70661E5FD60BCA2DC90D289F2C92C4BBCFD18444E0316584F3", "958D3B4A5A0C1FD39CFF6BC608C4A1729951FA8F9C647E5838B8F638A26061A5", "9597A8DA413DEA047F25252B086CCCDA7543FCBC7042D730228D872AF048DEA1", "95CD62FEDAEA72A3108F90B80812DA1D38B9D58498C1F872BB283E27B2E4A609", "95EE9077B1626300D3C4C950694E5DC63243CBED3A6A1D802F0A6517315F33B7", "96D74959156BE072A37E89E21EBB49160CB0F9630EAAA5B17891951B12795532", "970356E4679ACAEE2E2C557020D6BE0C8471E248DD8661C70025539C53C75DC8", "9769C770CC5F50C55D8B2B70C37242E5C393D87DD8AF321023F41FB3EA5B27AE", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "97D67741319318E81054E38AD279FB564C39D7BF2F071B94561D66348CDD350B", "980C74262588952E961D4A584FDC91320DD47525AF6C0C50650D040478024A8F", "9836E5609B14B7E702DDD41ACB122C66D8826B9A6D2821CC01E483065FD374D7", "9898A3EC8BF1E9FC2EAA662543E6514CFB2C354F067BA2E9DD0CFAE333F8B99F", "98B644E3B04EE8FE2C9E432EE2AE371092A4DC595E254864C5B6EA44402447E5", "98C91A759DB95828CCF2E2922067EBE61B117F532F8DC9BB7A2EDC7439EFB9EC", "99126F9F2548EE2300C741A1541AAF9CD2E67330BBEEA99D1CCE5C23EA09B155", "9AB1E803E873C7A84CE99F66DE88AF1E8B46E7101BF649CF589989C1581AAA3B", "9B31CADA9E05358C442CE5FB3D1CDD8A91E5F0C2085CA1704F8E144AE651A6AA", "9B32B407F64E41668F3AB29B39E444D6C7ABA53FB15EA994831CA5D41D1D2F31", "9B660B8617E225EE7D2F0FBE75C900E17955D654A6DC9038425DA4C8A54818E4", "9BB137A2C15EDDA2FAD8099BF31EC43072DCB5CFA903CDC8CF3248DC677FE923", "9BBB794BF1DCF8660F8460268754D1A7E827EF26EEF07D631316C9EF5FC3CBDD", "9BC04820B3D2F340C08DC345180E3407C737F18117086BC346C786C231089084", "9BE1D889C1BD77682655EB00AA0EE21AA5C7CCAA1F93287BB788D1CFC12BBD77", "9BF2411F94565D037EB7A0C8E730CD82677085AFA272E92574A60997863E1DFF", "9C150ED76373D46E88CC8AEC3FE36F4C6A2BFCA957BBDAD87CBC236F6C95489D", "9C411B6B775BB46123848361880D8BC5AD57524CE692B5401AD2E0F29C629E53", "9CA00C2BDE957BF44B4329F0A3D80409AFD7AADC285DB1D955C3F0D67091FC5C", "9CBD9A7234F7A793D27359C8D5DA8A7B66D6BB97AC1B9BDEAFEE654F98A8C207", "9D2911791B9AC5B458B1E932EFC1D21306C19D8876A9C1C65DB4C334F47CEC57", "9D474CFA28D8B0313A49C799D05622C172F9872EA0EAE8F12773DAC4E1DEF768", "9D7527E9AE384387F197DF3C822BDCD79FB7BFDF6B43D9A2075894AAA6B80068", "9D75987588ECCEB544330F89FBC18B4A75DD9BE7578E7A378F22270D500ABD22", "9DD7EDEEE926F2A73DA62AD0656911BD45FF03DEA806B6094BC2BF78EA387892", "9E113648EBE5AB8A487BF4CB8374FA774657243D8C2194E0CED619D7E5512265", "9E1A73B7CEF0622B38C9FDA7811140992B55ACE9017230D1055BDC0453ED72C8", "9E2037D0ED805E7FDABABECE270D3847495DF96F9C8AEEC28AE11EB72ACC0F91", "9E2B2130333F7B296A139DA27C7C1DFF42D07DAB80C79514BA01F6BD2399CA84", "9EB7DFD9B3377D5C1FC48B4A080D561B3C1D73E4386FA7B1F26B97B2151E0B72", "9EB94D20553173042BE5382D9FA19B26AED576B6A644838D6147610FC259E165", "9ED959A552F1F1135D021720BFEF601A33E4FF298A735DCF0648EF0558E731A9", "9F66635E788451ECC29439A86EC4CAC24B9901A52995EBAB94DAB1E5A51715A6", "9FCE0DD976A0507FD063CE76E02267BEE62BD549711B9B36040EF0550A5B0065", "9FFDFB54E44522CD84C40BBA459137D1309CEEA5B8584327B536848DE4912ECE", "A03FF7B3B379AB60F7424610E27C0D76D93786CBEB2BC33BE680D0F3B6338F99", "A042347954AC9989F8870371F79CEE078081F394D5BEC142F670CEC80C56866E", "A07C9B7C7D5952E2BBD4C0874BEC859D77892E662D993098C91BDFD5CD4FF6ED", "A0C17B7FA23DBF1DC4FACFA7A00FFB9DEE0554664F67073C8C966AAD62F6C865", "A0EF1B53F76A87117F5A8C9A4208296020E4E538E12E58B3F85BF4F0ADDB481A", "A0F4D50333488A0E7047171B2CD4107DA8446CCF12638FBFE3B70E75C6BDA97F", "A18A9720C1D629ABCA693B2DEF0DBE3723F9496295BE0DB3D86261822B9D1D78", "A1EF9298714E6ED876FC447E879AE4AEF24B3BAE418A5BF1CCD587D6F1B0DF70", "A2457C3A7B20059C90A8B0A06C0058C69C62F582C42EE25EB0BD86681744A856", "A2781B54D3774AAFF964E87E993E9CD76FBD115EB4F950A94D040984D8575243", "A2924B4DE05BD5A9DE02BD29915404543555C0C4AAE9016A5C570D5EE0CB6EA6", "A330005D49E2DE9D5BB7AEB1FFF23C2CE2ECD165D6C58311145C72736B358907", "A34F8A2BB950E16F5F7EFA39DFEB254445E1AC4DF791FD7A07BF129351DAE57A", "A35FA27005C23B9D1D481239C977458BB789CDD7C2BFB93A90867A0F29F39E7F", "A37E43CE241CA136827071D65D84CAEB4C2B06D69E2817C2649277A110C5DC0A", "A4F91E36C4B372A0AAF3400EFA5B0CC73FDE22D1B3FB09A67E8FD163CFA6CC21", "A4FCE8E3BCD934BCB39BB24840A500F86B5AC6689347B5E7CEAE5B93595682B8", "A543E954AB7DF7CF33F468B97B00C6D58EAE36720E47DFDED3D3953FD05AB814", "A5681F729F28C250FF23C2C5EBBDC80244D85B4A5269BFE579C846E02438C673", "A56FA522DDDE05D0FBE7770A8966F444B556B47BB1C356EB1382E76BFC069A4A", "A58485ED1187EA4E51CA143194463C493EBEFDAF1129D1A7BD7970544FD73FC3", "A5BDBA48582E84D9D511148A7D6686E035238126382034F25D0DE3123B69FAB0", "A7091906DFD80052FAA8ED3478A61AFDFCE959988C96DE805466D167EAB989EC", "A770E87B78A1CE76903B4B233716D0607AFD01AE39801385CB61B30131C7ACC5", "A7B6EC86E36232803759DE6CD956C96BF5B78E69E2DC95CC64588E05C6352142", "A801C0134AF3AE69F120F9758CA8985C815F0984281741FDA5A847A1ACC66AFF", "A87D3B01BEB3628C5A4865D02456C6AE700642AF49B89B34D8697869591CCEC7", "A8B1328EDAD509E1D76C6016AE0790BC81F18C61790542709096AA8E663BAEC6", "A8F16316B1C438B37EB5F392BDC12A93DB340198F1A25F0861FF6F930EAD0A90", "A975355C6C98AF138FF9356F7F5CE174598E1020951A9A9022AE858ADC98F74C", "AA14C55AF4A5BFC3A22C9FAA8B34E0E1647B4C350DBEC1C6DC6BB8AF16DDF7F3", "AA95C3AD38FB6D8133F177B35A540DD767AA86B70DF1F1280E53600EF59FE92A", "AAB63CA611C91C086C2D2BC4EDEABC95ECFE557C5518B51036200FBBD8C29B34", "AAC849AB883A6C55ECAB5860F07EE8C6D9E4CF4BAC893FABE8AFA11D4B2018BE", "AAF2FA7FD15AE939038D6C9E7055E11E107021B36E7558072E05E05FEDB4E3D2", "AB9E1F618E295ED2016F2311EDD2F8570371E9C7D690FD62D71D7428FD71F423", "AC4054C2CE3C086ECE5EF6419F4530286C1A7CB58BD98D510916533489DBE94B", "AC5DE01326AFA37CBA7F799502684F57AF3D9271EC49734648DB7797522AF2E8", "ACCF7BEF92F82DFEFE6A3BDE9E388E5845EE6CBE3AA7C4BEEA8645B599E38714", "ACDFCA5E93908C1CC35E54B4EF854ED57BCD6CD2641A3590CD2418E8BCA917EA", "ACEE11276D8DE933A63412372A9C9AAFD627276A14118DFF83407EEBD68198C8", "AD2D1BB72A3325ADD36DC8FA4B81B33943A51B679A4516E62F9CA317E67EC93F", "AD961F35CE2C487DCCE9C46F4E4224806F225FC455B6731DCD6001602B048FF1", "ADB3D47731470A86897994096970F6CE62DA6CB151DF6B317B2BC4BBB99654CB", "ADBB2DE655A33A904B7E8B7ECF3F9EAFAC0866161D56E6F99E6CCD88E2DB4C7F", "ADD728E5D449CBF07369A825459DC66A69D20821E174CB138A2CD552C85EAFDA", "AE04C563BFD8D158A34D941FC591BA2027AA9CDF2814A2468DA20F6AF67AFEDE", "AE3C4922FF34B230979DF49C6AF3017B8592E55D70320E67E64A2C3DF656B94E", "AE413A41FDE54AC4D804F45C3B1313A6FDB6DDFD8F106CA5A8F1D05E8B3FD89E", "AE9FCFFF0398E144DDAD797967457B662931846E8FEE6194A2655AA5B730BCBC", "AEBA3AD29D7E718FADBDFA84BFFA3DB286A9BDDE2F7EC63A51E6E9EEFA5E7194", "AF0ED05937D76DB0E417FE7101E7E092E25F09251AB205CF7D97E0EE1A6575FF", "AF7602FA31D6499CCEA0B90364F0341F1379DF87CD2AD96A05C2831AEA8BB671", "AF80FEFC3FF07744C13EEFEBD8BAAD6BB446AD27FA062E18D36AEBCF5111019D", "B02898F5DB2F42071BF277510F68D2650C6DD60CF0E9459DC2212351C49BE536", "B090C42F93FE1359D0D7958D41C1D01C87BCCB93D2DC7A191B7CF10AAAC42251", "B0A45CB551A212004F67CB37E137C4F8BDE8F8943B137919DC68C8ADB0B15896", "B0BBC00C8CB691226CA012955ACC5DF18F87A448E1024EA4FF2C9176A206BFCE", "B0F5EA90A16C382ABB18380278DC12C3BED71998AF07430C33DC45B14E78C334", "B15CFC1790427A03210474F3A1B3A7F45B813747006D7B7E4D97A5CD5AD9DCEE", "B1A659C6C8209441203E37EC72E6D471F35C97F08054C1437B6033A940DBF266", "B1BEBB121F6231863F8FB87BA75E0DD5CB83B98AA90F4DD79077262DB784C1BA", "B236D3400A0C6106EC62C77931DC3654EEBAB6EEA563B3344ECFF477FD634E81", "B289AA045D2B01B73FDBE25E507FD618EF3E4B62BF6B440684808A182102EA50", "B29949757A6CDAE523547B0D31687449E15B0D5C20F9A32E9F098368496FA7CE", "B2A50DF3EC1594620E8A37ADF929CB730D5142281927CA3F2AE3C4F02F910D8B", "B2B33DC1DCAEC07D9F9164E0AD1390F5BFB58C4EE2BDF74B976625E39A9F5AF0", "B2EA2FBA4D280351FEA7F9EC1921C448D44F4D9EC613590A87A15467F7D34153", "B2EA977B3F4EB57EDC109A5C4807D5523AA4793DEF6E6716AD47E6F0253013C7", "B2EB5341A4922CC78EEC293411581B0B3440A61B7FBA77EFABBCFAF367D26418", "B348869423AD305EF06F6125D94B0E67CA250BD5CE95B618BA3D6BA8C942DBCD", "B3704579D97113B95701BC41533D74EE2551A14E349424FD39A5DA72948DA487", "B376697D94C07F1504F6F7CC76592D72B72271660B20A0E84E7E783B78E070E2", "B3DD0049FD7B99420B4A63E0C41797B3151DBE19CEAF6FF15A08AD1D83EE117F", "B4307BBCBC3DD291CCC612B78E3395FFE15AAD33019D4926B0AFCE945EA4DAF2", "B53107D22B9BB8364258839E231586601304C7667CB1C142114350369648B2B3", "B54C23AB6C2F4099543B14F5900252BB82DD7A923744D25CBFCED8DB2A18B38B", "B5B6C4769983441433B811EF3AAED6CFC993849D42BC924ECF1CCA5E34838148", "B5C2099CFF3357CBA3115D89DFD595C76C121CB993BED55588356890BC1E23D4", "B5DBD3C62D124A69AEE48B93397F5AE111C55F11529BC6153E7531A57892FB21", "B5F67701491BE8F8D050063E7249D9A858D16DF526B2CEC5D03DC4A6E1E10322", "B661B0438E88E8CDB0D4BD901FE6861511AA0E05853E89B58F30744224999717", "B66677A1BD8D9453D69C8E1A5746D71CC62D2A2637642EF06D24334BFCCFC701", "B6AA74EA99EECE9CC41B3D78500D5544DC95E9EE137B3C3E0A3E086BFDDB3728", "B6B48FFE7AB3EA28F6D01C68E4FE8FB3D7980289E53E0EDE8B69C25B2481EBDA", "B6D00124300BF2A156760B2727245A98C50567CA9268FBED9CFB102C3F92D101", "B6EBC8701CCD64D9EEAA77298F908890F7F39F36DE2671D50F47F6DA74BC09D0", "B70C9E6980463EEC68E10566B4D27E6DC8D97EBCAD158C0E75138FCC18A9AEDF", "B71D8A38EF6813768C64E2F786D3BCDE1D88ABBBE7859F3BECDE435E138034D8", "B71E0BF361A8070A23A3F1A12855E8451A139F411163CC699F31E14C71A1F3EA", "B743F2B64358162CAC36BE5E0DA1E910ECB0C247D356012C81C139C86EBD018B", "B7F4BCF65DF491688895B4FB198ADC71AA5257509A70F1E45DD1EE57F9850073", "B810CEED30AD5267543A02D3C0053BA8EF77FFA1864849FBAC26FC29B478A564", "B812D770D5313C7BE37CB4E928ED1042C22296FD500CC30DFA3CDF191C68E91F", "B84F7F4123A804A302C153F4A21C7E875F78002FC36F075753E6FFC93C24043D", "B8629798C0A7620E8722910704639F897428736B6273CD66CBC1FC799BBB38DA", "B86CEE37B83CD69883781CA56A5772F2BD6870EE4E45F936C2CEDF4BF127CD29", "B8C124EE4E419DE7F41A9CB0246E9FF21300C4C9A2734EF999830B9906B65133", "B8F24753CC425544F81E8F516B1773AF91578D96CF75ED8676C2A72A35B4ED3B", "B92A82EFA1D9EF1C9BDC42A9816F46CE358A5AC37253311C63063EAA26048AAE", "B9DC7F9EA8A7F598E977D6C4705A97293978D3EFC9B6C892C5C9242468160ABB", "BA2E0A813DA1DC5506DC4C9F26B5B9B30968F6D91F75A488F51AAA601F2CBCC0", "BA94F29D34B47AB849ACE2ECA6639B2684B79642CB80A82CD534A63C9C789BCB", "BAF13421FA6B7B5E144D2C8CC876CCAC9DB9A301E2A64CADB39C104B8B8413D6", "BB18FD7AA3642CF81192225A8B6D5255ED8F5BA8C4F9521ED9F05F5328585763", "BBD1373A8600487139D329F2FA19580348F9267EDE96F1D1EDBC5F565E2AC2A9", "BC0A5D5D94C1EBA76D855D4E181DD14C6CD2741D43FF62D5B47A7E5BE0038B26", "BC47BC83DFB0446E95F94A66A8E6C9CB03AFD9785A4EB4870512E680A2805B99", "BC56BBDCEBAF6A23E7C9C80CFBE8779EACC0B0F1692AE90EF664D0ED35A32362", "BCCAA86BCC3B16C9C58E1F4717449CC03D19E983B5D795C29B0F4F2B70C2296D", "BD73CB304818422172D48F1453A9EBB4A928DE6BC130FF8EE26D6D8B3208D65E", "BD977661318E062C3D7CD9489E8046FC2046332EE0DB7C799753E276CD8ECED7", "BE1D90D46087FC407A4CB944702D8CD919C25A04820AC587D6F32AD6B3AC799F", "BE23B6EB61158B6C5D8A3F7ECB1B1BACF3945E2C59C6B0EC8C9CE40126D53C99", "BE28B80282A36EB5AE12EA4346DFDEB6572CBBFD3F23A4A31E09F4406B8F71BD", "BEB18970367EBB6E07A13367585B540D2638687E014C50E4D2EB63571C902F19", "BED3DC99A05AE750F4F593EB125F4248D2818A07A4634FCC899E8A45EE49E86F", "BF295E4E73D383ACA415A13E3D54E052F5FE97D00D0F89345381AC192E3B77B5", "BF4171FFF49CC8203A49900BDC100D2C73B3101AEA612FC46C31E0A0163CDB26", "BFB04743F5ED4F07011A0F42666749C32EF21AA854F5A6CBD31A8FDB570BC98D", "C00BFBFBEBAEA6A9829FBC253F4426ECF1A2E32A56EC037ADB2C49E3351CE5B9", "C0349AAABFD1576263D75DDFC8EBEDBDBF9CBE04C997B8F00EF826B9D7C1793B", "C034F4A93C7986F86B5276634B82B774DA1796B9A2CC2371DA4859670D82233E", "C05B31D40D06F21208A8358C7924A938AE665661CE2F41C2128901882397FD3B", "C06037486063080DAF0903578E651F281F08105507F07A61B0292AD4FC96B7DB", "C068B8A2AB2B7E48544D2C63A4D6C93FBFB43DBC5DBA9FD09D18876430BED7C4", "C08849A00434A559EE1C5504DAE1CDDB28E9D46EDC400E95B2136AC317DFE7A3", "C09188422E375D87555AD9CA1FA83F4C9BE1D83604A0CF201B58FED83C84A3F1", "C0B9EFB7620DDADF64A6337F08A3FD9850EA987A61E547D63FDE5F9B05AF46FF", "C0BAD1C431F2B4E739BB3060AD777A585B1895B14110ACB28FAE581619333FE5", "C0BC1250C49C29390CF8AC6B8872B237162737B6D5DE2C395306410229DA6241", "C0BDB67449527274F6BF935813A76F827DBFB1EAD61444E49DD24177F6B0ABE0", "C0CB3BEAAF14BF74341A64481141D97936BAFD360C8A211237B222475CAD3948", "C1794395417F17DE1E2CADE4B2EFBF4B1F926109D610E78629E14E1176BB9952", "C1E2FB0E4C0095EEF95FDF6DD252D9C64C585A32D103F2FFC45F43EEFE58A58A", "C22253825FA485019FC06565D7E7D6C4103E0C10B6510212859354833FAEB242", "C222A8A891F504F40C914F8F66ABB73F5EF9BD26F781A02F39DE0DB06449374A", "C22CC0C04AA48102CB2EBEF5AD691FDAD7FE1267768536619BBE66401698B809", "C235CFFF27A892741B9F14C6F64B1B2F6E5317095BDB0210A748A1448839C8B1", "C246517FD5FC9B1778BB785CAC7D486CDCEA75F5110BBBA5A13F9E54060B3EE8", "C24FFCCB48F399A7C434277223E68A8D6539ECE42F14F764B1724FCC1CE8B425", "C25C7E098CECD3A2DD254002528446A9038B06E3C51A6C060E98E9B19625F97C", "C2B0F0577108B57CEDB5494BBCBCD19273E00DD8188BDB4AD7768611BF25F5EF", "C2D6F29054FFB056410CE1D3348427B6C8F3350992A5BC7838FB4A2522A0AC53", "C2E7B2FB82954B11A11B223CC0C7E98DDDEF0A0EECC58174B03028843424CC21", "C340BC82AF5721191278C55096E3531A109E480B231A32A6FA094DE56B33C4E2", "C47EE13A23F3B83DE3A1D8DAEA002028CC30CDC92FF2E310A9EED9450061D1D2", "C49F9160DFB35E4F2BD6FBE6B7D8620EEE46D6FDA5DF37C66A1619ACAB03A23E", "C50326F22AE5B1A52E9A64956D1CB8CFDEC3B08CAC81413723C4C38204E7B363", "C51F505B617080D28C33D6D7DB89417FD5A8D20FBECE880430A1601A0A52A3C7", "C5C15237572791588DF566E49D31588F440E9FBD88B21160897E2E745129891D", "C60289D204614CD6F487491D985F924542C108BE5DDA61A136A99A5BF2EE3F15", "C63F9049147CBF2ED4A200A30AAC47716B2DCF79A16C7EDB82A67B451E5E892D", "C65985541E4ED9B85BC4841AF3058555C1D04CA2A75B0CC7E7DD4B618F33AA02", "C6780300E3EFD7F6811EECD650C04D87FD052560A5F1FA302479AFF8AA4F7FDC", "C6E3B0D93DB2A48288F13023E714CAE420AECCE85E046684E6B390CDEA80F610", "C6E4AEFEE5F791D6BA7F85D718568FA1C86F351F261F9EE6B9D8BF03BE23F5E8", "C704FFEA15077DE26942F2436FB45452683E6AF7F0E6C375064F8E6841C6D73A", "C76EFBF0D3D0F60E228E7715D5DF48E931C5D7C581861A2601AF18536FBAA2F2", "C790361921BC008D56930CCB0C36767CED69C980F4E379ED61C8C52DE940A024", "C7BF9E3DE547E76D7B7B89B7E31D72468FCCCF0D24D3580B01C6BA30FC2F324D", "C7C90AE07B9F79A9EEF6608D4722926B0CCF2ECD1B095573CDC550F929B66111", "C7CA4AD457791E2D3B67B08D6D72EF50B8941E87682531AB2588997FF1A297D1", "C80170FAE7512B62E4673479961CB718244CFCF6A1208F745C7FAB97070967EE", "C8805CB7A9877952E3B667A528AE49619053A2D7DB5F1F65CA2C84C382A15EAE", "C8F07228CE6EA11FD7595ADDA080ECF3411E9E9AED2E42377E7478398CBDDE7F", "C9392554200379AD1B651B7062D43E6DE91F890D7B000CB90FEAC912B97F65E0", "C94FA5B814B5C8CED4EF0BD333AAC9F5F4C221953147AE5B04E4D5E1DF4F2621", "C9651BEAC41EDD3F2C78CE9C35DE10317651E35F8371DE39184A2BC4232E2552", "C9A1237F853C10DD49F9300C20A25EDA6289B39B880FDDB8C4E699C2AB58F531", "C9DE4845305DF0F83378929053ED892F37959591039ECF2D78BF547B6F112585", "CA196D8E7309CD4C651742361B0124EB0EF7B3B62C476D9D268854945B90F54E", "CA19F27B7B5D1CB15793BCCE486CDDED61422BB533553A14C7DE21B1CF23EC63", "CA22EB6E856EBA35EEBB4E26E9399464F4765FC62AB8D4A61DDCD6F4EFCCCD56", "CA3C9AADA39680360DAEA4E8792E1017895CFD055E35AC85B4646686615108DA", "CA7DBBCCBD71AD1A623C4962467CD43E2CA4803FF5C0BA37E1261ACAA93ED3EC", "CA9DCF531A11B03DA139506DC9F6319E49C554DF0F64E8DEC99E49C30FB2656F", "CADD0A9E8A680423FD0A81161E62A65738EA5B5EF30BB7A2C437B73EE05D82D8", "CAF4F131B056322632E184F88C392A4D4BD298973E16C03EB3C9150BCE36A230", "CB0135AB911F30D9436937FD90C15E22A61271E183234CBB7E0F2CCE44E471F0", "CB5D7F71D17ECC696F338176C315BFA7B891C3A411804F67CBBB09CA6CB23701", "CB6124223B6F8216BA9E92EAD6DAFC187E51AC4BEC28594EAEF38B28FCD5792F", "CB92DC1510EBC9060E44F55862FFB6CB81DD09F06428FE3EB248282A760D051A", "CBC2A9244197F2ACC0CF00342164A1A2CE3A5F6DB6AA0614CE31E04BB5A850FE", "CC048607DB70853C2594035A6AD586E8885DC42BE3F6CE9C55497A604FCD9780", "CC1D8AAEFE50F0FB92500CAD55C9A8F5621D015396E392D7A6BA4EEAF5EFC5EE", "CC2BF4CDFC047D62DD6D8207BD01D3CD777CFBDECB9C4428A2F95ED023E765B6", "CC52198AD3F23560953BF151D90349EF0CABE56DFE69CEF6329DB70160FB3AEE", "CC884D7545EAF7EDA51C13432F09122B80D4B32D671F35A2BBCE3653D0FA7AB8", "CCDFC99BF266F0BFA7C6D61E506C55A7C69DF48E852D065E407BD394CEB5F678", "CCF97B63EA4EA3C4DE199ACB904BF6B37E1A0FDEDEDEF9375E8720D1CA3098A8", "CCFD0AA6FE0B04D655CB682E840C88D56CFE6066B6B9B349560AFB2C6DFBCB00", "CD05FD886A2EEBEBC8288CF7600E32D99ABA0CAB60C447680C3E212BBC22FDF1", "CD77F9F94C8D605CD83922539A008664882C53D34E29A406159C1CE7F179C73D", "CD8271F1E3A620207AA3EAC35F944E1453EFEBC4728A88B9C3D9D0DA7F511F56", "CD847AA2D918F405653E96EDA503981783E0C61CC01DE2C7DF28C431A6B2E2AF", "CDB94CA626965B9D088A30CC94892ED8F65C363CD66792056D64C4BB135AE7F9", "CDCE7D9B0D1324E2DB3CB7C46DE676DC345FBAF9589F1EA321CD6E2FF4A566ED", "CE634A474346F31A4174E312A289793CE2DACF72F209DFC20790869F172EDD6E", "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "CEA8FEBEBD755E25CDC9DE7E215C4927313FC37724C74ECF67875E57EFC04C4B", "CED843D7D4246954CE05AFA7281A1AAFE1CB3941999D193D72B79F3086C39822", "CEF60AD20CB0AB9D5B4D09462D34BDC6009659176F9352CDDE3170E9D8AF536F", "CEFB2CDD169330DA5EC688A529952C2E9694D94C3E8E4A50C9011E9A9F7FD71F", "CF559782D8D987AC6A2B72B2105C5C5C353C469B886654114DB5D609A2ED753D", "D02871CB7E6D12ECC82CE98E5D1C92E08BB9FE8D99C34DD0487685D4579DFF16", "D054D1FB915BA204B059103047AE248EE28845425BAC252BCE0F9CFD4D129929", "D069D767BFDDACAF36F8AD8149748B1FB801641BF7495317DD2896BA6B1D2E26", "D0C8E5E0BEE4FABB79DB325BB83CABDE3FDAB4C4F1FED02D03D24818C3955365", "D12718515077CCEF9FB070673FFD93B20FAE758F70177261262BB3B04C7F8F8D", "D150682EF9FF403C35F28AC5DA53AD20574DBAB12EA934E2B1380D5F993369F1", "D194D58E0A1A30A0734C8FE6DA58EC7FC6797984D1E7201650FDE265591EEC82", "D1A84D9E4139E0E5EAEC68125880C03E8FC864F1916B7D4BBEF54ED7948F17C9", "D1B76E9C0807AFF3C4C5CFA9979BB4048EFFAB7333AF7D46C1242777AA703106", "D1CB85104D6425EADABAF28CF6CF9EB9A90389B1D6AFFC5FE976A773A70523CD", "D1EE65B724C053B8C531DB8F905A57DF1D402D875E50E3E22DD86A5856E65A9D", "D293A59B0A3C69FA4B0E63D871CB790DA9E261173F5D5B4BA6CE10AE624DD53C", "D2A8C45D22C5E13178B6FB7AC0806A276070B9610D455DB9839CFF431430E0CF", "D2C2FAA59189FC355096429F31F4AD0BE546851207D1F9D74226059031643143", "D2E5A8C7C268A524FD1AD59500D2BCB9D9ADCF3C9FC2AFF1B56387C821915241", "D34F3A00CADCEA279D5D3BD3FAEA45903471BBA9FB098A7926938588D21AF8B7", "D414FED16B358AD7FE6B00E67C7AA1DB43FD19DDFB901B5F7ABA9F0E20BEB6EC", "D44DAD9A740268D96FE352833C4362945D64432B368A6BC8582083AE3743FF24", "D45A76AF2A98F7B4236A9669709EBFE4DF22816ED2157AADB7F5CD85E86E3625", "D4605A3E4B82D75958E3F05D638BCF54E232D127187FF62B91A6419CC8738577", "D480A38A7712C84D266B19C13CDB65AF8265DF0829266A2BBDBE7B4DC7F24A2D", "D4DE68FE501751823A417AA7296DF55CDDF16A865C2E69A69A383DC4C7E151A4", "D501AA96184B435A2D60A8F803DC9159803C412606F9F51F17CA8F3DB64573EA", "D51F886DF649B193D2BF4BFCA1F548FB3C4B30713C8B0376CBF061D3C52C1959", "D52C2F73173A45D80C37B989C3B3A289CD1AE1DA6D666994F1F62181CAD31E04", "D52FD1BBE7FA27FE976654003C0573A802CFD49E8A9A57F5743855394D4F2F22", "D5C5DFB928D3CC7B088F76A6ADF5BFBF895DB47D921D9BD6471FE9C4911936FA", "D5C5E49BA15F237A9C5FF1FF98E73DDCDFCCB21B91C3951AB804C1DB3B85C7CB", "D5C784C851BFA51869BB7B33A60063A4D95B1E44B5B1B6882E1E4F09CBC87952", "D5F8A3BA57336D5F62EBAB5F06D1D880AA261067D1F9397FC2C96564014EBFBA", "D5FC186AFDC475BF1011609D51599D9F4054E10263C52218648C49E2D757DF13", "D6395D2D6B5869E811EA9694B8F6B4674311D48D75FD6EB988B80835DFF0E944", "D6955D99E5976A401F9755247E7EB4C913AE4768C44DF7E3605F555C364A06F7", "D70732F34B118191D39BB0A8B3F01D9E0CFAEED3DBAE17E06CA2D69D35B66B29", "D76879E8E9C0967E4A6B7FF8216C0847B633BB1DAC32CEE31E4544A60A45BA68", "D794EA27CA7E3FF8825CDCEFF3439F08F1C4C2B94C2E54C22629BF94087D371F", "D7EDBDD1AA8C38720CCAA0532E8A0938B3C0F41DA542DAAEA77BEAC40848B4DE", "D7F9450F29ECF1B72AB048E5A558968899E4BEE842C11773BFB39A006F5D7D3A", "D84A315927CDCC76EE52B7A8C46EBE9BAE83FFF61DD96BB0878488DEEB1F74F1", "D89289B9CECC2BB3FBC01DA874A32E880AA088E32097E6F810B1B31F53DEDE04", "D9172969D61CF2C2B1320CAD15CAF5A2806FCA9580D5A6E5A2E2C98FF12E2386", "D9796BED4A99D7BD7ED887217368BE5705A58E6AA2F835F4FEFBF0DBADDB1EC7", "D97E37A745DB2512107E87728912D2EFC89637D90ED73E2D6D8B5A58DAF46874", "D99368A75ACAE1BA071AB4642187D64BD6775A4C21AC3701A9903B0394B40C87", "D9B9D981E2A62588F5087326A67A7EAC7F3A4F7F9FB37FCEB48E18CC2D688183", "DA1E7781D4700A0491ACD37FC6E49B37B86DB5E3BBA04821EB8D3C4C2810BBD6", "DABA7DED974B2398189D6CD437940649E019A14178C8AB32F290EB35C8669636", "DABBBB295ACA413920B4C1690FE204BE1D6F8B7B3D23B4AE3AAA8785B384E1B1", "DB5C4843714C3B6FE6F22056DA72142411A13EE19DCE1AE7BD105B5606C46498", "DB7A8308D54D1553944435834CBC02035AE16404F635D99D721BB6312E42C062", "DB866DC8DC23646847AE5E9E25C02B2DF2A195A414B2734DCAA102E637957BAF", "DBEFE73D8EE59160B86C646BCEFECE402430694EEE042811C3A8536943F5878F", "DBF2F26BFFBFD90F0247DD552B8E739897923D08BC2C900AD70014B281C12E53", "DC05F94C20E54530B22A0F7C5D47B16BEB79F796391043B6D8D2F3934DA6C247", "DC7C4253F916EDED09A9719F885BD071B017505EFFB5F33BCAF27CAB375A5173", "DC8B783B9EAA31C03B1E404FC721223E232D2BB78FAD1F0FF5BCC2915BC8629E", "DCC57E54EF87CC61157387DECFC0C73BC796FC20B2EA4BC58B6CD80855EA11AD", "DCD796DE1A947454806F2895884984638159DBE1069CC9361C465D63D9525B4E", "DCE2F602EA1DB6B4E4F6D3A7B931347ABB1D8910B7288BA8403D0F714F79BCF6", "DD1762469C24D28E6B72FA1FE0D6967931119D06E18FC147ED4A2FC63628E6AE", "DD1E4FBBDF4FA000EDF2E286A05EA634208DB4377C6B455CD048AACE3C0B8023", "DD34B9BC3B107A1DC572E91FE164C11C4D3B050CFD5A53884C66DA680566DEB4", "DDDB0EC538898A52974C4252FCD95918B7867E2FD00314B217401791A102EEDF", "DE404AA525C1FE0D15C5E0BB1C558E6E2DD475D80854FC9EBDAC4C43E6B7EDC0", "DE8DC1A3515EA41A7B3B267CED1CF77818952F441753DB1CD74237A9ED38B4A2", "DEB516C480E10735755D77471A79005A7516B652F7E016ABDE8322175C9068B2", "DED1DE4F13AA0E54B43175C1EC27FB32BCA4029DA007A39C8EB2FFD8C728E974", "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "DF8C75A7209FA73A63D8544A7076F2E21CC90EB99D45D04545A8440EE7BF633A", "DFB9520142AEF336C06B3FA4B716521D110D5E99D9BC2A26A640109027CFE1FC", "DFF1640DBEB48B8BDF07B3856E1B96CFEE191A513A8879122CB35B6ECF091230", "DFF7FCFB6854CB64745DC71976E5EC99287C6D705A3F3CCA6FF7278B1CB27CD6", "E00401EAD1E8FA07BEF797242E248EBED86732FBED9CDFF58FA568A95B3B8172", "E01AE27864F5D21E9DE4882755AFD601FD4EE9EEF1B77AD913AFA5BAC1F8BF77", "E0938320CCB013E47595A62BDBF74A26D25B5F570373955951242210E6E43D0D", "E180E391C606694452D6653F47E92CB5ED0C4BF804E2799B94B1A61DC7735033", "E1E40432CA0CC7E3BA31D2A5158A26A6EDD294993548385EFB96B4BF7CC73DEC", "E1F44CA9BDCD8E821DF1FC5842567407D66A44C5F776B5F12426FB9421FED2EF", "E21F58CDC47030C2DD784162EB7B8FFCACCA9DA0FAFFAFC1997F1818F441EF03", "E27CF59C9E2E6C51C822E91F4392208E7D3759A654890A485CF9095C81FD8C05", "E2957241DF0185A99D147775C578113319A7FEAA89DDE258F97F007CFAE79E53", "E298AFAE6C10545EEFE2EDCB1E58ACEB81769C82FC173BB89206A046496B5501", "E2B86254D720126A86E0D868B69F73304F67BBA828605033D214DA145B7078F4", "E349C817CC286A0591D87EACAF1AC76FF2626F8CAB9B74BA655425B1BC519E5D", "E362EBCBEB18984C3F95A2E9B16F0D6BCB101E27F50F764417CF1574FE5064FC", "E402E850B0A0ED68CC8F489C032E2C82FE5593322F5A7B7BEECCB0FC6CA17FE9", "E461060590D781720F0454212934E2AC1050EBCDEBCE84B848039443AAA0BB48", "E4EE7C3382892145EB017B47963E97D1C4580A564B1C70863E0F5195DDA5B01F", "E51DDF73E3F5CD96B12560329D18889F698C09D96494E43FCCF428FEC32A1F2E", "E5806582B0DAC27F2443D35FC3FB403009E2DAF3AC951A21C42A0A61821276E2", "E5BBCEF719E615994F1B258C759E10E101CC12EE74BBCBA1AFE726D5AFF29509", "E61704116594C0F985783E8C47672E56C63608669278D655F6CFBF7DD604DA04", "E61FF499B7EFFD92A0884B1108A602A50283CF6842D88D47BD14A9C1F5EC2065", "E652AD074D4537242E4F6F6865F5497FE3BCB4D68389AAE0D3EB706D9D1DD1ED", "E6A1D8578C3ACFD51AC59D87ADEA0F1116C6A22E9D9F308EB8C06BA174CC303F", "E6E308B832AC05E97B5F889A49C195FFFA86E87E001AE567A0783BE8A2335B31", "E770426C773A28E3658881403D2134C1D9D229D7A593CFA26EA69AB99C9903ED", "E81A7F83DB6CCF845D1F68D53EE747616EC76CE62402276EDF7AF95B27DBBFDB", "E82145DFF4F21B28AB45809EEC4D2BB28EA706D3D92183ED7A043FA67C0B21A6", "E8347ACAF81B4BEE7BCA21CC0C47E2063445B19E9FA4E4431CEF5FAB5FF7AE86", "E8369E4F0706AD67E1935A667DD2E6F656DC66DBF75209AA618BDB625E1D75DA", "E8619CAB972FB579D412BA164CD6845C75165A7594BA815E36EFC8AF20FC4616", "E86571E167E5A4975D9779F360E0EF176043EDDE63B9A63DC8E057A6622B1210", "E8DD5E21B518DA7902DB9804703D30CD9E0094429BC64253AF65E2C642E1069F", "E8E3D041384B3A1C50DFC8E8DD6B7415911290515C88A2C292DAF367F018B0E7", "E8FD618902ED07C2AA4A3D6DCAB2828238ADC024F73527E4F6B2264A977C3FDF", "E97DB2C954E513038435D86F5C3DF2F3BC5F825BBBAEE200529899293BB6EC72", "E9905CC9750547514F6B9324A0DDB73BCB46385FFF4C6F776FD089DF9EA9AA8B", "E9B094875CD2B5848F6A36165BCA28995E5211182785709CC0C6718B4D22F6A8", "E9F3A90DA9806F4EB921B9D3B1386D06CBF6A6FC448F63739B13ABCC86AF0725", "EA309163E6ACE6113764011D3E3197FE1E69763FD0AC59DFE2E5D3923A09C474", "EA52924E34BCC16950981552A3FA767720FFB0ABD2C4348121C16E9BA6BD4C80", "EAAA1FF0E3B9E9518ED528D0D3AB6E603ABD22498FC360654BF5AFF8AB2D068E", "EB98986CD7A499E7B3FD4BC3A894075C76EE94CB629CBC03EF5AF9539CF021F0", "ECBF7E6796EA20DB32604144C1F5C387D94E458633E334BCB850DC2A3074CDD5", "ED03174EE315C44093FFE14B8A8A378A735CD4B9C7251ABBBD3B039C1F3A3365", "ED45B3D03432EA991E20FCFB7B9FD0CD25D3E1B834197F239D900E5975F863A2", "ED62C6A9130D805B355424183F2EB171EFE8C06E3395C0A786CA74FC0BAA7CD7", "ED7787E1F1D8E29D696FF55CABE7526F6688C3EA3DF141E45F1DE563704108CE", "ED9F7166CA202FBB1ADD92EED36739FD82AC9A77977822834C24101F8A3B7247", "EDF194595E4DDF2D5212BBE6177984A5CEC3384C34E3B4C469D642759E925D4E", "EDFA9D5968081EDE399774767050C178F730BD070533CFA73DE5F24F7E8E7A52", "EE2468CD17C505EFE46ACE480E96AF3AAC6DA75749FBAE6939594509060AB1FB", "EE3562F2436AE977B19689784E345CCDE7552541F8EFE79A721ED9EAEAFB7B04", "EE37479462F01037AB22B8458CF90E2CE68C1E4E010B90E5EDAE704DA0E61FEE", "EE5D3D8D2A3AEF2C4D0E5CA931E95DC501B8522880DA52B8623F408C65A83AC2", "EE5F9D378BF1AA88F64F93D2EEE2D42D28CE88FD1BA84A9CF23EBEC09C1F600D", "EE767F9EEED76E1E7A6FC85B28C5327A34900CC397BB24BACB771E57929F9C21", "EE8D3A0FEFA67706787A5BC66641D09B2650AEC307F61637154D7B7341BF2EB2", "EE9276B55CFEFD5C72532E7A9A6E8A80C73DBFBB1139B28E4BE8ABEAAF4FD18B", "EEAB729AB069E268DB36780B513ADACFEC53F68601D2A353817B53553B548A4E", "EEB59CE81E88B6CE10F98C4A8F591D138F5BEAC293A1860A47F8A0A043ECDD49", "EED315CBD3F5835D0CD99D03BCE07595A1CD915486F494A0D9279A24285F2639", "EED7ED86612FAEF9F63E54348F81A1C160DDDB83ED4BF292A6E7281AD00953CB", "EF0B8ABDDF0182AD0AB63DBD4F3EA0B3769B57CF195F94A299C8DFE53DDE410A", "EF57286A516F0C5BE749AD9831433F3235DFCD83984D4121E02165F46CE97652", "F0839A9BD9452AB3D46FC4E71D73386166709F03A04F9CBDBEF9A7630D6BE6A0", "F0AFFAB5446BEF6A6B346CA7237A1583252E55B1EA002352E7DFDFFB5796363C", "F0C3877D752C17A1CD2D84170C5FCE5CE151894177BE3AB9016871C4F50D0787", "F0C6BC6B6E0BCD2F79CA2CF94A9D9909AF0E9117B13EA219F0B9C650CC1C6C47", "F171D1A128ED9F033A8E4EB7F107F3B0F58ABA4074ACD771E59F004AAC676A0A", "F17F17388338ABFBD67080E32D9032234111B4BE5E374C8AD804AF7B8769BCC4", "F1ACA7677CBADD7EB2F77410BEC77A5BE4340E5609BD8EA49D889EC532D0AA0D", "F1DEFDA80AF9B0EC8C35A77C1709DF957B4AED3F06AB99EC107A50CF223F775D", "F1F8948FCA4076A4D9EA00C245C24C85026801B4C2D5FBD680238B70B9CC5217", "F26A213DBF860036B65F3839825B72230DF0A37E1A01D079519ACD5F3C31F332", "F283B6C62AB9CB295646875FBD04A9491AE444A407FCD0B315A89B1625C1D2EB", "F32B1574A2747460A8D5461AF166FA5CCA94DAD5EC0D9E6DD00C7C7101C5A6E0", "F3A0AF7D427E6AED8E40B3D19585D93D61954607EC55F8F1D3E4A633C68E5576", "F3C348E70E69502BD80DCA83824071B669A40263D5187580A96FCACCD506C61F", "F4188E3B827097B5726FE571691C7D8BDE2707668C61436452DE873879AB6FA6", "F4B9D71D3FABEC6658928AA2A337B66B863636EDAA889DCF19CDC196449826D5", "F4CA880341B94608CA96ABB2752E8B1E313AAF497D8551E7FBFF02076E793142", "F5C0798E51BF5B701DEBB1F6B10E14CF42295018D60692A5EB77BBD7DA4DDB9F", "F5E265A3E5B0E2665476645CE412430FD82D6F5D85968FC03F4FEF8CBBB8EDF7", "F634E3535D68125799D33C40A10A7B5DD9645D85373F041A1F7048DF1F65B94E", "F6767C574542B4E465C1E903532819CA3EF9CE5899C021F7E5B01E6F7C45A70F", "F6DC0090ED0B3C6EA62660039C43CE3E36BB21F202B75E33E7078DA4816162F1", "F7283916CCF52A7D897ACED313AACEF7E287BA7117F4BB159BB1B33294EC2F1C", "F745D009EF3FE6831CECA9A1D44514DBC86EA321DB5659536F06E0B84BF5D5E9", "F75806AF51F262CD91F3E2017F6775AF7816B8E15289C5596B33856B18979E5B", "F7A2FB1095724C0FC9ADDAC98FFF309E356E8ECDDB49CA432AA4F24FB5F4FA6D", "F7AD54C2CC19ACF4B0223D6C71CA321FF12E2DBC73D27A881E1EE8090F4766EB", "F7AE7D9F7AAA61950FB3CCFA12A691E76A633659E46F7DEB436BF225F4D2F6F7", "F7B0F41A9554E301160EFC5535E817D656638E60F300D17F359C5D0DFB4A3640", "F84FB8B0773598F78827E1ADB3A6A9D22608CC8C5ED5056206B7967240EF65A8", "F857A1C2BD207670B6BC0B637DD08B52D3617D5E57D2344235323B1F03A6911F", "F895BAAED2A6FCD28E65EA4AF5A92641920AF9737BDF81AAEFFF1315ABCEA09F", "F9943ADA0663015067EA36E899C2565FE2DDD09CF448A601798637A861E0D92B", "F9AD06C50230E8ABAA815E45C597EF41D173AE23406424AB72607082C827072B", "F9B9FA76088746728A20A47D0AE0E31B998E3708D7A74FF2B4B71AEEFD5E2069", "F9EBF3A6DB0C83634163AB1D241CE2F77FF0D4D0D0F434D365754379F2929370", "F9ED99C3F4B2D868A3826BA34135EFCC7EF1978329C535488F23E6CF98DA913D", "F9F3B4261A18C4DCE8B16610FB2521F9D859E86F8EE3010A1231A24FF23D52DB", "FA0EB7A3587533C5F011BB310568B892891B2BB789186F309C8FB944D26E61B1", "FA48F62E2F5783F3CABC5A76766A828B81C059C212D573DFEAE20DCDB15D2FAF", "FA83FA96638ECCC5FE0B2EBECF79AB927D4E143A6B5A6C196A3C14EDCF9E66C3", "FAA38AF74C1A2B1E166FBB1639024133E32ACCE097581A2B5D900BBDB44B08A7", "FAF4819550E7A8584B5E4D2926F986E20A054C53B68AC92C19B46F0F64FD4057", "FB0FED96F844946FA916BA96FE69D8FC255DE30F14533A361ECDC4784137B093", "FB1EF057645CD6C66B67DB30B94D4510D250282D407B58DA9A74BC13D66607E8", "FB2510ED4A5C005DB02475B1EDEA3395FA7B2D514DC6415C30E7661A2D9EA587", "FB461B8C9ADB1C603244A48769C1093934CEEACD9657516CFA0EDB341ACAA317", "FB50FC72D1ADF03C64135E473D71F8FDDDF0FBB202D69511A7EA94874CC168D1", "FB560ADAD8B8B7DC96C7D8C44896E1B02161FC3E60AF0D61C67F028B73A7B908", "FB7B2826853A6CC1030773078566846653AB764C17AD1202D6C43D2C1ACE6068", "FBAAC6957F352AD1DB4C448D2EB85F9948B845DD6E5B52C5039A57047DA68C43", "FDE6500490C37F84426E1A226E3FA6011785039410CC7854F07C25294831EF00", "FDEE9E01E031FC60EEE159972E198CED45F49D69002CB877DA62B3D2C1C0494A", "FE41D51565A7C29318454F190AB01F8C605657AA11B2779B531DFD8882C0462D", "FE54CFE937F2DA5795DDD68480E564629351A0806639F2A5F33EDAE216E03FD1", "FE5A75E2674E3A954976CA7480FE30450BFC40F47930B14A81EBD11A3AB87FD2", "FE682ECFC10CBB3EA19CC98A95397F776F34168220DD72550FAE4CF5E216A9CC", "FEAF0BB5153532B94D01FECEB863D6B2ED416A8AF5E46EF4D99B555860C882EC", "FEC8232906D5E0EDBA8A4F328F694BF10D9BB2DBA200DA4D22E92231EBDBB517", "FEE6EC0B73ED9775B73ABBAC77CFAD7CF021EEADE10C31C04CBACE45F6BFC8EF", "FEE6EDC9E02CF6D581A650ED63602B693976C641B83A550FE8E80D3C6A74AAB6", "FF0706D1717B671B92E31E7E2BABF67FAFC9F15755AE0E25ABB0181A2CAA32F5", "FF3F29668BE4D6882AF3E5839478943112087112E84607128EAD1ECE117A1F67", "FFF1414315350598A8A6CE2454488CEB6A6744EC626EE6D1B67444FD1CE73AAB"]}, {"type": "ics", "idList": ["ICSA-21-336-06", "ICSA-22-055-02"]}, {"type": "kaspersky", "idList": ["KLA11520", "KLA11582", "KLA11584", "KLA11641", "KLA11646", "KLA11753", "KLA11867"]}, {"type": "mageia", "idList": ["MGASA-2019-0001", "MGASA-2019-0241", "MGASA-2019-0302", "MGASA-2019-0354", "MGASA-2019-0399", "MGASA-2020-0001", "MGASA-2020-0069", "MGASA-2020-0182", "MGASA-2020-0309", "MGASA-2021-0153"]}, {"type": "nessus", "idList": ["AL2_ALAS-2019-1246.NASL", "AL2_ALAS-2019-1268.NASL", "AL2_ALAS-2019-1269.NASL", "AL2_ALAS-2019-1316.NASL", "AL2_ALAS-2019-1372.NASL", "AL2_ALAS-2020-1387.NASL", "AL2_ALAS-2020-1395.NASL", "AL2_ALAS-2020-1396.NASL", "AL2_ALAS-2020-1403.NASL", "AL2_ALAS-2020-1406.NASL", "AL2_ALAS-2020-1410.NASL", "AL2_ALAS-2020-1421.NASL", "AL2_ALAS-2020-1424.NASL", "AL2_ALAS-2020-1456.NASL", "AL2_ALAS-2020-1464.NASL", "AL2_ALAS-2020-1491.NASL", "ALA_ALAS-2019-1268.NASL", "ALA_ALAS-2019-1269.NASL", "ALA_ALAS-2020-1330.NASL", "ALA_ALAS-2020-1344.NASL", "ALA_ALAS-2020-1345.NASL", "ALA_ALAS-2020-1354.NASL", "ALA_ALAS-2020-1365.NASL", "ALA_ALAS-2020-1434.NASL", "AMAZON_CORRETTO_11_0_4_11_1.NASL", "AMAZON_CORRETTO_11_0_5_10_1.NASL", "AMAZON_CORRETTO_11_0_6_10_1.NASL", "AMAZON_CORRETTO_11_0_7_10_1.NASL", "AMAZON_CORRETTO_11_0_8_10_1.NASL", "AMAZON_CORRETTO_8_222_10_1.NASL", "AMAZON_CORRETTO_8_232_09_1.NASL", "AMAZON_CORRETTO_8_242_07_1.NASL", "AMAZON_CORRETTO_8_252_09_1.NASL", "AMAZON_CORRETTO_8_262_10_1.NASL", "CENTOS8_RHSA-2019-1816.NASL", "CENTOS8_RHSA-2019-1817.NASL", "CENTOS8_RHSA-2019-3134.NASL", "CENTOS8_RHSA-2019-3135.NASL", "CENTOS8_RHSA-2020-0128.NASL", "CENTOS8_RHSA-2020-0202.NASL", "CENTOS8_RHSA-2020-1514.NASL", "CENTOS8_RHSA-2020-1515.NASL", "CENTOS8_RHSA-2020-1644.NASL", "CENTOS8_RHSA-2020-1840.NASL", "CENTOS8_RHSA-2020-2970.NASL", "CENTOS8_RHSA-2020-2972.NASL", "CENTOS_RHSA-2019-1810.NASL", "CENTOS_RHSA-2019-1811.NASL", "CENTOS_RHSA-2019-1815.NASL", "CENTOS_RHSA-2019-1839.NASL", "CENTOS_RHSA-2019-1840.NASL", "CENTOS_RHSA-2019-3127.NASL", "CENTOS_RHSA-2019-3128.NASL", "CENTOS_RHSA-2019-3136.NASL", "CENTOS_RHSA-2019-3157.NASL", "CENTOS_RHSA-2019-3158.NASL", "CENTOS_RHSA-2020-0122.NASL", "CENTOS_RHSA-2020-0157.NASL", "CENTOS_RHSA-2020-0194.NASL", "CENTOS_RHSA-2020-0196.NASL", "CENTOS_RHSA-2020-0541.NASL", "CENTOS_RHSA-2020-0632.NASL", "CENTOS_RHSA-2020-1506.NASL", "CENTOS_RHSA-2020-1507.NASL", "CENTOS_RHSA-2020-1508.NASL", "CENTOS_RHSA-2020-1509.NASL", "CENTOS_RHSA-2020-1512.NASL", "CENTOS_RHSA-2020-2968.NASL", "CENTOS_RHSA-2020-2969.NASL", "CENTOS_RHSA-2020-2985.NASL", "DEBIAN_DLA-1492.NASL", "DEBIAN_DLA-1798.NASL", "DEBIAN_DLA-1831.NASL", "DEBIAN_DLA-1879.NASL", "DEBIAN_DLA-1896.NASL", "DEBIAN_DLA-1932.NASL", "DEBIAN_DLA-1943.NASL", "DEBIAN_DLA-2023.NASL", "DEBIAN_DLA-2030.NASL", "DEBIAN_DLA-2111.NASL", "DEBIAN_DLA-2128.NASL", "DEBIAN_DLA-2135.NASL", "DEBIAN_DLA-2179.NASL", "DEBIAN_DLA-2193.NASL", "DEBIAN_DLA-2270.NASL", "DEBIAN_DLA-2325.NASL", "DEBIAN_DLA-2638.NASL", "DEBIAN_DSA-4452.NASL", "DEBIAN_DSA-4485.NASL", "DEBIAN_DSA-4486.NASL", "DEBIAN_DSA-4539.NASL", "DEBIAN_DSA-4540.NASL", "DEBIAN_DSA-4542.NASL", "DEBIAN_DSA-4546.NASL", "DEBIAN_DSA-4548.NASL", "DEBIAN_DSA-4605.NASL", "DEBIAN_DSA-4621.NASL", "DEBIAN_DSA-4662.NASL", "DEBIAN_DSA-4668.NASL", "DEBIAN_DSA-4734.NASL", "EULEROS_SA-2019-2097.NASL", "EULEROS_SA-2019-2098.NASL", "EULEROS_SA-2019-2105.NASL", "EULEROS_SA-2019-2216.NASL", "EULEROS_SA-2019-2218.NASL", "EULEROS_SA-2019-2245.NASL", "EULEROS_SA-2019-2254.NASL", "EULEROS_SA-2019-2263.NASL", "EULEROS_SA-2019-2264.NASL", "EULEROS_SA-2019-2374.NASL", "EULEROS_SA-2019-2430.NASL", "EULEROS_SA-2019-2460.NASL", "EULEROS_SA-2019-2464.NASL", "EULEROS_SA-2020-1061.NASL", "EULEROS_SA-2020-1062.NASL", "EULEROS_SA-2020-1063.NASL", "EULEROS_SA-2020-1110.NASL", "EULEROS_SA-2020-1111.NASL", "EULEROS_SA-2020-1221.NASL", "EULEROS_SA-2020-1274.NASL", "EULEROS_SA-2020-1307.NASL", "EULEROS_SA-2020-1395.NASL", "EULEROS_SA-2020-1581.NASL", "EULEROS_SA-2020-2146.NASL", "EULEROS_SA-2020-2249.NASL", "EULEROS_SA-2020-2352.NASL", "EULEROS_SA-2021-1078.NASL", "EULEROS_SA-2021-1309.NASL", "EULEROS_SA-2021-1310.NASL", "EULEROS_SA-2021-1805.NASL", "EULEROS_SA-2021-1806.NASL", "EULEROS_SA-2021-1877.NASL", "EULEROS_SA-2021-2300.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "EULEROS_SA-2021-2758.NASL", "EULEROS_SA-2021-2785.NASL", "F5_BIGIP_SOL15320518.NASL", "FEDORA_2018-1B7B0AD759.NASL", "FEDORA_2018-D29BE920DC.NASL", "FEDORA_2019-79B5790566.NASL", "FEDORA_2019-99FF6AA32C.NASL", "FEDORA_2019-9AB7EE6309.NASL", "FEDORA_2019-AE6A703B8F.NASL", "FEDORA_2019-B171554877.NASL", "FEDORA_2019-BCAD44B5D6.NASL", "FEDORA_2019-C96A8D12B0.NASL", "FEDORA_2019-D15AAC6C4E.NASL", "FEDORA_2019-D51641F152.NASL", "FEDORA_2019-DA0EAC1EB6.NASL", "FEDORA_2019-FB23ECCC03.NASL", "FEDORA_2020-21CA991B3B.NASL", "FEDORA_2020-508DF53719.NASL", "FEDORA_2020-5D0B4A2B5B.NASL", "FEDORA_2020-93CC9C3EF2.NASL", "FEDORA_2020-A60AD9D4EC.NASL", "FEDORA_2020-E418151DC3.NASL", "FREEBSD_PKG_10E3ED8ADB7F11EA8BDF643150D3111D.NASL", "FREEBSD_PKG_21D59EA3855911EAA5E2D4C9EF517024.NASL", "FREEBSD_PKG_9E0C6F7AD46D11E9A1C7B499BAEBFEAF.NASL", "FREEBSD_PKG_A6CF65AD37D211EAA1C7B499BAEBFEAF.NASL", "FREEBSD_PKG_BD159669080811EBA3A40019DBB15B3F.NASL", "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "FREEBSD_PKG_D70C9E18F34011E8BE460019DBB15B3F.NASL", "GENTOO_GLSA-201911-04.NASL", "GENTOO_GLSA-202006-22.NASL", "GENTOO_GLSA-202008-24.NASL", "GENTOO_GLSA-202101-19.NASL", "GENTOO_GLSA-202209-15.NASL", "IBM_JAVA_2019_07_01.NASL", "IBM_JAVA_2019_07_16.NASL", "IBM_JAVA_2019_10_15.NASL", "IBM_JAVA_2020_01_01.NASL", "IBM_JAVA_2020_01_14.NASL", "IBM_JAVA_2020_04_14.NASL", "IBM_JAVA_2020_07_14.NASL", "JFROG_ARTIFACTORY_6_23_0.NASL", "JFROG_ARTIFACTORY_7_10_1.NASL", "JIRA_8_22_0_JRASERVER-73244.NASL", "MACOSX_VIRTUALBOX_6_0_14.NASL", "MCAFEE_EPO_SB10332.NASL", "MYSQL_5_6_47.NASL", "MYSQL_5_7_27.NASL", "MYSQL_8_0_19.NASL", "MYSQL_ENTERPRISE_MONITOR_8_0_23.NASL", "NESSUS_TNS_2019_02.NASL", "NEWSTART_CGSL_NS-SA-2019-0175_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0178_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0210_JAVA-1.7.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2019-0213_JAVA-1.8.0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0011_APACHE-COMMONS-BEANUTILS.NASL", "NEWSTART_CGSL_NS-SA-2020-0017_JAVA-1_7_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0022_JAVA-1_8_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0048_JAVA-1_7_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0051_JAVA-1_8_0-OPENJDK.NASL", "NEWSTART_CGSL_NS-SA-2020-0100_APACHE-COMMONS-BEANUTILS.NASL", "NUTANIX_NXSA-AOS-5_10_10.NASL", "NUTANIX_NXSA-AOS-5_11_2_1.NASL", "NUTANIX_NXSA-AOS-5_11_3.NASL", "NUTANIX_NXSA-AOS-5_15_3.NASL", "NUTANIX_NXSA-AOS-5_16_1.NASL", "NUTANIX_NXSA-AOS-5_16_1_1.NASL", "NUTANIX_NXSA-AOS-5_17.NASL", "NUTANIX_NXSA-AOS-5_17_1.NASL", "NUTANIX_NXSA-AOS-5_17_1_3.NASL", "NUTANIX_NXSA-AOS-5_17_1_5.NASL", "NUTANIX_NXSA-AOS-5_18.NASL", "NUTANIX_NXSA-AOS-5_18_1.NASL", "OPENJDK_2019-07-16.NASL", "OPENJDK_2019-10-15.NASL", "OPENJDK_2020-01-14.NASL", "OPENJDK_2020-04-14.NASL", "OPENJDK_2020-07-14.NASL", "OPENSSL_1_0_2T.NASL", "OPENSSL_1_1_0L.NASL", "OPENSSL_1_1_1D.NASL", "OPENSUSE-2019-1399.NASL", "OPENSUSE-2019-1912.NASL", "OPENSUSE-2019-1916.NASL", "OPENSUSE-2019-2058.NASL", "OPENSUSE-2019-2158.NASL", "OPENSUSE-2019-2189.NASL", "OPENSUSE-2019-2268.NASL", "OPENSUSE-2019-2269.NASL", "OPENSUSE-2019-2557.NASL", "OPENSUSE-2019-2565.NASL", "OPENSUSE-2019-2687.NASL", "OPENSUSE-2020-113.NASL", "OPENSUSE-2020-1175.NASL", "OPENSUSE-2020-1191.NASL", "OPENSUSE-2020-147.NASL", "OPENSUSE-2020-1893.NASL", "OPENSUSE-2020-2048.NASL", "OPENSUSE-2020-2083.NASL", "OPENSUSE-2020-757.NASL", "OPENSUSE-2020-800.NASL", "OPENSUSE-2021-221.NASL", "ORACLELINUX_ELSA-2019-1810.NASL", "ORACLELINUX_ELSA-2019-1811.NASL", "ORACLELINUX_ELSA-2019-1815.NASL", "ORACLELINUX_ELSA-2019-1816.NASL", "ORACLELINUX_ELSA-2019-1817.NASL", "ORACLELINUX_ELSA-2019-1839.NASL", "ORACLELINUX_ELSA-2019-1840.NASL", "ORACLELINUX_ELSA-2019-3127.NASL", "ORACLELINUX_ELSA-2019-3128.NASL", "ORACLELINUX_ELSA-2019-3136.NASL", "ORACLELINUX_ELSA-2019-3157.NASL", "ORACLELINUX_ELSA-2019-3158.NASL", "ORACLELINUX_ELSA-2020-0122.NASL", "ORACLELINUX_ELSA-2020-0128.NASL", "ORACLELINUX_ELSA-2020-0157.NASL", "ORACLELINUX_ELSA-2020-0194.NASL", "ORACLELINUX_ELSA-2020-0196.NASL", "ORACLELINUX_ELSA-2020-0202.NASL", "ORACLELINUX_ELSA-2020-0541.NASL", "ORACLELINUX_ELSA-2020-0632.NASL", "ORACLELINUX_ELSA-2020-1506.NASL", "ORACLELINUX_ELSA-2020-1507.NASL", "ORACLELINUX_ELSA-2020-1508.NASL", "ORACLELINUX_ELSA-2020-1509.NASL", "ORACLELINUX_ELSA-2020-1512.NASL", "ORACLELINUX_ELSA-2020-1514.NASL", "ORACLELINUX_ELSA-2020-1515.NASL", "ORACLELINUX_ELSA-2020-2968.NASL", "ORACLELINUX_ELSA-2020-2969.NASL", "ORACLELINUX_ELSA-2020-2970.NASL", "ORACLELINUX_ELSA-2020-2972.NASL", "ORACLELINUX_ELSA-2020-2985.NASL", "ORACLE_BI_PUBLISHER_APR_2020_CPU.NASL", "ORACLE_E-BUSINESS_CPU_APR_2021.NASL", "ORACLE_E-BUSINESS_CPU_JAN_2022.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_APR_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_CPU_JAN_2021.NASL", "ORACLE_ENTERPRISE_MANAGER_JUL_2020_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_APR_2019_CPU.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JAN_2020_CPU.NASL", "ORACLE_JAVA_CPU_APR_2020.NASL", "ORACLE_JAVA_CPU_APR_2020_UNIX.NASL", "ORACLE_JAVA_CPU_JAN_2020.NASL", "ORACLE_JAVA_CPU_JAN_2020_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2019.NASL", "ORACLE_JAVA_CPU_JUL_2019_UNIX.NASL", "ORACLE_JAVA_CPU_JUL_2020.NASL", "ORACLE_JAVA_CPU_JUL_2020_UNIX.NASL", "ORACLE_JAVA_CPU_OCT_2019.NASL", "ORACLE_JAVA_CPU_OCT_2019_UNIX.NASL", "ORACLE_JDEVELOPER_CPU_JUL_2021.NASL", "ORACLE_MYSQL_CONNECTORS_CPU_JAN_2020.NASL", "ORACLE_NOSQL_CPU_APR_2021.NASL", "ORACLE_OATS_CPU_JUL_2019.NASL", "ORACLE_OATS_CPU_JUL_2021.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_APR_2020.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_OCT_2019.NASL", "ORACLE_PRIMAVERA_P6_EPPM_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_APR_2019.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_OCT_2019.NASL", "ORACLE_RDBMS_CPU_JUL_2020.NASL", "ORACLE_SECURE_GLOBAL_DESKTOP_JAN_2020_CPU.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2019.NBIN", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2021.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_JAN_2021.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_OCT_2019.NBIN", "ORACLE_WEBCENTER_SITES_JUL_2019_CPU.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2021.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JAN_2021.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_JUL_2020.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_OCT_2020.NASL", "PHOTONOS_PHSA-2019-1_0-0250_OPENJDK.NASL", "PHOTONOS_PHSA-2019-1_0-0252_OPENSSL.NASL", "PHOTONOS_PHSA-2019-1_0-0255_OPENSSL.NASL", "PHOTONOS_PHSA-2019-2_0-0173_OPENJDK8.NASL", "PHOTONOS_PHSA-2019-2_0-0177_OPENSSL.NASL", "PHOTONOS_PHSA-2019-3_0-0032_OPENSSL.NASL", "PHOTONOS_PHSA-2019-3_0-0033_NXTGN.NASL", "PHOTONOS_PHSA-2019-3_0-0035_OPENJDK8.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK.NASL", "PHOTONOS_PHSA-2020-1_0-0290_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-1_0-0310_OPENJDK.NASL", "PHOTONOS_PHSA-2020-1_0-0310_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0235_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0235_OPENJDK8.NASL", "PHOTONOS_PHSA-2020-2_0-0265_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-2_0-0265_OPENJDK8.NASL", "PHOTONOS_PHSA-2020-3_0-0083_OPENJDK8.NASL", "PHOTONOS_PHSA-2020-3_0-0084_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0119_OPENJDK11.NASL", "PHOTONOS_PHSA-2020-3_0-0119_OPENJDK8.NASL", "REDHAT-RHSA-2019-1810.NASL", "REDHAT-RHSA-2019-1811.NASL", "REDHAT-RHSA-2019-1815.NASL", "REDHAT-RHSA-2019-1816.NASL", "REDHAT-RHSA-2019-1817.NASL", "REDHAT-RHSA-2019-1839.NASL", "REDHAT-RHSA-2019-1840.NASL", "REDHAT-RHSA-2019-2494.NASL", "REDHAT-RHSA-2019-2495.NASL", "REDHAT-RHSA-2019-2585.NASL", "REDHAT-RHSA-2019-2590.NASL", "REDHAT-RHSA-2019-2592.NASL", "REDHAT-RHSA-2019-2737.NASL", "REDHAT-RHSA-2019-2935.NASL", "REDHAT-RHSA-2019-2936.NASL", "REDHAT-RHSA-2019-2937.NASL", "REDHAT-RHSA-2019-3044.NASL", "REDHAT-RHSA-2019-3045.NASL", "REDHAT-RHSA-2019-3046.NASL", "REDHAT-RHSA-2019-3127.NASL", "REDHAT-RHSA-2019-3128.NASL", "REDHAT-RHSA-2019-3134.NASL", "REDHAT-RHSA-2019-3135.NASL", "REDHAT-RHSA-2019-3136.NASL", "REDHAT-RHSA-2019-3157.NASL", "REDHAT-RHSA-2019-3158.NASL", "REDHAT-RHSA-2019-4109.NASL", "REDHAT-RHSA-2019-4110.NASL", "REDHAT-RHSA-2019-4113.NASL", "REDHAT-RHSA-2019-4115.NASL", "REDHAT-RHSA-2020-0006.NASL", "REDHAT-RHSA-2020-0046.NASL", "REDHAT-RHSA-2020-0122.NASL", "REDHAT-RHSA-2020-0128.NASL", "REDHAT-RHSA-2020-0157.NASL", "REDHAT-RHSA-2020-0159.NASL", "REDHAT-RHSA-2020-0160.NASL", "REDHAT-RHSA-2020-0161.NASL", "REDHAT-RHSA-2020-0194.NASL", "REDHAT-RHSA-2020-0196.NASL", "REDHAT-RHSA-2020-0202.NASL", "REDHAT-RHSA-2020-0231.NASL", "REDHAT-RHSA-2020-0232.NASL", "REDHAT-RHSA-2020-0465.NASL", "REDHAT-RHSA-2020-0467.NASL", "REDHAT-RHSA-2020-0468.NASL", "REDHAT-RHSA-2020-0469.NASL", "REDHAT-RHSA-2020-0470.NASL", "REDHAT-RHSA-2020-0541.NASL", "REDHAT-RHSA-2020-0632.NASL", "REDHAT-RHSA-2020-0804.NASL", "REDHAT-RHSA-2020-0805.NASL", "REDHAT-RHSA-2020-0806.NASL", "REDHAT-RHSA-2020-0856.NASL", "REDHAT-RHSA-2020-1308.NASL", "REDHAT-RHSA-2020-1337.NASL", "REDHAT-RHSA-2020-1454.NASL", "REDHAT-RHSA-2020-1506.NASL", "REDHAT-RHSA-2020-1507.NASL", "REDHAT-RHSA-2020-1508.NASL", "REDHAT-RHSA-2020-1509.NASL", "REDHAT-RHSA-2020-1512.NASL", "REDHAT-RHSA-2020-1514.NASL", "REDHAT-RHSA-2020-1515.NASL", "REDHAT-RHSA-2020-1516.NASL", "REDHAT-RHSA-2020-1517.NASL", "REDHAT-RHSA-2020-1644.NASL", "REDHAT-RHSA-2020-1840.NASL", "REDHAT-RHSA-2020-2236.NASL", "REDHAT-RHSA-2020-2237.NASL", "REDHAT-RHSA-2020-2238.NASL", "REDHAT-RHSA-2020-2239.NASL", "REDHAT-RHSA-2020-2241.NASL", "REDHAT-RHSA-2020-2511.NASL", "REDHAT-RHSA-2020-2512.NASL", "REDHAT-RHSA-2020-2513.NASL", "REDHAT-RHSA-2020-2740.NASL", "REDHAT-RHSA-2020-2968.NASL", "REDHAT-RHSA-2020-2969.NASL", "REDHAT-RHSA-2020-2970.NASL", "REDHAT-RHSA-2020-2972.NASL", "REDHAT-RHSA-2020-2985.NASL", "REDHAT-RHSA-2020-3098.NASL", "REDHAT-RHSA-2020-3099.NASL", "REDHAT-RHSA-2020-3100.NASL", "REDHAT-RHSA-2020-3101.NASL", "REDHAT-RHSA-2020-3386.NASL", "REDHAT-RHSA-2020-3387.NASL", "REDHAT-RHSA-2020-3388.NASL", "REDHAT-RHSA-2020-3637.NASL", "REDHAT-RHSA-2020-3638.NASL", "REDHAT-RHSA-2020-3639.NASL", "REDHAT-RHSA-2020-3817.NASL", "REDHAT-RHSA-2020-4366.NASL", "REDHAT-RHSA-2020-5585.NASL", "SLACKWARE_SSA_2019-254-03.NASL", "SL_20190722_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20190722_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20190723_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20190724_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20191016_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20191016_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20191018_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20191022_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20191022_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20200116_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20200121_APACHE_COMMONS_BEANUTILS_ON_SL7_X.NASL", "SL_20200121_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20200122_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20200218_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20200227_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20200421_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20200421_JAVA_1_7_0_OPENJDK_ON_SL6_X.NASL", "SL_20200421_JAVA_1_7_0_OPENJDK_ON_SL7_X.NASL", "SL_20200421_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20200421_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "SL_20200716_JAVA_11_OPENJDK_ON_SL7_X.NASL", "SL_20200716_JAVA_1_8_0_OPENJDK_ON_SL6_X.NASL", "SL_20200716_JAVA_1_8_0_OPENJDK_ON_SL7_X.NASL", "STRUTS_2_3_36_FILEUPLOAD.NASL", "STRUTS_2_5_12.NASL", "SUSE_SU-2019-14044-1.NASL", "SUSE_SU-2019-14160-1.NASL", "SUSE_SU-2019-14171-1.NASL", "SUSE_SU-2019-14174-1.NASL", "SUSE_SU-2019-14249-1.NASL", "SUSE_SU-2019-2002-1.NASL", "SUSE_SU-2019-2021-1.NASL", "SUSE_SU-2019-2028-1.NASL", "SUSE_SU-2019-2036-1.NASL", "SUSE_SU-2019-2291-1.NASL", "SUSE_SU-2019-2336-1.NASL", "SUSE_SU-2019-2371-1.NASL", "SUSE_SU-2019-2397-1.NASL", "SUSE_SU-2019-2403-1.NASL", "SUSE_SU-2019-2410-1.NASL", "SUSE_SU-2019-2413-1.NASL", "SUSE_SU-2019-2504-1.NASL", "SUSE_SU-2019-2558-1.NASL", "SUSE_SU-2019-2561-1.NASL", "SUSE_SU-2019-2998-1.NASL", "SUSE_SU-2019-3083-1.NASL", "SUSE_SU-2019-3084-1.NASL", "SUSE_SU-2019-3238-1.NASL", "SUSE_SU-2020-0001-1.NASL", "SUSE_SU-2020-0024-1.NASL", "SUSE_SU-2020-0025-1.NASL", "SUSE_SU-2020-0051-1.NASL", "SUSE_SU-2020-0099-1.NASL", "SUSE_SU-2020-0140-1.NASL", "SUSE_SU-2020-0213-1.NASL", "SUSE_SU-2020-0231-1.NASL", "SUSE_SU-2020-0261-1.NASL", "SUSE_SU-2020-0456-1.NASL", "SUSE_SU-2020-0466-1.NASL", "SUSE_SU-2020-0528-1.NASL", "SUSE_SU-2020-0628-1.NASL", "SUSE_SU-2020-14263-1.NASL", "SUSE_SU-2020-14287-1.NASL", "SUSE_SU-2020-14398-1.NASL", "SUSE_SU-2020-14484-1.NASL", "SUSE_SU-2020-1511-1.NASL", "SUSE_SU-2020-1569-1.NASL", "SUSE_SU-2020-1569-2.NASL", "SUSE_SU-2020-1571-1.NASL", "SUSE_SU-2020-1572-1.NASL", "SUSE_SU-2020-1683-1.NASL", "SUSE_SU-2020-1684-1.NASL", "SUSE_SU-2020-1685-1.NASL", "SUSE_SU-2020-1686-1.NASL", "SUSE_SU-2020-2008-1.NASL", "SUSE_SU-2020-2143-1.NASL", "SUSE_SU-2020-2453-1.NASL", "SUSE_SU-2020-2461-1.NASL", "SUSE_SU-2020-2482-1.NASL", "SUSE_SU-2020-2634-1.NASL", "SUSE_SU-2020-2861-1.NASL", "SUSE_SU-2020-3191-1.NASL", "SUSE_SU-2020-3460-1.NASL", "UBUNTU_USN-4080-1.NASL", "UBUNTU_USN-4083-1.NASL", "UBUNTU_USN-4223-1.NASL", "UBUNTU_USN-4257-1.NASL", "UBUNTU_USN-4337-1.NASL", "UBUNTU_USN-4376-1.NASL", "UBUNTU_USN-4433-1.NASL", "UBUNTU_USN-4453-1.NASL", "UBUNTU_USN-4504-1.NASL", "VIRTUALBOX_6_0_14.NASL", "VIRTUOZZO_VZLSA-2019-1811.NASL", "VIRTUOZZO_VZLSA-2019-1815.NASL", "VIRTUOZZO_VZLSA-2019-1839.NASL", "VIRTUOZZO_VZLSA-2019-3128.NASL", "VIRTUOZZO_VZLSA-2019-3136.NASL", "VIRTUOZZO_VZLSA-2019-3157.NASL", "VIRTUOZZO_VZLSA-2019-3158.NASL", "WEBSPHERE_1115085.NASL", "WEBSPHERE_1288774.NASL", "WEBSPHERE_301027.NASL", "WEBSPHERE_6201862.NASL", "WEBSPHERE_CVE-2019-4441.NASL", "WEB_APPLICATION_SCANNING_112446"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2019-1547", "OPENSSL:CVE-2019-1549", "OPENSSL:CVE-2019-1563"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107633", "OPENVAS:1361412562310141668", "OPENVAS:1361412562310142887", "OPENVAS:1361412562310142888", "OPENVAS:1361412562310142889", "OPENVAS:1361412562310142890", "OPENVAS:1361412562310143027", "OPENVAS:1361412562310143028", "OPENVAS:1361412562310143728", "OPENVAS:1361412562310143729", "OPENVAS:1361412562310143734", "OPENVAS:1361412562310143735", "OPENVAS:1361412562310704452", "OPENVAS:1361412562310704485", "OPENVAS:1361412562310704486", "OPENVAS:1361412562310704539", "OPENVAS:1361412562310704540", "OPENVAS:1361412562310704542", "OPENVAS:1361412562310704546", "OPENVAS:1361412562310704548", "OPENVAS:1361412562310704605", "OPENVAS:1361412562310704621", "OPENVAS:1361412562310704662", "OPENVAS:1361412562310704668", "OPENVAS:1361412562310815177", "OPENVAS:1361412562310815180", "OPENVAS:1361412562310815638", "OPENVAS:1361412562310815640", "OPENVAS:1361412562310815646", "OPENVAS:1361412562310815647", "OPENVAS:1361412562310815648", "OPENVAS:1361412562310815899", "OPENVAS:1361412562310816603", "OPENVAS:1361412562310816855", "OPENVAS:1361412562310816858", "OPENVAS:1361412562310816859", "OPENVAS:1361412562310816861", "OPENVAS:1361412562310844116", "OPENVAS:1361412562310844118", "OPENVAS:1361412562310844279", "OPENVAS:1361412562310844315", "OPENVAS:1361412562310844402", "OPENVAS:1361412562310844450", "OPENVAS:1361412562310852501", "OPENVAS:1361412562310852649", "OPENVAS:1361412562310852657", "OPENVAS:1361412562310852686", "OPENVAS:1361412562310852713", "OPENVAS:1361412562310852728", "OPENVAS:1361412562310852786", "OPENVAS:1361412562310852874", "OPENVAS:1361412562310852886", "OPENVAS:1361412562310852897", "OPENVAS:1361412562310852927", "OPENVAS:1361412562310853015", "OPENVAS:1361412562310853022", "OPENVAS:1361412562310853192", "OPENVAS:1361412562310853208", "OPENVAS:1361412562310853227", "OPENVAS:1361412562310875213", "OPENVAS:1361412562310876828", "OPENVAS:1361412562310876829", "OPENVAS:1361412562310876830", "OPENVAS:1361412562310876832", "OPENVAS:1361412562310876833", "OPENVAS:1361412562310876834", "OPENVAS:1361412562310876835", "OPENVAS:1361412562310876837", "OPENVAS:1361412562310876847", "OPENVAS:1361412562310876866", "OPENVAS:1361412562310876898", "OPENVAS:1361412562310876900", "OPENVAS:1361412562310876901", "OPENVAS:1361412562310876904", "OPENVAS:1361412562310876908", "OPENVAS:1361412562310876940", "OPENVAS:1361412562310876994", "OPENVAS:1361412562310877109", "OPENVAS:1361412562310877119", "OPENVAS:1361412562310877127", "OPENVAS:1361412562310877141", "OPENVAS:1361412562310877152", "OPENVAS:1361412562310877171", "OPENVAS:1361412562310877192", "OPENVAS:1361412562310877212", "OPENVAS:1361412562310877251", "OPENVAS:1361412562310877267", "OPENVAS:1361412562310877291", "OPENVAS:1361412562310877322", "OPENVAS:1361412562310877801", "OPENVAS:1361412562310877831", "OPENVAS:1361412562310877883", "OPENVAS:1361412562310883085", "OPENVAS:1361412562310883086", "OPENVAS:1361412562310883087", "OPENVAS:1361412562310883088", "OPENVAS:1361412562310883089", "OPENVAS:1361412562310883118", "OPENVAS:1361412562310883120", "OPENVAS:1361412562310883121", "OPENVAS:1361412562310883122", "OPENVAS:1361412562310883123", "OPENVAS:1361412562310883164", "OPENVAS:1361412562310883171", "OPENVAS:1361412562310883173", "OPENVAS:1361412562310883175", "OPENVAS:1361412562310883182", "OPENVAS:1361412562310883192", "OPENVAS:1361412562310883222", "OPENVAS:1361412562310883224", "OPENVAS:1361412562310883228", "OPENVAS:1361412562310883230", "OPENVAS:1361412562310883231", "OPENVAS:1361412562310891492", "OPENVAS:1361412562310891798", "OPENVAS:1361412562310891831", "OPENVAS:1361412562310891879", "OPENVAS:1361412562310891886", "OPENVAS:1361412562310891896", "OPENVAS:1361412562310891932", "OPENVAS:1361412562310891943", "OPENVAS:1361412562310892023", "OPENVAS:1361412562310892030", "OPENVAS:1361412562310892111", "OPENVAS:1361412562310892128", "OPENVAS:1361412562310892135", "OPENVAS:1361412562310892179", "OPENVAS:1361412562310892193", "OPENVAS:1361412562310892270", "OPENVAS:1361412562311220192097", "OPENVAS:1361412562311220192098", "OPENVAS:1361412562311220192105", "OPENVAS:1361412562311220192216", "OPENVAS:1361412562311220192218", "OPENVAS:1361412562311220192245", "OPENVAS:1361412562311220192254", "OPENVAS:1361412562311220192263", "OPENVAS:1361412562311220192264", "OPENVAS:1361412562311220192374", "OPENVAS:1361412562311220192430", "OPENVAS:1361412562311220192460", "OPENVAS:1361412562311220192464", "OPENVAS:1361412562311220201061", "OPENVAS:1361412562311220201062", "OPENVAS:1361412562311220201063", "OPENVAS:1361412562311220201110", "OPENVAS:1361412562311220201111", "OPENVAS:1361412562311220201221", "OPENVAS:1361412562311220201274", "OPENVAS:1361412562311220201307", "OPENVAS:1361412562311220201395", "OPENVAS:1361412562311220201581"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2020", "ORACLE:CPUAPR2021", "ORACLE:CPUAPR2022", "ORACLE:CPUJAN2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJAN2022", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2022", "ORACLE:CPUOCT2020", "ORACLE:CPUOCT2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1810", "ELSA-2019-1811", "ELSA-2019-1815", "ELSA-2019-1816", "ELSA-2019-1817", "ELSA-2019-1839", "ELSA-2019-1840", "ELSA-2019-3127", "ELSA-2019-3128", "ELSA-2019-3134", "ELSA-2019-3135", "ELSA-2019-3136", "ELSA-2019-3157", "ELSA-2019-3158", "ELSA-2020-0122", "ELSA-2020-0128", "ELSA-2020-0157", "ELSA-2020-0194", "ELSA-2020-0196", "ELSA-2020-0202", "ELSA-2020-0541", "ELSA-2020-0632", "ELSA-2020-1506", "ELSA-2020-1507", "ELSA-2020-1508", "ELSA-2020-1509", "ELSA-2020-1512", "ELSA-2020-1514", "ELSA-2020-1515", "ELSA-2020-1644", "ELSA-2020-1840", "ELSA-2020-2968", "ELSA-2020-2969", "ELSA-2020-2970", "ELSA-2020-2972", "ELSA-2020-2985"]}, {"type": "osv", "idList": ["OSV:DLA-1492-1", "OSV:DLA-1798-1", "OSV:DLA-1831-1", "OSV:DLA-1879-1", "OSV:DLA-1886-1", "OSV:DLA-1896-1", "OSV:DLA-1932-1", "OSV:DLA-1943-1", "OSV:DLA-2023-1", "OSV:DLA-2030-1", "OSV:DLA-2111-1", "OSV:DLA-2128-1", "OSV:DLA-2135-1", "OSV:DLA-2179-1", "OSV:DLA-2193-1", "OSV:DLA-2270-1", "OSV:DLA-2325-1", "OSV:DLA-2638-1", "OSV:DSA-4452-1", "OSV:DSA-4485-1", "OSV:DSA-4486-1", "OSV:DSA-4539-1", "OSV:DSA-4540-1", "OSV:DSA-4542-1", "OSV:DSA-4546-1", "OSV:DSA-4548-1", "OSV:DSA-4605-1", "OSV:DSA-4621-1", "OSV:DSA-4662-1", "OSV:DSA-4668-1", "OSV:DSA-4734-1", "OSV:GHSA-297X-8XJ4-VCXV", "OSV:GHSA-446M-MV8F-Q348", "OSV:GHSA-4W82-R329-3Q67", "OSV:GHSA-53X6-4X5P-RRVV", "OSV:GHSA-58P8-9G59-Q2HR", "OSV:GHSA-5949-RW7G-WX7W", "OSV:GHSA-5P34-5M6P-P58G", "OSV:GHSA-5WW9-J83M-Q7QX", "OSV:GHSA-6FPP-RGJ9-8RWC", "OSV:GHSA-6PHF-73Q6-GH87", "OSV:GHSA-758M-V56V-GRJ4", "OSV:GHSA-7X9J-7223-RG5M", "OSV:GHSA-84CM-X2Q5-8225", "OSV:GHSA-9VVP-FXW6-JCXR", "OSV:GHSA-C265-37VJ-CWCC", "OSV:GHSA-CF6R-3WGC-H863", "OSV:GHSA-CMFG-87VQ-G5G4", "OSV:GHSA-F3J5-RMMP-3FC5", "OSV:GHSA-GWW7-P5W4-WRFV", "OSV:GHSA-HRMR-F5M6-M9PQ", "OSV:GHSA-J823-4QCH-3RGM", "OSV:GHSA-MX7P-6679-8G3Q", "OSV:GHSA-QMQC-X3R4-6V39", "OSV:GHSA-W4JQ-QH47-HVJQ"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149099"]}, {"type": "photon", "idList": ["PHSA-2019-0032", "PHSA-2019-0033", "PHSA-2019-0035", "PHSA-2019-0173", "PHSA-2019-0177", "PHSA-2019-0250", "PHSA-2019-0252", "PHSA-2019-1.0-0250", "PHSA-2019-1.0-0252", "PHSA-2019-2.0-0173", "PHSA-2019-2.0-0177", "PHSA-2019-3.0-0032", "PHSA-2019-3.0-0033", "PHSA-2019-3.0-0035", "PHSA-2020-0083", "PHSA-2020-0084", "PHSA-2020-0119", "PHSA-2020-0235", "PHSA-2020-0265", "PHSA-2020-0310", "PHSA-2020-1.0-0290", "PHSA-2020-1.0-0310", "PHSA-2020-2.0-0235", "PHSA-2020-2.0-0265", "PHSA-2020-3.0-0083", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0119"]}, {"type": "redhat", "idList": ["RHSA-2019:1810", "RHSA-2019:1811", "RHSA-2019:1815", "RHSA-2019:1816", "RHSA-2019:1817", "RHSA-2019:1839", "RHSA-2019:1840", "RHSA-2019:2494", "RHSA-2019:2495", "RHSA-2019:2585", "RHSA-2019:2590", "RHSA-2019:2592", "RHSA-2019:2737", "RHSA-2019:2743", "RHSA-2019:2804", "RHSA-2019:2858", "RHSA-2019:2935", "RHSA-2019:2936", "RHSA-2019:2937", "RHSA-2019:2938", "RHSA-2019:2998", "RHSA-2019:3044", "RHSA-2019:3045", "RHSA-2019:3046", "RHSA-2019:3050", "RHSA-2019:3127", "RHSA-2019:3128", "RHSA-2019:3134", "RHSA-2019:3135", "RHSA-2019:3136", "RHSA-2019:3149", "RHSA-2019:3157", "RHSA-2019:3158", "RHSA-2019:3200", "RHSA-2019:3292", "RHSA-2019:3297", "RHSA-2019:3901", "RHSA-2019:4109", "RHSA-2019:4110", "RHSA-2019:4113", "RHSA-2019:4115", "RHSA-2019:4117", "RHSA-2019:4317", "RHSA-2020:0006", "RHSA-2020:0046", "RHSA-2020:0057", "RHSA-2020:0122", "RHSA-2020:0128", "RHSA-2020:0157", "RHSA-2020:0159", "RHSA-2020:0160", "RHSA-2020:0161", "RHSA-2020:0164", "RHSA-2020:0194", "RHSA-2020:0196", "RHSA-2020:0202", "RHSA-2020:0231", "RHSA-2020:0232", "RHSA-2020:0445", "RHSA-2020:0465", "RHSA-2020:0467", "RHSA-2020:0468", "RHSA-2020:0469", "RHSA-2020:0470", "RHSA-2020:0541", "RHSA-2020:0556", "RHSA-2020:0632", "RHSA-2020:0727", "RHSA-2020:0729", "RHSA-2020:0804", "RHSA-2020:0805", "RHSA-2020:0806", "RHSA-2020:0811", "RHSA-2020:0856", "RHSA-2020:0895", "RHSA-2020:0899", "RHSA-2020:0939", "RHSA-2020:0951", "RHSA-2020:0983", "RHSA-2020:1308", "RHSA-2020:1336", "RHSA-2020:1337", "RHSA-2020:1454", "RHSA-2020:1506", "RHSA-2020:1507", "RHSA-2020:1508", "RHSA-2020:1509", "RHSA-2020:1512", "RHSA-2020:1514", "RHSA-2020:1515", "RHSA-2020:1516", "RHSA-2020:1517", "RHSA-2020:1523", "RHSA-2020:1644", "RHSA-2020:1840", "RHSA-2020:1938", "RHSA-2020:1942", "RHSA-2020:2054", "RHSA-2020:2067", "RHSA-2020:2236", "RHSA-2020:2237", "RHSA-2020:2238", "RHSA-2020:2239", "RHSA-2020:2241", "RHSA-2020:2321", "RHSA-2020:2333", "RHSA-2020:2511", "RHSA-2020:2512", "RHSA-2020:2513", "RHSA-2020:2515", "RHSA-2020:2619", "RHSA-2020:2740", "RHSA-2020:2813", "RHSA-2020:2968", "RHSA-2020:2969", "RHSA-2020:2970", "RHSA-2020:2972", "RHSA-2020:2985", "RHSA-2020:3098", "RHSA-2020:3099", "RHSA-2020:3100", "RHSA-2020:3101", "RHSA-2020:3192", "RHSA-2020:3194", "RHSA-2020:3196", "RHSA-2020:3197", "RHSA-2020:3247", "RHSA-2020:3386", "RHSA-2020:3387", "RHSA-2020:3388", "RHSA-2020:3587", "RHSA-2020:3637", "RHSA-2020:3638", "RHSA-2020:3639", "RHSA-2020:3642", "RHSA-2020:3779", "RHSA-2020:3817", "RHSA-2020:4298", "RHSA-2020:4366", "RHSA-2020:5568", "RHSA-2020:5585", "RHSA-2020:5625", "RHSA-2021:1230", "RHSA-2021:1515", "RHSA-2021:3140"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18214", "RH:CVE-2018-11771", "RH:CVE-2018-15494", "RH:CVE-2019-10086", "RH:CVE-2019-10202", "RH:CVE-2019-11771", "RH:CVE-2019-12086", "RH:CVE-2019-12402", "RH:CVE-2019-12406", "RH:CVE-2019-12814", "RH:CVE-2019-14379", "RH:CVE-2019-14892", "RH:CVE-2019-14893", "RH:CVE-2019-1547", "RH:CVE-2019-1549", "RH:CVE-2019-1563", "RH:CVE-2019-16942", "RH:CVE-2019-17267", "RH:CVE-2019-20330", "RH:CVE-2019-2762", "RH:CVE-2019-2769", "RH:CVE-2019-2816", "RH:CVE-2019-2949", "RH:CVE-2019-2964", "RH:CVE-2019-2973", "RH:CVE-2019-2978", "RH:CVE-2019-2981", "RH:CVE-2019-2983", "RH:CVE-2019-2989", "RH:CVE-2019-4473", "RH:CVE-2019-4732", "RH:CVE-2020-10969", "RH:CVE-2020-11113", "RH:CVE-2020-14060", "RH:CVE-2020-14062", "RH:CVE-2020-14338", "RH:CVE-2020-14577", "RH:CVE-2020-14578", "RH:CVE-2020-14579", "RH:CVE-2020-14621", "RH:CVE-2020-2590", "RH:CVE-2020-2593", "RH:CVE-2020-2601", "RH:CVE-2020-2654", "RH:CVE-2020-2754", "RH:CVE-2020-2755", "RH:CVE-2020-2756", "RH:CVE-2020-2757", "RH:CVE-2020-2781", "RH:CVE-2020-2800", "RH:CVE-2020-2830", "RH:CVE-2020-8840", "RH:CVE-2020-9546", "RH:CVE-2021-20190"]}, {"type": "slackware", "idList": ["SSA-2019-254-03"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1399-1", "OPENSUSE-SU-2019:1912-1", "OPENSUSE-SU-2019:1916-1", "OPENSUSE-SU-2019:2058-1", "OPENSUSE-SU-2019:2158-1", "OPENSUSE-SU-2019:2189-1", "OPENSUSE-SU-2019:2268-1", "OPENSUSE-SU-2019:2269-1", "OPENSUSE-SU-2019:2557-1", "OPENSUSE-SU-2019:2565-1", "OPENSUSE-SU-2019:2687-1", "OPENSUSE-SU-2020:0113-1", "OPENSUSE-SU-2020:0147-1", "OPENSUSE-SU-2020:0757-1", "OPENSUSE-SU-2020:0800-1", "OPENSUSE-SU-2020:0841-1", "OPENSUSE-SU-2020:1175-1", "OPENSUSE-SU-2020:1191-1", "OPENSUSE-SU-2020:1893-1", "OPENSUSE-SU-2020:2048-1", "OPENSUSE-SU-2020:2083-1"]}, {"type": "symantec", "idList": ["SMNTC-109227", "SMNTC-109425", "SMNTC-109664", "SMNTC-109915", "SMNTC-110043", "SMNTC-110044", "SMNTC-110047", "SMNTC-110421", "SMNTC-110422", "SMNTC-110433", "SMNTC-110434", "SMNTC-110437", "SMNTC-110439", "SMNTC-110440", "SMNTC-110441", "SMNTC-111293", "SMNTC-111484", "SMNTC-111486", "SMNTC-111488", "SMNTC-111505", "SMNTC-1768", "SMNTC-93604"]}, {"type": "threatpost", "idList": ["THREATPOST:71CFE98EE69CB32A2F1F115FCB3ACF21", "THREATPOST:A45826A8CDA7058392C4901D6AAD15F1"]}, {"type": "ubuntu", "idList": ["USN-4080-1", "USN-4083-1", "USN-4223-1", "USN-4257-1", "USN-4337-1", "USN-4376-1", "USN-4376-2", "USN-4433-1", "USN-4453-1", "USN-4504-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-1000031", "UB:CVE-2017-18214", "UB:CVE-2018-11771", "UB:CVE-2018-15494", "UB:CVE-2019-10086", "UB:CVE-2019-12086", "UB:CVE-2019-12402", "UB:CVE-2019-12814", "UB:CVE-2019-14379", "UB:CVE-2019-14892", "UB:CVE-2019-14893", "UB:CVE-2019-1547", "UB:CVE-2019-1549", "UB:CVE-2019-1563", "UB:CVE-2019-16942", "UB:CVE-2019-17267", "UB:CVE-2019-20330", "UB:CVE-2019-2762", "UB:CVE-2019-2769", "UB:CVE-2019-2816", "UB:CVE-2019-2949", "UB:CVE-2019-2964", "UB:CVE-2019-2973", "UB:CVE-2019-2978", "UB:CVE-2019-2981", "UB:CVE-2019-2983", "UB:CVE-2019-2989", "UB:CVE-2020-10969", "UB:CVE-2020-11113", "UB:CVE-2020-14060", "UB:CVE-2020-14062", "UB:CVE-2020-14577", "UB:CVE-2020-14578", "UB:CVE-2020-14579", "UB:CVE-2020-14621", "UB:CVE-2020-2590", "UB:CVE-2020-2593", "UB:CVE-2020-2601", "UB:CVE-2020-2654", "UB:CVE-2020-2754", "UB:CVE-2020-2755", "UB:CVE-2020-2756", "UB:CVE-2020-2757", "UB:CVE-2020-2781", "UB:CVE-2020-2800", "UB:CVE-2020-2830", "UB:CVE-2020-8141", "UB:CVE-2020-8840", "UB:CVE-2020-9546", "UB:CVE-2021-20190"]}, {"type": "veracode", "idList": ["VERACODE:20907", "VERACODE:20908", "VERACODE:20910", "VERACODE:20928", "VERACODE:21314", "VERACODE:21389", "VERACODE:21486", "VERACODE:21488", "VERACODE:21602", "VERACODE:21650", "VERACODE:21712", "VERACODE:21714", "VERACODE:21715", "VERACODE:21717", "VERACODE:21718", "VERACODE:21719", "VERACODE:21722", "VERACODE:21926", "VERACODE:22002", "VERACODE:22003", "VERACODE:22017", "VERACODE:22246", "VERACODE:22306", "VERACODE:22307", "VERACODE:22308", "VERACODE:22310", "VERACODE:22481", "VERACODE:22620", "VERACODE:22802", "VERACODE:22905", "VERACODE:25171", "VERACODE:25461", "VERACODE:25462", "VERACODE:25463", "VERACODE:25464", "VERACODE:25467", "VERACODE:25468", "VERACODE:25679", "VERACODE:25681", "VERACODE:25901", "VERACODE:25903", "VERACODE:25905", "VERACODE:25910", "VERACODE:26787", "VERACODE:29076"]}, {"type": "zdi", "idList": ["ZDI-16-570"]}, {"type": "zdt", "idList": ["1337DAY-ID-30975"]}]}, "score": {"value": 1.0, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["JAVA_JULY2019_ADVISORY.ASC", "OPENSSL_ADVISORY31.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2020:1644"]}, {"type": "amazon", "idList": ["ALAS-2019-1268", "ALAS-2019-1269"]}, {"type": "apple", "idList": ["APPLE:251C897D47AD6A2DB0B7E3792A81C425"]}, {"type": "atlassian", "idList": ["ATLASSIAN:BAM-20722"]}, {"type": "attackerkb", "idList": ["AKB:8AA21692-1900-4944-98AB-BEC257302198"]}, {"type": "centos", "idList": ["CESA-2019:1810", "CESA-2019:1811", "CESA-2019:1815", "CESA-2019:1839", "CESA-2019:1840"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-1346"]}, {"type": "cisa", "idList": ["CISA:848AFE845B4D41B0B59F2090C2571363"]}, {"type": "cisco", "idList": ["CISCO-SA-20181107-STRUTS-COMMONS-FILEUPLOAD"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:DBBC716FD85510861511BDE10DD24963"]}, {"type": "cve", "idList": ["CVE-2016-1000031", "CVE-2019-10086", "CVE-2019-11771", "CVE-2019-12086", "CVE-2019-12402", "CVE-2019-1547", "CVE-2019-1549", "CVE-2019-1563", "CVE-2019-16942", "CVE-2019-17267", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-4305", "CVE-2019-4441", "CVE-2019-4473"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1492-1:295A9", "DEBIAN:DLA-1879-1:41860", "DEBIAN:DLA-1886-1:800E7", "DEBIAN:DLA-1896-1:572E2", "DEBIAN:DLA-1932-1:82F68", "DEBIAN:DLA-1943-1:5F5AB", "DEBIAN:DLA-2638-1:5B442", "DEBIAN:DSA-4485-1:63763", "DEBIAN:DSA-4486-1:B09C5", "DEBIAN:DSA-4539-1:42F6F", "DEBIAN:DSA-4540-1:F4ED8", "DEBIAN:DSA-4542-1:03F2D"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-10086"]}, {"type": "f5", "idList": ["F5:K44070243", "F5:K54213762", "F5:K73422160", "F5:K97324400"]}, {"type": "fedora", "idList": ["FEDORA:45E8A60321BE", "FEDORA:D3F4E61F0A04"]}, {"type": "freebsd", "idList": ["9E0C6F7A-D46D-11E9-A1C7-B499BAEBFEAF", "C1265E85-7C95-11E7-93AF-005056925DB4"]}, {"type": "gentoo", "idList": ["GLSA-201911-04"]}, {"type": "github", "idList": ["GHSA-446M-MV8F-Q348", "GHSA-53X6-4X5P-RRVV", "GHSA-58P8-9G59-Q2HR", "GHSA-5WW9-J83M-Q7QX", "GHSA-6FPP-RGJ9-8RWC", "GHSA-84CM-X2Q5-8225", "GHSA-CMFG-87VQ-G5G4", "GHSA-HRMR-F5M6-M9PQ", "GHSA-MX7P-6679-8G3Q"]}, {"type": "githubexploit", "idList": ["3A4AAB02-CCAA-51EA-8324-41D2F506E5A2", "3BE6C242-DF61-5FB1-AF29-941FEF80A127", "5EDF02C1-5DDC-5B0E-BF23-677048091107", "95E9031F-A021-5296-ADC3-71E43A95A049", "B4CCD6DC-671B-58FE-9826-B4F9C361A650"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20200610-01-FASTJASON"]}, {"type": "ibm", "idList": ["0076A42200CA79BB4F38036CC5133B052749C172669E11C84EDFD56B71758FB7", "01BAD5183A1A9316D2E815F9EE5B380900016BB451F5B507CB87FB2DD0843B17", "08325F6AA0E5D32062B70EC20B7BAC73EDD2082F6016AADE25F93CC5C5945E15", "09ABABD524310CB6F76FB7F0A80C1126E5C6C8D3D87340E9CEF6A3A6B1C34C3C", "1360BEF97E01B87A4E58CA581A1F32ECD385845F24783D4980B6E64F68F389FB", "17179127276D2C8BCC739D66B23A070D5DCF232A120A9E4EF31DA0C49E8077B9", "176E1428146C282D851E871707952C3F4A0C7904B6CABDA63202933EDFEB2384", "1A72C91F6CA7EEB9FAAA834618698CCB61EEC973896F1BBF5482067FC7922767", "1A7668E81452E83AB00678328095567DA17543F8BDE6DB1EE678E96C5B064FD6", "280F22C59D289D09BF95C27BCBD4E75FDD23E4CB97EDC3D26F891DF09095112C", "281EA77DACE3CB0D203B13E8D960659321E00D0D3AD04C8DD174EF67ABD3975C", "2A05D27D0FF61BD5D3C4263E53EB4D34E324CC8F78836E02986EBC35BB76E209", "3073B2863EC3EEE15D79F6F74A31A0A1F9DF2E191852C00E1BB66966D15300AD", "30C160035BB3D7D8CCEFC976E9A66E721135E92A5F2BC6D96A0922DAD970B145", "3685B92248F5EF5F87E22332608BA77B6E0CBEC5E65184E9ED006251D92D1762", "3757DB8A424DB88E245C8F0EDDFE6FE06F8170406FA58010670CD76C8A1ED47C", "39807D1224804C1ED4DF9E9B1CDF9DB3C95A5882806B68B2EFFC0D340A45AD41", "3C757E6C207C325B90893148C70649850957A2F8AB27DE4E6D68D3EA4F71D013", "3DEA543F812B23E125C9088AF5301DA14AAE88C8C7706F25F22571DF88A6C6A0", "43889098AF27B56E1AAC2C0ADC87D15751A2B0CCE3BF25260E32BBE3CCA7CE93", "440EFFCF162389547EC94BA431325D2B42D5E91C496765EE6F12A65170790BDA", "465A77691B2F05B1C5FAAC7A02CB7D278A82164C3BA7AE66829B4C4FECA4395B", "468957E7ECE017AC323A31CFD237B108C75593118F139922584ABAC37DCE69D7", "50EA423A77AFE74D4C99D312D7FA5988DE8629BD8B6A44E2C6A86AC37D0AD6DF", "563934541397DDC0A640CA044FD1AAABD3BA89EA3B7B3A101F97F3FCD502BC6B", "5FDD411EFE7FCCB2A42647D8A1CFB26D87F65B1DB8BECAB0016FEB3D57AE8C86", "5FE7A510CD15A76A4D6CF022D158B9FC7E8E03226BAF443B1D7C5958D406EEFF", "6154DEF6F23663D7D1FF5A7AC8111991A9724E8158A01D10C2D5BAC51D31ACFA", "639162FDF1F868B89BEC92BD6649146812BA3EC6E2918FE4CCE113215EE729B2", "644A8D20EA5C122A543FD2875F814F29458A670A8F81310C4182A6D4DD814E43", "69FB72CCB8D5FCC39004FA966C700C2C3FAC030FB41B36D5BE112D01469B6B39", "6ABEA86F95DECD03C32F5BD7AF2042BF07A1C544724C672F6BFA6EC88894C596", "7108A0C582CA71DB4DB30C520C2DEE6D115196B2AEEE56A3D2159351C72B07C4", "75847106DDA59D969AC0CC5D5D85844498E31446EE547D1D9B1A4B491F5FCBF2", "7721744B6CF259BF11FF7B6430AE43A25D620EF548BC9DF53A5A8B7DB5079B31", "77A28093327290BEEC30BA0FD258343ECA5E3AFE8F5CC46CBAE8878B49FB78B9", "7B05B840ACCC17A8D2E2D9B0FD2D6480FB03A9408D40E605B8310E82A4503F00", "7E3810136FEF61BFC79D395E6D31F652EA936DDF2169F22C131565764489E4C9", "80F63C4DBA4692F1399B8419C02ECEE29E4B32D85EDDE77D136EB81CBB859B9C", "8D7ED64456FC169D02750D2AA4A80B16FFC334A2DA71875B22768979B26CAC67", "8DAEC6BCDE7A61BCB818037C4AAA2835BC75563C598312914F7766E39155FAB3", "970356E4679ACAEE2E2C557020D6BE0C8471E248DD8661C70025539C53C75DC8", "9C411B6B775BB46123848361880D8BC5AD57524CE692B5401AD2E0F29C629E53", "9DD7EDEEE926F2A73DA62AD0656911BD45FF03DEA806B6094BC2BF78EA387892", "A330005D49E2DE9D5BB7AEB1FFF23C2CE2ECD165D6C58311145C72736B358907", "A4F91E36C4B372A0AAF3400EFA5B0CC73FDE22D1B3FB09A67E8FD163CFA6CC21", "B71E0BF361A8070A23A3F1A12855E8451A139F411163CC699F31E14C71A1F3EA", "BD73CB304818422172D48F1453A9EBB4A928DE6BC130FF8EE26D6D8B3208D65E", "C034F4A93C7986F86B5276634B82B774DA1796B9A2CC2371DA4859670D82233E", "C0BDB67449527274F6BF935813A76F827DBFB1EAD61444E49DD24177F6B0ABE0", "C2B0F0577108B57CEDB5494BBCBCD19273E00DD8188BDB4AD7768611BF25F5EF", "C340BC82AF5721191278C55096E3531A109E480B231A32A6FA094DE56B33C4E2", "C65985541E4ED9B85BC4841AF3058555C1D04CA2A75B0CC7E7DD4B618F33AA02", "C7BF9E3DE547E76D7B7B89B7E31D72468FCCCF0D24D3580B01C6BA30FC2F324D", "C7C90AE07B9F79A9EEF6608D4722926B0CCF2ECD1B095573CDC550F929B66111", "C8805CB7A9877952E3B667A528AE49619053A2D7DB5F1F65CA2C84C382A15EAE", "CCDFC99BF266F0BFA7C6D61E506C55A7C69DF48E852D065E407BD394CEB5F678", "CE7B09FDAB4AD52C4D2DF48D876D11F77AB8D075D2126DF86BCFAB3FD1F6D522", "CEA8FEBEBD755E25CDC9DE7E215C4927313FC37724C74ECF67875E57EFC04C4B", "D1CB85104D6425EADABAF28CF6CF9EB9A90389B1D6AFFC5FE976A773A70523CD", "D2E5A8C7C268A524FD1AD59500D2BCB9D9ADCF3C9FC2AFF1B56387C821915241", "DB5C4843714C3B6FE6F22056DA72142411A13EE19DCE1AE7BD105B5606C46498", "DD34B9BC3B107A1DC572E91FE164C11C4D3B050CFD5A53884C66DA680566DEB4", "DEFBED52ABC2310EDCD812EAE7D66EFB050F845095358FC260D8C8294857312A", "E51DDF73E3F5CD96B12560329D18889F698C09D96494E43FCCF428FEC32A1F2E", "E61FF499B7EFFD92A0884B1108A602A50283CF6842D88D47BD14A9C1F5EC2065", "ED45B3D03432EA991E20FCFB7B9FD0CD25D3E1B834197F239D900E5975F863A2", "EED7ED86612FAEF9F63E54348F81A1C160DDDB83ED4BF292A6E7281AD00953CB", "F0839A9BD9452AB3D46FC4E71D73386166709F03A04F9CBDBEF9A7630D6BE6A0", "F283B6C62AB9CB295646875FBD04A9491AE444A407FCD0B315A89B1625C1D2EB", "F5E265A3E5B0E2665476645CE412430FD82D6F5D85968FC03F4FEF8CBBB8EDF7", "F7283916CCF52A7D897ACED313AACEF7E287BA7117F4BB159BB1B33294EC2F1C", "F75806AF51F262CD91F3E2017F6775AF7816B8E15289C5596B33856B18979E5B", "F7A2FB1095724C0FC9ADDAC98FFF309E356E8ECDDB49CA432AA4F24FB5F4FA6D", "F895BAAED2A6FCD28E65EA4AF5A92641920AF9737BDF81AAEFFF1315ABCEA09F", "F9F3B4261A18C4DCE8B16610FB2521F9D859E86F8EE3010A1231A24FF23D52DB", "FB7B2826853A6CC1030773078566846653AB764C17AD1202D6C43D2C1ACE6068", "FE682ECFC10CBB3EA19CC98A95397F776F34168220DD72550FAE4CF5E216A9CC"]}, {"type": "ics", "idList": ["ICSA-22-055-02"]}, {"type": "kaspersky", "idList": ["KLA11520", "KLA11582", "KLA11584", "KLA11641", "KLA11646", "KLA11753", "KLA11867"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/ALPINE-LINUX-CVE-2020-2781/", "MSF:ILITIES/AMAZON-LINUX-AMI-2-CVE-2020-2781/", "MSF:ILITIES/DEBIAN-CVE-2020-2781/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP2-CVE-2020-2781/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP3-CVE-2020-2781/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP8-CVE-2020-2781/", "MSF:ILITIES/IBM-AIX-CVE-2020-2781/", "MSF:ILITIES/IBM-JAVA-CVE-2020-2781/", "MSF:ILITIES/IBM-WAS-CVE-2020-4329/", "MSF:ILITIES/ORACLE_LINUX-CVE-2020-2781/", "MSF:ILITIES/REDHAT_LINUX-CVE-2020-2781/"]}, {"type": "nessus", "idList": ["AL2_ALAS-2020-1491.NASL", "ALA_ALAS-2020-1365.NASL", "DEBIAN_DLA-1492.NASL", "DEBIAN_DLA-2638.NASL", "EULEROS_SA-2019-2097.NASL", "EULEROS_SA-2019-2098.NASL", "EULEROS_SA-2019-2105.NASL", "EULEROS_SA-2019-2216.NASL", "EULEROS_SA-2019-2218.NASL", "EULEROS_SA-2019-2245.NASL", "EULEROS_SA-2019-2254.NASL", "EULEROS_SA-2019-2263.NASL", "EULEROS_SA-2019-2264.NASL", "EULEROS_SA-2020-1581.NASL", "EULEROS_SA-2021-1805.NASL", "EULEROS_SA-2021-1806.NASL", "EULEROS_SA-2021-2542.NASL", "EULEROS_SA-2021-2566.NASL", "FEDORA_2019-79B5790566.NASL", "FEDORA_2019-BCAD44B5D6.NASL", "FEDORA_2020-A60AD9D4EC.NASL", "FREEBSD_PKG_C1265E857C9511E793AF005056925DB4.NASL", "GENTOO_GLSA-201911-04.NASL", "OPENJDK_2019-07-16.NASL", "OPENJDK_2019-10-15.NASL", "OPENJDK_2020-01-14.NASL", "OPENJDK_2020-04-14.NASL", "OPENJDK_2020-07-14.NASL", "OPENSUSE-2019-2557.NASL", "OPENSUSE-2019-2565.NASL", "OPENSUSE-2020-2048.NASL", "OPENSUSE-2020-2083.NASL", "OPENSUSE-2020-757.NASL", "ORACLE_E-BUSINESS_CPU_APR_2021.NASL", "ORACLE_NOSQL_CPU_APR_2021.NASL", "ORACLE_WEBCENTER_PORTAL_CPU_APR_2021.NASL", "ORACLE_WEBLOGIC_SERVER_CPU_APR_2021.NASL", "REDHAT-RHSA-2020-1840.NASL", "REDHAT-RHSA-2020-2236.NASL", "REDHAT-RHSA-2020-2237.NASL", "REDHAT-RHSA-2020-2238.NASL", "REDHAT-RHSA-2020-2239.NASL", "REDHAT-RHSA-2020-2241.NASL", "SUSE_SU-2019-2998-1.NASL", "UBUNTU_USN-4376-1.NASL"]}, {"type": "openssl", "idList": ["OPENSSL:CVE-2019-1563"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142887", "OPENVAS:1361412562310142888", "OPENVAS:1361412562310142889", "OPENVAS:1361412562310142890", "OPENVAS:1361412562310704485", "OPENVAS:1361412562310704486", "OPENVAS:1361412562310704539", "OPENVAS:1361412562310704540", "OPENVAS:1361412562310704542", "OPENVAS:1361412562310815177", "OPENVAS:1361412562310815180", "OPENVAS:1361412562310844116", "OPENVAS:1361412562310844118", "OPENVAS:1361412562310844450", "OPENVAS:1361412562310852649", "OPENVAS:1361412562310852657", "OPENVAS:1361412562310852686", "OPENVAS:1361412562310852713", "OPENVAS:1361412562310852728", "OPENVAS:1361412562310853192", "OPENVAS:1361412562310876828", "OPENVAS:1361412562310876829", "OPENVAS:1361412562310876830", "OPENVAS:1361412562310876832", "OPENVAS:1361412562310876833", "OPENVAS:1361412562310876834", "OPENVAS:1361412562310876835", "OPENVAS:1361412562310876837", "OPENVAS:1361412562310876847", "OPENVAS:1361412562310876866", "OPENVAS:1361412562310876898", "OPENVAS:1361412562310876900", "OPENVAS:1361412562310876901", "OPENVAS:1361412562310876904", "OPENVAS:1361412562310876908", "OPENVAS:1361412562310876994", "OPENVAS:1361412562310877831", "OPENVAS:1361412562310877883", "OPENVAS:1361412562310883085", "OPENVAS:1361412562310883086", "OPENVAS:1361412562310883087", "OPENVAS:1361412562310883088", "OPENVAS:1361412562310883089", "OPENVAS:1361412562310891492", "OPENVAS:1361412562310891879", "OPENVAS:1361412562310891886", "OPENVAS:1361412562310891896", "OPENVAS:1361412562310891932", "OPENVAS:1361412562310891943", "OPENVAS:1361412562311220201581"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-1810", "ELSA-2019-1811", "ELSA-2019-1815", "ELSA-2019-1816", "ELSA-2019-1817", "ELSA-2019-1839", "ELSA-2019-1840", "ELSA-2019-3127", "ELSA-2019-3128", "ELSA-2020-1840"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149099"]}, {"type": "photon", "idList": ["PHSA-2019-1.0-0250", "PHSA-2019-2.0-0173", "PHSA-2019-2.0-0177", "PHSA-2019-3.0-0032", "PHSA-2019-3.0-0033", "PHSA-2019-3.0-0035", "PHSA-2020-1.0-0290", "PHSA-2020-1.0-0310", "PHSA-2020-2.0-0235", "PHSA-2020-2.0-0265", "PHSA-2020-3.0-0083", "PHSA-2020-3.0-0084", "PHSA-2020-3.0-0119"]}, {"type": "redhat", "idList": ["RHSA-2019:1839", "RHSA-2019:2494", "RHSA-2019:2585", "RHSA-2019:2804", "RHSA-2019:3136", "RHSA-2020:0046", "RHSA-2020:0895", "RHSA-2020:1512", "RHSA-2020:2740", "RHSA-2020:2985"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-20190"]}, {"type": "slackware", "idList": ["SSA-2019-254-03"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1399-1", "OPENSUSE-SU-2019:1912-1", "OPENSUSE-SU-2019:1916-1", "OPENSUSE-SU-2019:2058-1", "OPENSUSE-SU-2019:2158-1", "OPENSUSE-SU-2019:2189-1", "OPENSUSE-SU-2019:2268-1", "OPENSUSE-SU-2019:2269-1", "OPENSUSE-SU-2019:2557-1", "OPENSUSE-SU-2019:2565-1", "OPENSUSE-SU-2020:0757-1", "OPENSUSE-SU-2020:2048-1", "OPENSUSE-SU-2020:2083-1"]}, {"type": "symantec", "idList": ["SMNTC-1768"]}, {"type": "threatpost", "idList": ["THREATPOST:A45826A8CDA7058392C4901D6AAD15F1"]}, {"type": "ubuntu", "idList": ["USN-4080-1", "USN-4376-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-10086", "UB:CVE-2019-12402", "UB:CVE-2019-14892", "UB:CVE-2019-14893", "UB:CVE-2019-1547", "UB:CVE-2019-1549", "UB:CVE-2019-1563", "UB:CVE-2019-16942", "UB:CVE-2019-17267", "UB:CVE-2019-20330", "UB:CVE-2019-2949", "UB:CVE-2019-2964", "UB:CVE-2019-2973", "UB:CVE-2019-2978", "UB:CVE-2019-2981", "UB:CVE-2019-2983", "UB:CVE-2019-2989", "UB:CVE-2020-10969", "UB:CVE-2020-11113", "UB:CVE-2020-14060", "UB:CVE-2020-14062", "UB:CVE-2020-14577", "UB:CVE-2020-14578", "UB:CVE-2020-14579", "UB:CVE-2020-14621", "UB:CVE-2020-2593", "UB:CVE-2020-2601", "UB:CVE-2020-2754", "UB:CVE-2020-2755", "UB:CVE-2020-2756", "UB:CVE-2020-2757", "UB:CVE-2020-2781", "UB:CVE-2020-2800", "UB:CVE-2020-2830", "UB:CVE-2020-8141", "UB:CVE-2020-8840", "UB:CVE-2020-9546", "UB:CVE-2021-20190"]}, {"type": "zdi", "idList": ["ZDI-16-570"]}, {"type": "zdt", "idList": ["1337DAY-ID-30975"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "ibm cognos analytics", "version": 11}, {"name": "ibm cognos analytics", "version": 11}]}, "vulnersScore": 1.0}, "_state": {"dependencies": 1664589264, "score": 1664589264, "affected_software_major_version": 1666695388}, "_internal": {"score_hash": "b6863ea141824060a7dd6d9f40a194e2"}, "affectedSoftware": [{"version": "11.1", "operator": "eq", "name": "ibm cognos analytics"}, {"version": "11.0", "operator": "eq", "name": "ibm cognos analytics"}]}

{"ibm": [{"lastseen": "2022-10-01T01:57:37", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 used by IBM Cognos Business Intelligence. These issues were disclosed as part of the IBM Java SDK updates in January 2020, April 2020 and July 2020. IBM Cognos Business Intelligence has addressed the applicable CVEs. Vulnerabilities have been addressed in the following 3rd party software components that are consumed by IBM Cognos Business Intelligence: FasterXML Jackson-Databind, Apache Commons, and Apache Tomcat. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-20330](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20330>) \n** DESCRIPTION: **A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/173897](<https://exchange.xforce.ibmcloud.com/vulnerabilities/173897>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-14379](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14379>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the SubTypeValidator.java. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165286](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165286>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-11113](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11113>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178903](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178903>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-10969](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10969>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in javax.swing.JEditorPane. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178546](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178546>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-10086](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086>) \n** DESCRIPTION: **Apache Commons Beanutils could allow a remote attacker to gain unauthorized access to the system, caused by the failure to suppresses the class property in bean introspection by default. An attacker could exploit this vulnerability to gain unauthorized access to the classloader. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166353](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166353>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-16942](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16942>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by a polymorphic typing issue in the commons-dbcp class. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-12086](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12086>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a Polymorphic Typing issue that occurs due to missing com.mysql.cj.jdbc.admin.MiniAdmin validation. By sending a specially-crafted JSON message, a remote attacker could exploit this vulnerability to read arbitrary local files on the server. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/161256](<https://exchange.xforce.ibmcloud.com/vulnerabilities/161256>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-13935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to a denial of service, caused by improper validation of the payload length in a WebSocket frame. By sending multiple requests with invalid payload lengths, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185227](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185227>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14060](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14060>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183422](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183422>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14062](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14062>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183425](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183425>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-12402](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by an error in the internal file name encoding algorithm. By choosing the file names inside of a specially crafted archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/165956](<https://exchange.xforce.ibmcloud.com/vulnerabilities/165956>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-24750](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24750>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization between gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/188470](<https://exchange.xforce.ibmcloud.com/vulnerabilities/188470>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-8840](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8840>) \n** DESCRIPTION: **Multiple Huawei products could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of data without proper validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185699](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185699>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2019-17267](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17267>) \n** DESCRIPTION: **FasterXML jackson-databind could provide weaker than expected security, caused by a polymorphic typing issue in the net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. A remote attacker could exploit this vulnerability to launch further attacks on the system. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168514](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168514>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-1935](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1935>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176788](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176788>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-17569](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17569>) \n** DESCRIPTION: **Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/176784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/176784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-9546](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9546>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by the mishandling of interaction between serialization gadgets and typing in org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177102](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177102>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14892](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14892>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using commons-configuration 1 and 2 JNDI classes. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177106](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177106>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-14893](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14893>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization when using the xalan JNDI gadget. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177108](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177108>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2593>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-4732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4732>) \n** DESCRIPTION: **IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2016-1000031](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000031>) \n** DESCRIPTION: **Apache Commons FileUpload, as used in Novell NetIQ Sentinel and other products, could allow a remote attacker to execute arbitrary code on the system, caused by deserialization of untrusted data in DiskFileItem class of the FileUpload library. A remote attacker could exploit this vulnerability to execute arbitrary code under the context of the current process. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/117957](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117957>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Business Intelligence 10.2.2\n\n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix for versions listed as soon as practical.\n\n[IBM Cognos Business Intelligence 10.2.2 IF25](<https://www.ibm.com/support/pages/node/6331803> \"IBM Cognos Business Intelligence 10.2.2 IF25\" ) \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[IBM Java SDK Security Bulletin (July 2020)](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin \\(July 2020\\)\" )\n\n[IBM Java SDK Security Bulletin (April 2020)](<https://www.ibm.com/support/pages/node/6206154> \"IBM Java SDK Security Bulletin \\(April 2020\\)\" )\n\n[IBM Java SDK Security Bulletin (January 2020)](<https://www.ibm.com/support/pages/node/5736807> \"IBM Java SDK Security Bulletin \\(January 2020\\)\" )\n \n \n [Security Bulletin: CVE-2020-2590 may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/6256568> \"Security Bulletin: CVE-2020-2590 may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n \n \n \n \n\n# \n\n \n\n\n \n\n\n## Acknowledgement\n\n## Change History\n\n29 January 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSEP7J\",\"label\":\"Cognos Business Intelligence\"},\"Component\":\"Cognos Business Intelligence\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"10.2.2\",\"Edition\":\"Any\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-29T18:58:10", "type": "ibm", "title": "Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-1000031", "CVE-2019-10086", "CVE-2019-12086", "CVE-2019-12402", "CVE-2019-14379", "CVE-2019-14892", "CVE-2019-14893", "CVE-2019-16942", "CVE-2019-17267", "CVE-2019-17569", "CVE-2019-20330", "CVE-2019-4732", "CVE-2020-10969", "CVE-2020-11113", "CVE-2020-13935", "CVE-2020-14060", "CVE-2020-14062", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-1935", "CVE-2020-24750", "CVE-2020-2590", "CVE-2020-2593", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830", "CVE-2020-8840", "CVE-2020-9546"], "modified": "2021-01-29T18:58:10", "id": "204ADCCC258487D6D5F8C848C95DAB38413055F4AFD05DFCF56FD7435CBF7C69", "href": "https://www.ibm.com/support/pages/node/6378366", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-01T01:56:25", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition Version 7 that is used by IBM Cognos Planning. These issues were disclosed as part of the IBM Java SDK updates in January 2020, April 2020 and July 2020. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2593>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2019-4732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4732>) \n**DESCRIPTION: **IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM Cognos Planning 10.2.1\n\nIBM Cognos Planning 10.2.0\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the fix as soon as practical. As the fix is in a shared component across the IBM Cognos Business Intelligence portfolio, applying the Cognos Business Intelligence 10.2.2 Interim Fix will resolve the issue. \n| Version | Interim Fix \n---|---|--- \nIBM Cognos Planning | 10.2.1 | [IBM Cognos Business Intelligence 10.2.2 Interim Fix 25 (Implemented by file 10.2.6110.542)](<https://www.ibm.com/support/pages/node/6331803> \"IBM Cognos Business Intelligence 10.2.2 Interim Fix 25 \\(Implemented by file 10.2.6110.542\\)\" ) \nIBM Cognos Planning | 10.2.0 | [IBM Cognos Business Intelligence 10.2.2 Interim Fix 25 (Implemented by file 10.2.6110.542)](<https://www.ibm.com/support/pages/node/6331803> \"IBM Cognos Business Intelligence 10.2.2 Interim Fix 25 \\(Implemented by file 10.2.6110.542\\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[IBM Java SDK Security Bulletin (July 2020)](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin \\(July 2020\\)\" )\n\n[IBM Java SDK Security Bulletin (April 2020)](<https://www.ibm.com/support/pages/node/6206154> \"IBM Java SDK Security Bulletin \\(April 2020\\)\" )\n\n[IBM Java SDK Security Bulletin (January 2020)](<https://www.ibm.com/support/pages/node/5736807> \"IBM Java SDK Security Bulletin \\(January 2020\\)\" )\n \n \n \n \n\n## Change History\n\n09 Mar 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSPN2D\",\"label\":\"Cognos Planning\"},\"Component\":\"Cognos Planning\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.2.1, 10.2.0\",\"Edition\":\"All\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T15:51:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos Planning (Q12021)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-4732", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2593", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2830"], "modified": "2021-03-09T15:51:23", "id": "6D9CDA8999A9DACC3CC92F31C9B635358761E015053E1E28134A4EC64E7814D4", "href": "https://www.ibm.com/support/pages/node/6427737", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:59:27", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 7 and 8 used by WebSphere eXtreme Scale. The issues were disclosed as part of the IBM SDK, Java\u2122 Technology Edition updates in April and July 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Extreme Scale| 8.6.0 \nWebSphere Extreme Scale| 8.6.1 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nWebSphere eXtreme Scale| 8.6.0.8| PH29688| Refer to the **Version 8.6** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \nWebSphere eXtreme Scale| 8.6.1.4| PH29688| Refer to the **Version 8.6.1** table in the [Recommended Fixes page for WebSphere eXtreme Scale](<http://www.ibm.com/support/docview.wss?uid=swg27018991>). \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n23 Oct 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSTVLU\",\"label\":\"WebSphere eXtreme Scale\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.6\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-11-04T10:42:47", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-2590", "CVE-2020-2601", "CVE-2020-2654", "CVE-2020-2781", "CVE-2020-2800"], "modified": "2020-11-04T10:42:47", "id": "23BEE634200B9E4FA6BA5050B092CB2E8A6676B9A96B4091423D6C937390F9F2", "href": "https://www.ibm.com/support/pages/node/6359457", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T01:53:10", "description": "## Summary\n\nIBM has addressed the following JRE CVEs: CVE-2020-14621, CVE-2020-14579, CVE-2020-14578, CVE-2020-14577, CVE-2020-2757, CVE-2020-2756, CVE-2020-2755, CVE-2020-2754\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM DataPower Gateway| 10.0.0.0-10.0.1.0 \nIBM DataPower Gateway| 2018.4.1.0-2018.4.1.13 \n \n## Remediation/Fixes\n\nAffected Product(s)| Fixed in Version| APAR \n---|---|--- \nIBM DataPower Gateway| 10.0.1.1| [IT34954](<https://www.ibm.com/support/pages/apar/IT34954> \"IT34954\" ) \nIBM DataPower Gateway| 2018.4.1.14| [IT34954](<https://www.ibm.com/support/pages/apar/IT34954> \"IT34954\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n07 Jan 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS9H2Y\",\"label\":\"IBM DataPower Gateway\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF009\",\"label\":\"Firmware\"}],\"Version\":\"All\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-06-08T21:47:38", "type": "ibm", "title": "Security Bulletin: IBM DataPower Gateway Java security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757"], "modified": "2021-06-08T21:47:38", "id": "FB7B2826853A6CC1030773078566846653AB764C17AD1202D6C43D2C1ACE6068", "href": "https://www.ibm.com/support/pages/node/6398734", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:56:40", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK update for April 2020 and July 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Cognos Command Center 10.2.4.1\n\nIBM Cognos Command Center 10.2.4.0\n\n \n\n\n## Remediation/Fixes\n\n[Cognos Command Center 10.2.4 Fix Pack 1 IF14](<https://www.ibm.com/support/pages/node/6406726> \"Cognos Command Center 10.2.4 Fix Pack 1 IF14\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin (July 2020)](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin \\(July 2020\\)\" )\n\n[IBM Java SDK Security Bulletin (April 2020)](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin \\(April 2020\\)\" )\n\n \n\n\n \n\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n1 March 2021: Updated Remediation/Fixes section \n25 Nov 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSPLNP\",\"label\":\"Cognos Command Center\"},\"Component\":\"Cognos Command Center\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.2.4.1. 10.2.4\",\"Edition\":\"Any\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-03-01T16:34:29", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781"], "modified": "2021-03-01T16:34:29", "id": "5CC6DB3E26D3BAE7015DFB4D74F64D914D157F4C36E60E5C8AB9FB048FBF3CBB", "href": "https://www.ibm.com/support/pages/node/6371232", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-28T22:11:55", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in April 2020, CVE-2019-2949 and CVE-2020-2654.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server, Information Server on Cloud | 11.7 \nInfoSphere Information Server, Information Server on Cloud | 11.5 \nInfoSphere Information Server | 11.3 \n \n## Remediation/Fixes\n\n**_Product_** | \n\n**_VRMF_**\n\n| \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n[JR62268](<http://www.ibm.com/support/docview.wss?uid=swg1JR62268> \"JR62268\" )\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR62268_ISF_services_engine_*>) \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.5\n\n| \n\n[JR62268](<http://www.ibm.com/support/docview.wss?uid=swg1JR62268> \"JR62268\" )\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR62268_ISF_services_engine_*>) \n \n \nInfoSphere Information Server\n\n| \n\n11.3\n\n| \n\n[JR62268](<http://www.ibm.com/support/docview.wss?uid=swg1JR62268> \"JR62268\" )\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR62268_ISF_services_engine_*>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n12 June 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"11.7; 11.5; 11.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-06-12T16:45:45", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781"], "modified": "2020-06-12T16:45:45", "id": "1AF10453648DF6E50FD13383CAC3354F1BE62A0DBDCD7504B40FFEBA471BA53F", "href": "https://www.ibm.com/support/pages/node/6221312", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-01T01:55:43", "description": "## Summary\n\nJava SE issues disclosed in the Oracle July 2020 Critical Patch\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Workload Scheduler| 9.4 \nIBM Workload Scheduler| 9.5 \n \n\n\n## Remediation/Fixes\n\nAPAR IJ30008 has been opened to address Java vulnerabilities affecting IBM Workload Scheduler. \nApar IJ30008 has been included in IBM Workload Scheduler 9.4 FP07 and 9.5 FP03 and they are already available on FixCentral.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n07 Jan 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU004\",\"label\":\"Hybrid Cloud\"},\"Product\":{\"code\":\"SSCHEZ\",\"label\":\"IBM Workload Automation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"9.4, 9.5\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-02T15:06:24", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition, that is used by IBM Workload Scheduler.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2830"], "modified": "2021-04-02T15:06:24", "id": "48884C8E221760F92534E481E23CED02DAD5EBD580D328BCAD26AA27FFD246E7", "href": "https://www.ibm.com/support/pages/node/6439867", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-27T14:04:54", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Java\u2122 Version 6 and Java\u2122 Version 7 that is used by IBM eDiscovery Analyzer. These issues were disclosed as part of the IBM Java SDK updates in Apr 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \neDiscovery Analyzer| 2.2.2 \n \n\n\n## Remediation/Fixes\n\n**Product** | **VRM**| **Remediation** \n---|---|--- \nIBM eDiscovery Analyzer| 2.2.2| Use IBM eDiscovery Analyzer[ 2.2.2.4 Interim Fix 001](<https://www-945.ibm.com/support/fixcentral/swg/downloadFixes?parent=Enterprise%20Content%20Management&product=ibm/Information+Management/InfoSphere+eDiscovery+Analyzer&release=2.2.2.0&platform=All&function=fixId&fixids=2.2.2.4-EDA-WIN-FP0004-IF1&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&login=true>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 July 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSJKLP\",\"label\":\"eDiscovery Analyzer\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"}],\"Version\":\"2.2.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-14T16:35:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM eDiscovery Analyzer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2830"], "modified": "2020-07-14T16:35:03", "id": "106AD49A338E7AC7F1FC75B40B662360FA7CA624A79EA47916C2CF681A2E59E6", "href": "https://www.ibm.com/support/pages/node/6248165", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-27T14:04:45", "description": "## Summary\n\nIBM API Connect has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAPI Connect| IBM API Connect V5.0.0.0-5.0.8.8 \n \n\n\n## Remediation/Fixes\n\n**Affected Product**\n\n| \n\n**Addressed in VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \n \nIBM API Connect\n\nV5.0.0.0-5.0.8.8 \n\n\n| \n\n5.0.8.9 \n\n| LI81614| Addressed in IBM API Connect V5.0.8.9 fixpack \n \nManagement server is impacted. \n \nFollow this link and find the \"Management\" package: \n \n[http://www.ibm.com/support/fixcentral/swg/quickorder](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+API+Connect&release=5.0.8.8&platform=All&function=all&source=fc> \"http://www.ibm.com/support/fixcentral/swg/quickorder\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSMNED\",\"label\":\"IBM API Connect\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"V5.0.0.0-5.0.8.8\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}},{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSMNED\",\"label\":\"IBM API Connect\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"V5.0.0.0-5.0.8.8\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-07-17T20:53:37", "type": "ibm", "title": "Security Bulletin: IBM API Connect is impacted by multiple vulnerabilities in Java.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2830"], "modified": "2020-07-17T20:53:37", "id": "5FF84A409F6E7810279E556BA90D6C5F78BBDB1F21A37746F6A3CA9B07CE5053", "href": "https://www.ibm.com/support/pages/node/6250529", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T01:59:07", "description": "## Summary\n\nVulnerabilities in IBM\u00ae Runtime Environment Java\u2122, IBM WebSphere Application Server Liberty, and Apache Commons affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. The Java vulnerabilities were disclosed as part of the IBM Java SDK updates in January 2020, April 2020, and July 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-4329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** Third Party Entry: **177835 \n** DESCRIPTION: **Apache Commons Codec information disclosure \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 ](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177835>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Spectrum Protect Operations Center| 8.1.0.000-8.1.10.xxx \n7.1.0.000-7.1.11.xxx \nIBM Spectrum Protect Client Management Service (CMS)| 8.1.0.000-8.1.10.xxx \n7.1.0.000-7.1.11.xxx \n \n\n\n## Remediation/Fixes\n\n**IBM Spectrum Protect** \n**Operations Center Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n8.1| 8.1.11.000| AIX \nLinux \nWindows| <http://www.ibm.com/support/pages/node/6368263> \n7.1| 7.1.12.000| AIX \nLinux \nWindows| <https://www.ibm.com/support/pages/node/6368245> \nNote that the Apache Commons vulnerability (Third Party Entry 177835) \ndoes not affect the 7.1 release. \n \n**IBM Spectrum Protect** \n**Client Management Service Release**| **First Fixing** \n**VRM Level**| **Platform**| **Link to Fix** \n---|---|---|--- \n8.1| 8.1.11.000| Linux \nWindows| \n\n[https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1](<https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1/> \"\" ) \nNote that the Apache Commons vulnerability (Third Party Entry 177835) \ndoes not affect the 8.1 release. \n \n7.1| 7.1.12.000| Linux \nWindows| \n\n[https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v7r1](<https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v7r1/> \"\" ) \nNote that the Apache Commons vulnerability (Third Party Entry 177835) \ndoes not affect the 7.1 release. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n20 November 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSER5J\",\"label\":\"IBM Spectrum Protect Extended Edition\"},\"Component\":\"Operations Center, CMS\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.1, 7.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-20T23:56:21", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime, IBM WebSphere Application Server Liberty, and Apache Commons affect IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-2654", "CVE-2020-2781", "CVE-2020-4329"], "modified": "2020-11-20T23:56:21", "id": "A8B1328EDAD509E1D76C6016AE0790BC81F18C61790542709096AA8E663BAEC6", "href": "https://www.ibm.com/support/pages/node/6369171", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-01T01:59:51", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7 and 8 that are used by IBM InfoSphere Information Server. These issues were disclosed as part of the IBM Java SDK updates in July 2020, CVE-2020-2590 and CVE-2020-2601.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n**CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n**DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nInfoSphere Information Server | 11.7 \nInfoSphere Information Server | 11.5 \nInfoSphere Information Server | 11.3 \n \n## Remediation/Fixes\n\n## \n\n**_Product_** | **_VRMF_** | \n\n**_APAR_**\n\n| \n\n**_Remediation/First Fix_** \n \n---|---|---|--- \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.7\n\n| \n\n_[JR62576](<http://www.ibm.com/support/docview.wss?uid=swg1JR62576> \"JR62576\" )_\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is117_JR62576_ISF_services_engine_*> \"README\" ) \n \nInfoSphere Information Server, Information Server on Cloud\n\n| \n\n11.5\n\n| \n\n_[JR62576](<http://www.ibm.com/support/docview.wss?uid=swg1JR62576> \"JR62576\" )_\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is115_JR62576_ISF_services_engine_*> \"README\" ) \n \n \nInfoSphere Information Server\n\n| \n\n11.3\n\n| \n\n_[JR62576](<http://www.ibm.com/support/docview.wss?uid=swg1JR62576> \"JR62576\" )_\n\n| \n\n\\--Follow instructions in the [README](<http://www.ibm.com/support/fixcentral/swg/quickorder?&product=ibm/Information+Management/IBM+InfoSphere+Information+Server&function=fixId&fixids=is113_JR62576_ISF_services_engine_*> \"README\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 Oct 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSZJPZ\",\"label\":\"IBM InfoSphere Information Server\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"11.7; 11.5; 11.3\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-10-21T20:52:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere Information Server", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2590", "CVE-2020-2601"], "modified": "2020-10-21T20:52:26", "id": "56163C4E007DEE70225DB50B4AB2AA4BF3EE1E7FDBFEBA9ABB7FD03338374A02", "href": "https://www.ibm.com/support/pages/node/6342985", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:56:49", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition used by IBM Performance Management. IBM Performance Management has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-14583](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14583>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185061](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185061>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-14593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14593>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 7.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185071](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185071>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14556](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14556>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185034](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185034>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud APM, Base Private| 8.1.4 \nIBM Cloud APM, Advanced Private| 8.1.4 \nIBM Cloud APM| 8.1.4 \n \n\n\n## Remediation/Fixes\n\nIBM Cloud APM, Base Private \n \nIBM Cloud APM, Advanced Private| 8.1.4| The vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-SERVER-IF0011 or later server patch to the system where the Cloud APM server is installed: <https://www.ibm.com/support/pages/node/6415935>\n\n \n\n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0009 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6415947> \n \n---|---|--- \n \nIBM Cloud Application Performance Management\n\n| N/A| \n\nThe vulnerability can be remediated by applying the following 8.1.4.0-IBM-APM-GATEWAY-IF0009 or later Hybrid Gateway patch to the system where the Hybrid Gateway is installed: <https://www.ibm.com/support/pages/node/6415947> \n \n## Workarounds and Mitigations\n\nNone \n\n \n\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n23 Feb 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSTFXA\",\"label\":\"Tivoli Monitoring\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"8.1.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-02-26T00:08:14", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Performance Management products", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-14556", "CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14583", "CVE-2020-14593", "CVE-2020-14621", "CVE-2020-2590", "CVE-2020-2601", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2021-02-26T00:08:14", "id": "E2957241DF0185A99D147775C578113319A7FEAA89DDE258F97F007CFAE79E53", "href": "https://www.ibm.com/support/pages/node/6417139", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-26T13:50:10", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in October 2019.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2989](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2989>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169295>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2019-2983](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2983>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169289](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169289>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2981](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2981>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169287](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169287>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2978](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2978>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169284](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169284>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2973](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2973>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169279](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169279>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2964](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2964>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169270](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169270>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRational Business Developer | 9.5 \nRational Business Developer| 9.6 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \n \n_Rational Business Developer_\n\n| \n\n_9.5.x_\n\n| \n\n_None_\n\n| \n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.5.0&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.5.0&platform=All&function=all>) \n \n_Rational Business Developer_\n\n| \n\n_9.6.x_\n\n| \n\n_None_\n\n| [https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.6&amp;platform=All&amp;function=all](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.6&platform=All&function=all>) \n \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n04 Feb 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSMQ79\",\"label\":\"Rational Business Developer\"},\"Component\":\"Eclipse\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"V9.5.x, V9.6.x\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-03-18T18:25:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2964", "CVE-2019-2973", "CVE-2019-2978", "CVE-2019-2981", "CVE-2019-2983", "CVE-2019-2989"], "modified": "2020-03-18T18:25:59", "id": "87657A9DBD35806BDD4EEC7812C124408FD879EE942483C003EF53DB247FE550", "href": "https://www.ibm.com/support/pages/node/1289134", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-01T01:58:35", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM QRadar SIEM. IBM QRadar SIEM has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2583](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2583>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174531>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM QRadar 7.3.0 to 7.3.3 Patch 5\n\nIBM QRadar 7.4.0 to 7.4.1 Patch 1\n\n## Remediation/Fixes\n\n[QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 6](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20201205215722&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp&source=SAR> \"QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 6\" ) \n[QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 2](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=7.4.0&platform=All&function=fixId&fixids=7.4.1-QRADAR-QRSIEM-20201112005343&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"QRadar / QRM / QVM / QRIF / QNI 7.4.1 Patch 2\" ) \n[QRadar / QRM / QVM / QRIF / QNI 7.4.2 GA](<https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=7.4.0&platform=All&function=fixId&fixids=7.4.2-QRADAR-QRSIEM-20201113144954&includeRequisites=1&includeSupersedes=0&downloadMethod=ddp> \"QRadar / QRM / QVM / QRIF / QNI 7.4.2 GA\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n15 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSBQAC\",\"label\":\"IBM Security QRadar SIEM\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"7.3, 7.4\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-12-15T17:06:47", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621", "CVE-2020-2583", "CVE-2020-2590", "CVE-2020-2601", "CVE-2020-2781"], "modified": "2020-12-15T17:06:47", "id": "A18A9720C1D629ABCA693B2DEF0DBE3723F9496295BE0DB3D86261822B9D1D78", "href": "https://www.ibm.com/support/pages/node/6382282", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-09-26T13:49:04", "description": "## Summary\n\nVulnerabilities in IBM\u00ae SDK Java Technology Edition, Versions 7 and 8 used by WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio. These issues were disclosed as part of the IBM Java SDK updates in April 2020. These issues are also addressed by WebSphere Application Server Network Deployment shipped with WebSphere Service Registry and Repository.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Service Registry and Repository V8.5 and WebSphere Service Registry and Repository Studio V8.5 are affected.\n\n## Remediation/Fixes\n\nFor all releases of WebSphere Service Registry and Repository Studio, upgrade to WebSphere Service Registry and Repository Studio [V8.5.6.2_IJ24784](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FWebSphere%2FWebSphere+Service+Registry+and+Repository&fixids=8.5.6.2-WS-WSRR-Studio-Windows-IFIJ24784&source=SAR> \"V8.5.6.2_IJ24784\" )\n\n \nFor WebSphere Service Registry and Repository these issues are addressed by WebSphere Application Server.\n\n**Principal Product and Version(s)**\n\n| \n\n**Affected Supporting Product and Version(s)** \n \n---|--- \n \nWebSphere Service Registry and Repository V8.5\n\n| \n\nWebSphere Application Server V8.5.5 \n \n \nRefer to the following security bulletin for vulnerability details and information about fixes addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository: \n \n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654](<https://www.ibm.com/support/pages/node/6206850> \"Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n14 May 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSWLGF\",\"label\":\"WebSphere Service Registry and Repository\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.5\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-05-14T18:22:29", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM\u00ae Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2781", "CVE-2020-2800"], "modified": "2020-05-14T18:22:29", "id": "A58485ED1187EA4E51CA143194463C493EBEFDAF1129D1A7BD7970544FD73FC3", "href": "https://www.ibm.com/support/pages/node/6209250", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-27T14:05:27", "description": "## Summary\n\nMultiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nVoice Gateway| 1.0.2 \nVoice Gateway| 1.0.2.4 \nVoice Gateway| 1.0.3 \nVoice Gateway| 1.0.4 \nVoice Gateway| 1.0.5 \n \n\n\n## Remediation/Fixes\n\nUpgrade to IBM Voice Gateway 1.0.6\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 Jun 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS4U29\",\"label\":\"IBM Voice Gateway\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All versions\",\"Edition\":\"IBM Voice Gateway\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-06-19T20:25:47", "type": "ibm", "title": "Security Bulletin: Multiple security vulnerabilities in IBM Java SDK affects IBM Voice Gateway", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-06-19T20:25:47", "id": "A330005D49E2DE9D5BB7AEB1FFF23C2CE2ECD165D6C58311145C72736B358907", "href": "https://www.ibm.com/support/pages/node/6236000", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-27T14:05:15", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by IBM Agile Lifecycle Manager. IBM Agile Lifecycle Manager 2.2 has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAgile Lifecycle Manager| 2.0.0.1 \nAgile Lifecycle Manager| 2.0 \nAgile Lifecycle Manager| 2.1 \nIBM Telco Network Cloud Manager - Orchestration| 1.1 \n \n\n\n## Remediation/Fixes\n\nInstall or Upgrade to IBM Agile Lifecycle Manager 2.2 which is part of [IBM Telco Network Cloud Manager 1.2](<https://www.ibm.com/support/pages/node/6213216> \"IBM Telco Network Cloud Manager 1.2\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n26 Jun 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS8HQ3\",\"label\":\"IBM Agile LifeCycle Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF040\",\"label\":\"RedHat OpenShift\"}],\"Version\":\"2.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-06-29T11:35:56", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Agile Lifecycle Manager", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-06-29T11:35:56", "id": "C246517FD5FC9B1778BB785CAC7D486CDCEA75F5110BBBA5A13F9E54060B3EE8", "href": "https://www.ibm.com/support/pages/node/6241438", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-12-30T21:29:05", "description": "## Summary\n\nThere are several vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is shipped as part of multiple IBM Tivoli Monitoring (ITM) components.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Tivoli Monitoring| 6.3.0 \n \n## Remediation/Fixes\n\n**Java Tivoli Enterprise Portal Remediation:** \nThese vulnerabilities exist where the affected Java Runtime Environment (JRE) is installed on systems running the Tivoli Enterprise Portal Browser client or Java WebStart client. The affected JRE is installed on a system when logging in to the IBM Tivoli Enterprise Portal by using the Browser client or WebStart client and a JRE at the required level does not exist. The portal provides an option to download the provided JRE to the system. \n \nThis fix provides updated JRE packages for the portal server, which can be downloaded by new client systems. Once the fix is installed on the portal server, instructions in the readme file can be used to download the updated JRE from the portal to the portal clients.\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_TEP-20200730| 6.3.0 through 6.3.0 FP7 (including any service packs)| [IBM Tivoli Monitoring 6 JRE Update (6.X.X-TIV-ITM_JRE_TEP-20200730 )](<https://www.ibm.com/support/pages/node/6252439> \"IBM Tivoli Monitoring 6 JRE Update \\(6.X.X-TIV-ITM_JRE_TEP-20200730 \\)\" ) \n \n**Java (CANDLEHOME) Remediation:** \nThe patch can be installed and updates the shared Tivoli Enterprise-supplied JRE (jr component on UNIX/Linux) or embedded JVM (JVM component on Windows).\n\n## Fix\n\n| \n\n## VRMF\n\n| \n\n## How to acquire fix \n \n---|---|--- \n6.X.X-TIV-ITM_JRE_CANDLEHOME-20200730| 6.3.0 through 6.3.0 FP7 (including any service packs)| [IBM Tivoli Monitoring 6 JRE Update (6.X.X-TIV-ITM_JRE_CANDLEHOME-20200730 )](<https://www.ibm.com/support/pages/node/6252441> \"IBM Tivoli Monitoring 6 JRE Update \\(6.X.X-TIV-ITM_JRE_CANDLEHOME-20200730 \\)\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n24 July 2020: Added additional cve&amp;#39;s \n30 Jul 2020: Initial Publication \n\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTFXA\",\"label\":\"Tivoli Monitoring\"},\"Component\":\"JRE\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"6.3.0,6.3.0.1,6.3.0.2,6.3.0.3,6.3.0.4,6.3.0.5,6.3.0.6,6.3.0.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2022-12-30T17:31:59", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Monitoring", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2022-12-30T17:31:59", "id": "A7091906DFD80052FAA8ED3478A61AFDFCE959988C96DE805466D167EAB989EC", "href": "https://www.ibm.com/support/pages/node/6252467", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-06T10:01:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition from April 2020 CPU and the CVE-2019-2949 (deferred from Oracle Oct 2019 CPU) that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Lifecycle Optimization - Engineering Insights (ENI), IBM Engineering Workflow Management (EWM), IBM Engineering Systems Design Rhapsody - Design Manager (RDM), IBM Engineering Systems Design Rhapsody - Model Manager (RMM). These issues were disclosed as part of the IBM Java SDK updates in April 2020. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRTC| 6.0.2 \nRTC| 6.0.6.1 \nRTC| 6.0.6 \nEWM| 7.0 \nDNG| 6.0.6 \nDNG| 6.0.6.1 \nDNG| 6.0.2 \nDOORS Next| 7.0 \nRPE| 2.1.0 \nRPE| 2.1.2 \nRPE| 6.0.5 \nRPE| 6.0.6 \nRPE| 6.0.6.1 \nRPE| 2.1.1 \nCLM| 6.0.6.1 \nCLM| 6.0.6 \nCLM| 6.0.2 \nELM| 7.0 \nRQM| 6.0.6.1 \nRQM| 6.0.6 \nETM| 7.0.0 \nRQM| 6.0.2 \n \n## Remediation/Fixes\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Continuous Engineering product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654](<https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2020-cpu-plus-deferred-cve-2019-2949-and-cve-2020-2654/> \"Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654\" ) to get the WAS remediation.\n 3. If you are deploying the IBM Engineering products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process: \n * [How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology](<https://www.ibm.com/support/pages/node/511171> \"How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology\" )\n\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 6.0.6 or 6.0.6.1 Or optionally, upgrade to the latest 7.0 version. \n \n2\\. Optionally, apply the latest iFix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information.\n\n * For all releases upgrade to: **JRE 8.0.6.10 or above **\n * [Rational Collaborative Lifecycle Management 7.0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=7.0&platform=All&function=all> \"Rational Collaborative Lifecycle Management 7.0\" )\n * [IBM Engineering Lifecycle Management 6.0.6.1](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6.1&platform=All&function=all> \"Rational Collaborative Lifecycle Management 6.0.6.1\" )\n * [IBM Engineering Lifecycle Management 6.0.6](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all> \"Rational Collaborative Lifecycle Management 6.0.6\" )\n * [IBM Engineering Lifecycle Management 6.0.2](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all> \"Rational Collaborative Lifecycle Management 6.0.2\" )\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology](<https://www.ibm.com/support/pages/node/511171> \"How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology\" ) \n \n5\\. Navigate to the server directory in your IBM Engineering product installation path, and go to jre/lib/security path. \n \n6\\. Optionally, If you have not performed a Licenses upgrade as described in the link below, please follow the instructions to complete the setup:\n\n[No IBM Rational trial, server, or client access licenses available after upgrading Java and/or listed products](<http://www.ibm.com/support/docview.wss?uid=swg22008957>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nAlso, you can found that product names have been modified recently: <https://jazz.net/blog/index.php/2019/04/23/renaming-the-ibm-continuous-engineering-portfolio/>\n\n## Acknowledgement\n\n## Change History\n\n15 Jun 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYMRC\",\"label\":\"Rational Collaborative Lifecycle Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SSV36Y\",\"label\":\"IBM Engineering Systems Design Rhapsody - Model Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SS2L6K\",\"label\":\"Rational Engineering Lifecycle Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSCP65\",\"label\":\"Rational Team Concert\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6RHZ\",\"label\":\"Rational Publishing Engine\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SSR27Q\",\"label\":\"Rational Quality Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJJ9R\",\"label\":\"Rational DOORS Next Generation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSRNEV\",\"label\":\"Rational Rhapsody Design Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSRMY8\",\"label\":\"Rational Software Architect Design Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-08-04T16:06:07", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-08-04T16:06:07", "id": "5F1E522907674359F402A2020625D76DEC18F78C51601FDF6F1CC062F78B5BC6", "href": "https://www.ibm.com/support/pages/node/6232710", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-26T13:49:05", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM SDK Java Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in April 2020. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 through 2.3.3.0.\n\n \n\n\n## Remediation/Fixes\n\nPlease see the [IBM Java SDK Security Bulletin for WebSphere Application Server](<https://www.ibm.com/support/pages/node/6206850> \"IBM Java SDK Security Bulletin for WebSphere Application Server\" ) to determine which WebSphere Application Server versions are affected and to obtain the JDK fixes. The interim fix [1.0.0.0-WS-WASPATTERNS-JDK-2004](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-2004&includeSupersedes=0> \"1.0.0.0-WS-WASPATTERNS-JDK-2004\" ) can be used to apply the April 2020 SDK iFixes in a PureApplication or Cloud Pak System Environment. \n\nDownload and apply the interim fix [1.0.0.0-WS-WASPATTERNS-JDK-2004.](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%2FWebSphere&product=ibm/WebSphere/WebSphere+Application+Server+Patterns&release=All&platform=All&function=fixId&fixids=1.0.0.0-WS-WASPATTERNS-JDK-2004&includeSupersedes=0> \"1.0.0.0-WS-WASPATTERNS-JDK-2004.\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 May 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSAJ7T\",\"label\":\"WebSphere Application Server Patterns\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-05-14T18:05:21", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server April 2020 CPU that is bundled with IBM WebSphere Application Server Patterns", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-05-14T18:05:21", "id": "29B7E8A593B85D211D961E858CD47DDE4578E14A3B0026D2CCBE046945B264FD", "href": "https://www.ibm.com/support/pages/node/6209285", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-06T10:01:26", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java Technology Edition from April 2020 CPU and the CVE-2019-2949 (deferred from Oracle Oct 2019 CPU) that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management (ELM), IBM Engineering Requirements Management DOORS Next (DOORS Next), IBM Engineering Lifecycle Optimization - Engineering Insights (ENI), IBM Engineering Workflow Management (EWM), IBM Engineering Systems Design Rhapsody - Design Manager (RDM), IBM Engineering Systems Design Rhapsody - Model Manager (RMM). These issues were disclosed as part of the IBM Java SDK updates in April 2020. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRhapsody DM| 6.0.6 \nRhapsody DM| 6.0.6.1 \nRhapsody DM| 6.0.2 \nRDM| 7.0 \nRPE| 2.1.0 \nRPE| 2.1.2 \nRPE| 6.0.6 \nRPE| 6.0.6.1 \nPUB| 7.0 \nRPE| 2.1.1 \nCLM| 6.0.6.1 \nCLM| 6.0.6 \nCLM| 6.0.2 \nELM| 7.0 \nRELM| 6.0.6.1 \nRELM| 6.0.6 \nRELM| 6.0.2 \nENI| 7.0 \n \n\n\n## Remediation/Fixes\n\n 1. If your product is deployed on WebSphere Application Server (WAS) and your deployment does not use an Eclipse based client nor the RM Browser plugin, then it is sufficient to continue using the existing version of your IBM Continuous Engineering product, and only upgrade the JRE in the WAS server.\n 2. For the below remediations, if you have a WAS deployment, then WAS must also be remediated, in addition to performing your product upgrades. Follow instructions at [Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654](<https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-affect-websphere-application-server-april-2020-cpu-plus-deferred-cve-2019-2949-and-cve-2020-2654/> \"Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654\" ) to get the WAS remediation.\n 3. If you are deploying the IBM Engineering products to a WAS Liberty or a Tomcat Server, you will need to follow the instructions below to upgrade the JRE, and then must also configure to complete the upgrade process: \n * [How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology](<https://www.ibm.com/support/pages/node/511171> \"How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology\" )\n \n**STEPS TO APPLY THE REMEDIATION:** \n \n1\\. Optionally, upgrade your products to an Extended Maintenance Release version: 6.0.6 or 6.0.6.1 Or optionally, upgrade to the latest 7.0 version. \n \n2\\. Optionally, apply the latest iFix for your installed version. \n \n3\\. Obtain the latest Java JRE CPU update for the IBM Java SDK using the following information. \n\n * For all releases upgrade to: **JRE 8.0.6.10 or above **\n * [Rational Collaborative Lifecycle Management 7.0](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Engineering&product=ibm/Rational/IBM+Engineering+Lifecycle+Management&release=7.0&platform=All&function=all> \"Rational Collaborative Lifecycle Management 7.0\" )\n * [IBM Engineering Lifecycle Management 6.0.6.1](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6.1&platform=All&function=all> \"Rational Collaborative Lifecycle Management 6.0.6.1\" )\n * [IBM Engineering Lifecycle Management 6.0.6](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.6&platform=All&function=all> \"Rational Collaborative Lifecycle Management 6.0.6\" )\n * [IBM Engineering Lifecycle Management 6.0.2](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Rational&product=ibm/Rational/Rational+Collaborative+Lifecycle+Management+Solution&release=6.0.2&platform=All&function=all> \"Rational Collaborative Lifecycle Management 6.0.2\" )\n\n4\\. Upgrade your JRE following the instructions in the link below: \n[How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology](<https://www.ibm.com/support/pages/node/511171> \"How to update the IBM SDK for Java of IBM Engineering Lifecycle Management products based on version 6.0 or later of IBM's Jazz technology\" ) \n \n5\\. Navigate to the server directory in your IBM Engineering product installation path, and go to jre/lib/security path. \n \n6\\. Optionally, If you have not performed a Licenses upgrade as described in the link below, please follow the instructions to complete the setup:\n\n[No IBM Rational trial, server, or client access licenses available after upgrading Java and/or listed products](<http://www.ibm.com/support/docview.wss?uid=swg22008957>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\nAlso, you can found that product names have been modified recently: <https://jazz.net/blog/index.php/2019/04/23/renaming-the-ibm-continuous-engineering-portfolio/>\n\n## Change History\n\n03 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSYMRC\",\"label\":\"Rational Collaborative Lifecycle Management\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SS2L6K\",\"label\":\"Rational Engineering Lifecycle Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSJJ9R\",\"label\":\"Rational DOORS Next Generation\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSCP65\",\"label\":\"Rational Team Concert\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSRNEV\",\"label\":\"Rational Rhapsody Design Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"\",\"label\":\"\"}},{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS6RHZ\",\"label\":\"Rational Publishing Engine\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSRMY8\",\"label\":\"Rational Software Architect Design Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}},{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SSV36Y\",\"label\":\"IBM Engineering Systems Design Rhapsody - Model Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB59\",\"label\":\"Sustainability Software\"}},{\"Business Unit\":{\"code\":\"BU055\",\"label\":\"Cognitive Applications\"},\"Product\":{\"code\":\"SSR27Q\",\"label\":\"Rational Quality Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"6.0 - 7.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB02\",\"label\":\"AI Applications\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-08-04T16:06:07", "type": "ibm", "title": "Security Bulletin: Security Vulnerabilities in IBM\u00ae Java SDK April 2020 CPU affect multiple IBM Continuous Engineering products based on IBM Jazz Technology", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-08-04T16:06:07", "id": "82936D00277BFB24D711DDE526D1CD366BD17ED7C68CDF976B86CBD7574AE2B5", "href": "https://www.ibm.com/support/pages/node/6243888", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-14T14:09:44", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM SDK Java Technology Edition, Versions 7, 7.1, 8 used by AIX. AIX has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nAIX| 7.1 \nAIX| 7.2 \nVIOS| 2.2 \nVIOS| 3.1 \n \nThe following fileset levels (VRMF) are vulnerable, if the respective Java version is installed: \nFor Java7: Less than 7.0.0.665 \nFor Java7.1: Less than 7.1.0.465 \nFor Java8: Less than 8.0.0.610\n\nNote: To find out whether the affected Java filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.\n\nExample: lslpp -L | grep -i java\n\n## Remediation/Fixes\n\nNote: Recommended remediation is to always install the most recent Java package available for the respective Java version.\n\nIBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 65 and subsequent releases: \n[32-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=i bm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28 Java+SE%29&release=7.0.0.0&platform=AIX+32-bit,+pSeries&function=all> \"32-bit\" ) \n[64-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=i bm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28 Java+SE%29&release=7.0.0.0&platform=AIX+64-bit,+pSeries&function=all> \"64-bit\" )\n\nIBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 65 and subsequent releases: \n[32-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=i bm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28 Java+SE%29&release=7.1.0.0&platform=AIX+32-bit,+pSeries&function=all> \"32-bit\" ) \n[64-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=i bm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28 Java+SE%29&release=7.1.0.0&platform=AIX+64-bit,+pSeries&function=all> \"64-bit\" )\n\nIBM SDK, Java Technology Edition, Version 8 Service Refresh 6 Fix Pack 11 and subsequent releases: \n[32-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=i bm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28 Java+SE%29&release=8.0.0.0&platform=AIX+32-bit,+pSeries&function=all> \"32-bit\" ) \n[64-bit](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=i bm~WebSphere&product=ibm/IBM+SDKs+for+Java+Technology/Java+Standard+Edition+%28 Java+SE%29&release=8.0.0.0&platform=AIX+64-bit,+pSeries&function=all> \"64-bit\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[AIX Security Bulletin (ASCII format)](<https://aix.software.ibm.com/aix/efixes/security/java_apr2020_advisory.asc> \"AIX Security Bulletin \\(ASCII format\\)\" )\n\n## Acknowledgement\n\n## Change History\n\n31 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SWG10\",\"label\":\"AIX\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"}],\"Version\":\"All\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-07-31T16:44:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-07-31T16:44:50", "id": "FE5A75E2674E3A954976CA7480FE30450BFC40F47930B14A81EBD11A3AB87FD2", "href": "https://www.ibm.com/support/pages/node/6255212", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-27T14:04:19", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by the z/TPF system. z/TPF has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nz/Transaction Processing Facility| 1.1 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| APAR| Remediation/First Fix \n---|---|---|--- \nz/TPF| 1.1| PJ46161| Download and install the PJ46161_ibm-java-jre-8.0-6.10 package from the [IBM 64-bit Runtime Environment for z/TPF, Java Technology Edition, Version 8](<http://www.ibm.com/support/docview.wss?uid=swg24043118>) download page. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/bulletin/#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSZL53\",\"label\":\"TPF\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF036\",\"label\":\"z\\/TPF\"}],\"Version\":\"1.1\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-07-21T21:17:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-07-21T21:17:26", "id": "18D984242422866F95B81DD465CAB967B26797D13E68A166EDB40E265805B71C", "href": "https://www.ibm.com/support/pages/node/6251333", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-26T13:50:16", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8.0.5.37 &amp; Versions 7.0.10.45 used by IBM Integration Bus &amp; IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in July 2019\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163878](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163878>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-2762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2769](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-4473](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4473>) \n** DESCRIPTION: **Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11771>) \n** DESCRIPTION: **Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the inclusion of unused RPATHS in AIX builds. An attacker could exploit this vulnerability to inject code and gain elevated privileges on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163989>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nIBM App Connect Enterprise V11 , V11.0.0.0 - V11.0.0.7\n\nIBM Integration Bus V10.0.0.0 - V10.0.0.19\n\nIBM Integration Bus V9.0.0.0 - V9.0.0.11\n\n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| APAR| \n\n**Remediation / Fix** \n \n---|---|---|--- \nIBM App Connect Enterprise V11| V11.0.0.0 - V11.0.0.7| IT30671 \n| \n\nInterim fix (for APARs IT32001 IT30671 IT31713) available here on IBM Fix Central for all the platforms.\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/IBM+App+Connect+Enterprise&release=11.0.0.7&platform=All&function=aparId&apars=IT32001> \"IBM Fix Central\" ) \n \nIBM Integration Bus| V10.0.0.0 - V10.0.019| IT30671| \n\nInterim fix (for APARs IT32001 IT30671 IT31713) available here on IBM Fix Central for all the platforms.\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=10.0.0.19&platform=All&function=aparId&apars=+IT32001> \"IBM Fix Central\" ) \n \nIBM Integration Bus| V9.0.0.0 - V9.0.0.11| IT30617| Interim fix available here on IBM Fix Central for all the platforms. [IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/Integration+Bus&release=9.0.0.11&platform=All&function=aparId&apars=+IT30617> \"IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n09 Mar 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSNQK6\",\"label\":\"IBM Integration Bus\"},\"Component\":\"-\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"V10\",\"Edition\":\"-\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-11T09:06:26", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11771", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-4473"], "modified": "2020-03-11T09:06:26", "id": "8CD65E293EB47E0CBA5C0D0F22B1A987F38561C63CA622E0B8DF45C0546C2B9A", "href": "https://www.ibm.com/support/pages/node/5695317", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-09-26T13:50:14", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Versions 7.0.10.45 used by WebSphere Message Brokerr V8. These issues were disclosed as part of the IBM Java SDK updates in July 2019\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163878](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163878>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2019-2762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-2769](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-4473](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4473>) \n** DESCRIPTION: **Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163984>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-11771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11771>) \n** DESCRIPTION: **Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the inclusion of unused RPATHS in AIX builds. An attacker could exploit this vulnerability to inject code and gain elevated privileges on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163989>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nWebSphere Message Broker V8.0.0.0 - V8.0.0.9\n\n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| APAR| \n\n**Remediation / Fix** \n \n---|---|---|--- \nWebSphere Message Broker| V8.0.0.0 - V8.0.0.9| IT30617| \n\nInterim fix available here on IBM Fix Central for all the platforms.\n\n[IBM Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7EWebSphere&product=ibm/WebSphere/WebSphere+Message+Broker&release=8.0.0.9&platform=All&function=aparId&apars=+IT30617> \"IBM Fix Central\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n11 Mar 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSKM8N\",\"label\":\"WebSphere Message Broker\"},\"Component\":\"-\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF027\",\"label\":\"Solaris\"}],\"Version\":\"V8\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-16T05:42:19", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect WebSphere Message Broker V8.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11771", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-4473"], "modified": "2020-03-16T05:42:19", "id": "1DA2CBB07D7E2C540D55EE75A2FCF12E3A2EBC9BA0A28064A290348DCC390603", "href": "https://www.ibm.com/support/pages/node/5740173", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-10T00:00:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 &amp; 8 and IBM\u00ae Runtime Environment Java\u2122 Version 7 &amp; 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. \n \nThese issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in July 2019. \n\n\n## Vulnerability Details\n\nIf you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n**CVEID:** [CVE-2019-2769](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/163832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163832>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/163826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163826>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [CVE-2019-2816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816>) \n**DESCRIPTION:** An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base Score: 4.8 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/163878](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163878>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID:** [CVE-2019-4473](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4473>) \n**DESCRIPTION:** Multiple binaries in IBM SDK, Java Technology Edition on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/163984](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163984>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [CVE-2019-11771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11771>) \n**DESCRIPTION:** Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the inclusion of unused RPATHS in AIX builds. An attacker could exploit this vulnerability to inject code and gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [https://exchange.xforce.ibmcloud.com/vulnerabilities/163989](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Rational** Business Developer 9.1 - 9.6\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \n \n_Rational Business Developer_\n\n| \n\n_9.1.x_\n\n| \n\n_None_\n\n| \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.1.1.2&amp;platform=All&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.1.1.2&platform=All&function=all>) \n \n_Rational Business Developer_\n\n| \n\n_9.5.x_\n\n| \n\n_None_\n\n| \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.5.1.1&amp;platform=All&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.5.1.1&platform=All&function=all>) \n \n_Rational Business Developer_\n\n| \n\n_9.6_\n\n| \n\n_None_\n\n| \n\n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.6&amp;platform=All&amp;function=all](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&product=ibm/Rational/Rational+Business+Developer&release=9.6&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\nSecurity Bulletin : _ [IBM Java SDK Security Bulletin](<https://www.ibm.com/support/docview.wss?uid=ibm10960422>) _\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\nNone\n\n## Change History\n\n25th August 2019: Original version published.\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSMQ79\",\"label\":\"Rational Business Developer\"},\"Component\":\"Eclipse\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"v9.1 to v9.1.1.1, v9.1.1.2, v9.5.1, v9.5.1.1, v9.6\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-11-05T12:40:23", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11771", "CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-4473"], "modified": "2019-11-05T12:40:23", "id": "8FC8252D06C92F29AE3C11FFC86B7FEAECBBB92836EFADAAE3D8D103F089FF6A", "href": "https://www.ibm.com/support/pages/node/1079823", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-14T21:45:48", "description": "## Summary\n\nThere are multiple vulnerabiltities in WebSphere Application Server Liberty that is shipped with IBM WebSphere Application for IBM Cloud Private VM Quickstarter. Information disclosure in WebSphere Application Server. There is a denial of service vulnerablility in WebSphere Application Server. CVE-2020-2654 was disclosed as part of the Oracle January 2020 Critical Patch Update. CVE-2019-2949 may affect IBM\u00ae SDK, Java\u2122 Technology Edition. Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-4329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-4720](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4720>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available memory. IBM X-Force ID: 172125. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172125](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172125>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nThese vulnerabilities affect the following versions and releases of IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter\n\n * 3.0\n * 3.1\n \n\n\n## Remediation/Fixes\n\nFor details on the vulnerabilities refer to the security bulletins listed below: \n\n * [WebSphere Application Server is vulnerable to a denial of service (CVE-2019-4720)](<https://www.ibm.com/support/pages/node/1285372> \"WebSphere Application Server is vulnerable to a denial of service \\(CVE-2019-4720\\)\" )\n * [Information disclosure in WebSphere Application Server (CVE-2020-4329)](<https://www.ibm.com/support/pages/node/6201862> \"Information disclosure in WebSphere Application Server \\(CVE-2020-4329\\)\" )\n * [CVE-2020-2654 may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/5736807> \"CVE-2020-2654 may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n * [CVE-2019-2949 may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/6206153> \"CVE-2019-2949 may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n * [Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654](<https://www.ibm.com/support/pages/node/6206850> \"Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654\" )\n\nTo obtain these changes for your installation, upgrade IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter to version 3.1.1 or higher. The service procedure can be found here: \n\n * [Upgrading your installation](<https://www.ibm.com/support/knowledgecenter/SSTF9X/install-upgrade.html>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n30 July 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSKKCK\",\"label\":\"IBM WebSphere Application Server in IBM Cloud\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB36\",\"label\":\"IBM Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-07-30T13:29:49", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2019-4720", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830", "CVE-2020-4329"], "modified": "2020-07-30T13:29:49", "id": "7F8C5B286D46F7C07594D83B9BEAA8FFE7516BE4B7A585530E218AC7EB0CDC1F", "href": "https://www.ibm.com/support/pages/node/6254704", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T01:57:20", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 that is used by Rational Developer for i. These issues were disclosed as part of the IBM Java SDK updates in July 2020 (CVE-2020-14579, CVE-2020-14578, CVE-2020-14577) or deferred from the IBM Java SDK updates in January 2020 (CVE-2020-2590, CVE-2020-2601).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) - VRMF** \n---|--- \nRational Developer for i (RDi) RPG and COBOL Tools, Modernization Tools- Java Edition| 9.6, 9.6.0.1, 9.6.0.2, 9.6.0.3, 9.6.0.4, 9.6.0.5,9.6.0.6, 9.6.0.7, 9.6.0.8, 9.6.0.9 \n \n## Remediation/Fixes\n\nUpdate the IBM SDK, Java Technology Edition of the product to address this vulnerability:\n\n**Product**\n\n| **VRMF**| **Remediation/First Fix** \n---|---|--- \nRational Developer for i| 9.6 through to 9.6.0.9| \n\n * For all versions, update the currently installed product using Installation Manager. For instructions on installing this update using Installation Manager, review the topic in the [Updating Installed Product Packages](<http://www.ibm.com/support/knowledgecenter/SSAE4W_9.6.0/com.ibm.etools.iseries.install.doc/topics/t_upgrading.html>) IBM Knowledge Center.\n * Or, you can optionally download the update manually and apply the fix pack: [Rational Developer for i Fix Pack 9.6.0.10 for 9.6](<https://www.ibm.com/support/pages/node/6412165> \"Rational Developer for i Fix Pack 9.6.0.10 for 9.6\" ) to address the IBM SDK Java Technology Edition Critical Patch Update - July 2020 - RDi. Make sure to click on the **RDi fixes and downloads** FC link to update to IBM Java 8 SR6 FP15. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n10 Feb 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSAE4W\",\"label\":\"Rational Developer for i\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.6.0, 9.6.0.1, 9.6.0.2, 9.6.0.3, 9.6.0.4, 9.6.0.5, 9.6.0.6, 9.6.0.7, 9.6.0.8, 9.6.0.9\",\"Edition\":\"RPG and COBOL Tools, Modernization Tools- Java Edition\",\"Line of Business\":{\"code\":\"LOB57\",\"label\":\"Power\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-02-10T16:26:07", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Rational Developer for i - July 2020.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-2590", "CVE-2020-2601"], "modified": "2021-02-10T16:26:07", "id": "126B68DF7D94FF4A271BD328B84B0F650FD1FEDE6DF7EA0D1451383DA938C9AB", "href": "https://www.ibm.com/support/pages/node/6414337", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-01T01:58:28", "description": "## Summary\n\nThere are vulnerabilities in the IBM\u00ae Runtime Environment Java\u2122 Versions 7 and 8, which is used by IBM Rational ClearCase. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jul 2020 - Includes Oracle Jul 2020 CPU plus one additional vulnerability.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearCase | 9.0 \nIBM Rational ClearCase | 9.0.1 \nIBM Rational ClearCase | 9.0.2 \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS). \n\n#### **Client and server fixes**\n\nApply the relevant fixes as listed in the table below. \n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n| \n \n9.0.2 through 9.0.2.2\n\n| Install [Rational ClearCase Fix Pack 3 (9.0.2.3) for 9.0.2](<https://www.ibm.com/support/pages/node/6369223> \"Rational ClearCase Fix Pack 3 \\(9.0.2.3\\) for 9.0.2\" ) \n \n9.0.1 through 9.0.1.10 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearCase Fix Pack 11 (9.0.1.11) for 9.0.1](<https://www.ibm.com/support/pages/node/6369225> \"Rational ClearCase Fix Pack 11 \\(9.0.1.11\\) for 9.0.1\" ) \n \n_For 8.0 and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**Notes:**\n\n * The HPUX Java fix for the CVEs is on a delayed cycle. Therefore, HPUX is still vulnerable to these CVEs.\n * If you use CCRC as an extension offering installed into an Eclipse shell (one not provided as part of a ClearCase release), or you use rcleartool or CMAPI using a Java\u2122 Virtual Machine not supplied by IBM as part of Rational ClearCase, you should update the Java\u2122 Virtual Machine that you use to include a fix for the above issues. Contact the supplier of your Java\u2122 Virtual Machine and/or the supplier of your Eclipse shell.\n\n#### **CCRC WAN server fixes**\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n9.0.0.x \n9.0.1.x | Apply the appropriate WebSphere Application Server fix directly to your CCRC WAN server host. No ClearCase-specific steps are necessary. \n \n 1. Determine the WAS version used by your CCRC WAN server. Navigate to the CCRC profile directory (either the profile you specified when installing ClearCase, or `<ccase-home>/common/ccrcprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601](<https://www.ibm.com/support/pages/node/6256732> \"Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601\" ) \nand apply the latest available fix for the version of WAS used for CCRC WAN server.\n\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link below (in the section \"Get Notified about Future Security Bulletins\") to subscribe to WebSphere product support alerts for additional Java SDK fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/6256562> \"Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSSH27\",\"label\":\"Rational ClearCase\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.0, 9.0.1, 9.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-12-18T13:31:41", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase (CVE-2020-14577, CVE-2020-14578, CVE-2020-14579)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-2590", "CVE-2020-2601"], "modified": "2020-12-18T13:31:41", "id": "81C1E90B442C2A0414E332CFEC7A9AF52F07B9A1EB108BD38590638A55A2FA32", "href": "https://www.ibm.com/support/pages/node/6381898", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-06T21:59:07", "description": "## Summary\n\nWebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager (SKLM). There are multiple vulnerabilities in the IBM\u00ae SDK, Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. \n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Security Key Lifecycle Manager | 4.0 \nIBM Security Key Lifecycle Manager | 3.0.1 \n \n## Remediation/Fixes\n\nPlease consult the following Security Bulletins: \n\n[Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601](<https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-ibm%C2%AE-java-sdk-affect-websphere-application-server-july-2020-cpu-plus-deferred-cve-2020-2590-and-cve-2020-2601> \"Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601\" )\n\nfor vulnerability details and information about fixes.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Aug 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Line of Business\":{\"code\":\"LOB24\",\"label\":\"Security Software\"},\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSWPVP\",\"label\":\"IBM Security Key Lifecycle Manager\"},\"ARM Category\":[{\"code\":\"a8m0z000000cvdLAAQ\",\"label\":\"SKLM\"}],\"ARM Case Number\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"3.0.1;4.0.0\"}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-09-10T01:40:06", "type": "ibm", "title": "Security Bulletin:Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) - July 2020 CPU", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-2590", "CVE-2020-2601"], "modified": "2020-09-10T01:40:06", "id": "209015250B80439611FDB1F1A2369A99A49321230511D7CABA730B14E74555E6", "href": "https://www.ibm.com/support/pages/node/6328985", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-01T01:59:33", "description": "## Summary\n\nThis Security Bulletin addresses multiple vulnerabilities that have been remediated in IBM Planning Analytics Local 2.0.9.3 and IBM Planning Analytics Workspace Release 58. There are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 used by IBM Planning Analytics and IBM Planning Analytics Workspace. IBM Planning Analytics 2.0.9.3 and IBM Planning Analytics Workspace Release 58 have addressed the applicable CVEs by upgrading to IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 6 Fix Pack 15. As of version 2.0.6, IBM Planning Analytics is no longer compatible with IBM\u00ae Runtime Environment Java\u2122 Version 7. IBM Planning Analytics 2.0.9.3 (Windows) will install IBM\u00ae Runtime Environment Java\u2122 Version 8. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information. There are vulnerabilities in IBM WebSphere Application Server Liberty used by IBM Planning Analytics Local and IBM Planning Analytics Workspace. The applicable CVEs have been addressed in IBM Planning Analytics Local 2.0.9.3 and Planning Analytics Workspace Release 58. Other vulnerabilities in IBM Planning Analytics Workspace have been addressed.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-4329](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4329>) \n** DESCRIPTION: **IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/177841](<https://exchange.xforce.ibmcloud.com/vulnerabilities/177841>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2019-17573](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17573>) \n** DESCRIPTION: **Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174689](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174689>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-8203](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8203>) \n** DESCRIPTION: **Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute arbitrary code on the system. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2014-0107](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0107>) \n** DESCRIPTION: **Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker could exploit this vulnerability to bypass the secure processing feature to load arbitrary restricted classes. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/92023](<https://exchange.xforce.ibmcloud.com/vulnerabilities/92023>) for the current score. \nCVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) \n \n** CVEID: **[CVE-2020-8141](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8141>) \n** DESCRIPTION: **Node.js dot package could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Function(). By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/178225](<https://exchange.xforce.ibmcloud.com/vulnerabilities/178225>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-11771](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771>) \n** DESCRIPTION: **Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 3.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/148429](<https://exchange.xforce.ibmcloud.com/vulnerabilities/148429>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-4649](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4649>) \n** DESCRIPTION: **IBM Planning Analytics could expose data to non-privleged users by not invalidating TM1Web user sessions. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186022](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186022>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nIBM Planning Analytics Local 2.0.9.2 and below\n\nIBM Planning Analytics Workspace Release 57 and below\n\n## Remediation/Fixes\n \n \n [IBM Planning Analytics Local 2.0.9.3 is now available for download from Fix Central](<https://www.ibm.com/support/pages/node/6328853> \"IBM Planning Analytics Local 2.0.9.3 is now available for download from Fix Central\" )\n \n \n [Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 58 from Fix Central](<https://www.ibm.com/support/pages/node/6351149> \"Download IBM Planning Analytics Local v2.0 - Planning Analytics Workspace Release 58 from Fix Central\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin (July 2020)](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin \\(July 2020\\)\" )\n\n[IBM Java SDK Security Bulletin (April 2020)](<https://www.ibm.com/support/pages/node/6206154> \"IBM Java SDK Security Bulletin \\(April 2020\\)\" )\n \n \n [Security Bulletin: CVE-2020-2654 may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/5736807> \"Security Bulletin: CVE-2020-2654 may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n\n[IBM Planning Analytics Local Installation and Configuration Guide](<https://www.ibm.com/support/knowledgecenter/SSD29G_2.0.0/kc_gen/com.ibm.swg.ba.cognos.ipa.doc_getting_started_toc-gen2.html>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n2 November 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSCTEW\",\"label\":\"IBM Planning Analytics Local\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-11-02T17:40:15", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities affect IBM Planning Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0107", "CVE-2018-11771", "CVE-2019-17573", "CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-4329", "CVE-2020-4649", "CVE-2020-8141", "CVE-2020-8203"], "modified": "2020-11-02T17:40:15", "id": "8275C3B123771E721297381D0F66E5CCB99C5D5EA14F12413C6DF109D950665B", "href": "https://www.ibm.com/support/pages/node/6356539", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-06T10:01:17", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae SDK, Java\u2122 Technology Edition that is shipped with IBM WebSphere Application Server. These might affect some configurations of IBM WebSphere Application Server Traditional, IBM WebSphere Application Server Liberty and IBM WebSphere Application Server Hypervisor Edition. These products have addressed the applicable CVEs. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether the complete list of vulnerabilities is applicable to your code. For a complete list of vulnerabilities, refer to the link for \"IBM Java SDK Security Bulletin\" located in the References section for more information. HP fixes are on a delayed schedule.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2601](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2601>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174548](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174548>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14581](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14581>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE and Java SE Embedded related to the 2D component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185059](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185059>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-2590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2590>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174538](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174538>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nWebSphere Application Server Liberty| Continuous delivery \nWebSphere Application Server| 9.0 \nWebSphere Application Server| 8.5 \n \n\n\n## Remediation/Fixes\n\n**For WebSphere Application Server Liberty:**\n\nUpgrade to IBM SDK, Java Technology Edition Version 8 SR6 FP15 refer to [IBM Java SDKs for Liberty ](<http://www-01.ibm.com/support/docview.wss?uid=swg27049903>)\n\n**For Version 9 WebSphere Application Server Traditional:**\n\nUpdate to the IBM SDK, Java Technology Edition, Version 8 Service Refresh 6 FP15 using the instructions in the IBM Knowledge Center [Installing and updating IBM SDK, Java Technology Edition on distributed environments](<https://www.ibm.com/support/knowledgecenter/en/SSEQTP_9.0.5/com.ibm.websphere.installation.base.doc/ae/tins_installation_jdk.html> \"\" ) then use the IBM Installation Manager to access the [online product repositories](<https://www.ibm.com/support/knowledgecenter/SSEQTP_9.0.5/com.ibm.websphere.installation.base.doc/ae/cins_repositories.html> \"online product repositories\" ) to install the SDK or use IBM Installation Manager and access the [packages from Fixcentral](<http://www-01.ibm.com/support/docview.wss?uid=swg24042430>).\n\n \n**For V8.5.0.0 through 8.5.5.17 WebSphere Application Server Traditional and WebSphere Application Server Hypervisor Edition: \n**\n\nFor the IBM SDK, Java Technology Version that you use, upgrade to the minimal fix pack level of WebSphere Application Server as noted in the interim fix below then apply the interim fixes: \n\n\nFor IBM SDK Java Technology Edition Version 7\n\n * Apply interim fix [PH27845](<https://www.ibm.com/support/pages/node/6256108> \"PH27845\" ): Will upgrade you to IBM SDK, Java Technology Edition, Version 7 Service Refresh 10 Fix Pack 70. \n\n \nFor IBM SDK Java Technology Edition Version 7R1\n\n * Apply interim fix [PH27844](<https://www.ibm.com/support/pages/node/6256104> \"PH27844\" ): Will upgrade you to IBM SDK, Java Technology Edition, Version 7R1 Service Refresh 4 Fix Pack 70.\n\n \nFor IBM SDK Java Technology Edition Version 8 SR6 FP15\n\n * Apply interim fix [PH27842](<https://www.ibm.com/support/pages/node/6256008> \"PH27842\" ): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 6 FP15. \n * For environments that have been upgraded to use the new default IBM SDK Version 8 bundled with WebSphere Application Server Fix Pack 8.5.5.11 or later: Apply interim fix [PH27843](<https://www.ibm.com/support/pages/node/6256010> \"PH27843\" ): Will upgrade you to IBM SDK, Java Technology Edition, Version 8 Service Refresh 6 FP15. \n\nOR\n\n * Apply IBM Java SDK shipped with WebSphere Application Server Fix pack 18 (8.5.5.18) or later (targeted availability 3Q 2020).\n\n**For Application Client for WebSphere Application Server: \n**\n\nFollow instructions above for the WebSphere Application Server to download the interim fix needed for your version of the Application Client.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n05 Aug 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSEQTP\",\"label\":\"WebSphere Application Server\"},\"Component\":\"Liberty\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"},{\"code\":\"PF012\",\"label\":\"IBM i\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF035\",\"label\":\"z\\/OS\"},{\"code\":\"PF017\",\"label\":\"Mac OS\"}],\"Version\":\"9.0,8.5,Liberty\",\"Edition\":\"Advanced,Base,Developer,Enterprise,Express,Network Deployment,Single Server, Liberty\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2020-08-05T21:53:15", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server July 2020 CPU plus deferred CVE-2020-2590 and CVE-2020-2601", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14581", "CVE-2020-14621", "CVE-2020-2590", "CVE-2020-2601"], "modified": "2020-08-05T21:53:15", "id": "F9EBF3A6DB0C83634163AB1D241CE2F77FF0D4D0D0F434D365754379F2929370", "href": "https://www.ibm.com/support/pages/node/6256732", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-28T22:12:29", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Cognos Command Center. These issues were disclosed as part of the IBM Java SDK updates for July 2019 and October 2019.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-2816](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2816>) \n**DESCRIPTION: **An unspecified vulnerability related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163878](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163878>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)\n\n**CVEID: **[CVE-2019-2762](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2762>) \n**DESCRIPTION: **An unspecified vulnerability related to the Java SE Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163826](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163826>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID: **[CVE-2019-2769](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2769>)\n\n**DESCRIPTION: **An unspecified vulnerability related to the Java SE Utilities component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/163832](<https://exchange.xforce.ibmcloud.com/vulnerabilities/163832>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n\n\n**CVEID: **[CVE-2019-2989](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2989>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169295](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169295>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)\n\n**CVEID: **[CVE-2019-2964](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2964>)\n\n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169270](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169270>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM Cognos Command Center 10.2.4.1 (FP1)\n\nIBM Cognos Command Center 10.2.4\n\n## Remediation/Fixes\n\nThe recommended solution is to apply the applicable version of the IBM JRE 8.0.6.0 to your version of IBM Cognos Command Center.\n\nThe fixes can be found here:\n\n**[IBM Cognos Command Center version 10.2.4.1. (FP1) (64-bit IBM JRE)](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Cognos&product=ibm/Information+Management/Cognos+Command+Center&release=10.2.4&platform=All&function=fixId&fixids=10.2.4.1-BA-CCC-JRE-80SR6&login=true> \"IBM Cognos Command Center version 10.2.4.1. \\(FP1\\) \\(64-bit IBM JRE\\) \\(URL TBD\\)\" )**\n\n**[IBM Cognos Command Center version 10.2.4 (32-bit IBM JRE)](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Cognos&product=ibm/Information+Management/Cognos+Command+Center&release=10.2.4&platform=All&function=fixId&fixids=10.2.4-BA-CCC-JRE-80SR6&login=true> \"IBM Cognos Command Center version 10.2.4 \\(32-bit IBM JRE\\) \\(URL TBD\\)\" )**\n\n**Installation Instructions: **\n\n \n**For IBM Cognos Command Center version 10.2.4.1. (FP1) (64-bit IBM JRE):**\n\n \nStep 1: \nDownload the 64 bit IBM Java JRE (file name: ibm-java-jre-80-win-x86_64.zip, Build: pwa6480sr6-20191107_01,(SR6)). \nStep 2: \nStop the CccServer, CccQueue and CccAgent Microsoft Windows services. \nStep 3: \nRename the &lt;INSTALLDIR&gt;\\Common\\java.8.0.0 directory to &lt;INSTALLDIR&gt;\\Common\\java.8.0.0.orig \nStep 4: \nUnpack the content of the ibm-java-sdk-80-win-x86_64.zip file to &lt;INSTALLDIR&gt;\\Common\\java.8.0.0 \nStep 5: \nStart the CccAgent, CccQueue and CccServer Microsoft Windows services. \nStep 6: \nValidate the installation by testing the connectivity to the agent using the CCC Client.\n\n \n \n**For IBM Cognos Command Center version 10.2.4 (32-bit IBM JRE):** \n \nFor Microsoft Windows servers where the Agent or the Server component is installed please follow this procedure: \nStep 1: \nDownload the 32 bit IBM Java JRE (file name: ibm-java-jre-80-win-i386.zip, Build: pwi3280sr6-20191107_01(SR6)). \nStep 2: \nStop the CccServer, CccQueue and CccAgent Microsoft Windows services. \nStep 3: \nRename the &lt;INSTALLDIR&gt;\\Common\\java.8.0.0 directory to &lt;INSTALLDIR&gt;\\Common\\java.8.0.0.orig \nStep 4: \nUnpack the content of the ibm-java-jre-80-win-i386.zip file to &lt;INSTALLDIR&gt;\\Common\\java.8.0.0 \nStep 5: \nStart the CccAgent, CccQueue and CccServer Microsoft Windows services. \nStep 6: \nValidate the installation by testing the connectivity to the agent using the CCC Client.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin (October 2019)](<https://www.ibm.com/support/pages/node/1120071> \"IBM Java SDK Security Bulletin \\(October 2019\\)\" )\n\n[IBM Java SDK Security Bulletin (July 2019)](<https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-may-affect-ibm%C2%AE-sdk-java%E2%84%A2-technology-edition-10> \"IBM Java SDK Security Bulletin \\(July 2019\\)\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n17 Dec 2019: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSPLNP\",\"label\":\"Cognos Command Center\"},\"Component\":\"Cognos Command Center\",\"Platform\":[{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"10.2.4.1. 10.2.4\",\"Edition\":\"Any\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2019-12-20T08:47:33", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Cognos Command Center", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2762", "CVE-2019-2769", "CVE-2019-2816", "CVE-2019-2964", "CVE-2019-2989"], "modified": "2019-12-20T08:47:33", "id": "AE3C4922FF34B230979DF49C6AF3017B8592E55D70320E67E64A2C3DF656B94E", "href": "https://www.ibm.com/support/pages/node/1135966", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T01:56:16", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by IBM Storwize V7000 Unified. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Storwize V7000 Unified| 1.6.0 - 1.6.2.8 \n \n\n\n## Remediation/Fixes\n\nA fix for these issues is in version v1.6.2.9 of IBM Storwize V7000 Unified. Customers running an affected version of IBM Storwize V7000 Unified should upgrade to 1.6.2.9 or a later version. \n\n[Latest Storwize V7000 Unified Software](<http://www-01.ibm.com/support/docview.wss?uid=ssg1S1003918&myns=s028&mynp=OCST5Q4U&mync=E>)\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n19 Feb 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"ST5Q4U\",\"label\":\"IBM Storwize V7000 Unified (2073)\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"1.6\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-03-12T10:35:05", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Storwize V7000 Unified", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2021-03-12T10:35:05", "id": "7A7E2C46981121C4848316714E17DE54302B583229BF30A2ABFE7599824726DC", "href": "https://www.ibm.com/support/pages/node/6429491", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2023-02-01T22:10:46", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 Service Refresh 6 Fix Pack 5 and earlier releases used by IBM Platform Symphony and IBM Spectrum Symphony. IBM Platform Symphony and IBM Spectrum Symphony have addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n**DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nProducts | VRMF \n---|--- \nIBM Spectrum Symphony | 7.3.0.1 \nIBM Spectrum Symphony | 7.3 \nIBM Spectrum Symphony | 7.2.1 \nIBM Spectrum Symphony | 7.2.0.2 \nIBM Spectrum Symphony | 7.1.2 \nIBM Platform Symphony | 7.1.1 \nIBM Platform Symphony | 7.1 Fix Pack 1 \n \n## Remediation/Fixes\n\nProducts | VRMF | APAR | Remediation/First Fix \n---|---|---|--- \nIBM Spectrum Symphony | 7.3.0.1 | P103753 | [sym-7.3.0.1-build553135](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3.0.1-build553135&includeSupersedes=0> \"sym-7.3.0.1-build553135\" ) \nIBM Spectrum Symphony | 7.3 | P103752 | [sym-7.3-build553134](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.3-build553134&includeSupersedes=0> \"sym-7.3-build553134\" ) \nIBM Spectrum Symphony | 7.2.1 | P103751 | [sym-7.2.1-build553133](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.1-build553133&includeSupersedes=0> \"sym-7.2.1-build553133\" ) \nIBM Spectrum Symphony | 7.2.0.2 | P103750 | [sym-7.2.0.2-build553132](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.2.0.2-build553132&includeSupersedes=0> \"sym-7.2.0.2-build553132\" ) \nIBM Spectrum Symphony | 7.1.2 | P103749 | [sym-7.1.2-build553131](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/IBM+Spectrum+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.2-build553131&includeSupersedes=0> \"sym-7.1.2-build553131\" ) \nIBM Platform Symphony | 7.1.1 | P103748 | [sym-7.1.1-build553130](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1.1-build553130&includeSupersedes=0> \"sym-7.1.1-build553130\" ) \nIBM Platform Symphony | 7.1 Fix Pack 1 | P103747 | [sym-7.1-build553129](<http://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Other+software/Platform+Symphony&release=All&platform=All&function=fixId&fixids=sym-7.1-build553129&includeSupersedes=0> \"sym-7.1-build553129\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n27 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSGSMK\",\"label\":\"Platform Symphony\"},\"ARM Category\":[{\"code\":\"a8m50000000CeRjAAK\",\"label\":\"Security Bulletin\"}],\"ARM Case Number\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"7.1.1\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-07-27T14:34:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Platform Symphony and IBM Spectrum Symphony", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-07-27T14:34:43", "id": "980C74262588952E961D4A584FDC91320DD47525AF6C0C50650D040478024A8F", "href": "https://www.ibm.com/support/pages/node/6253243", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T02:01:25", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Technology Edition, Version 8 that is used by Tivoli Netcool/OMNIbus. This were disclosed as part of the IBM Java SDK updates in April 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool/OMNIbus| 8.1.0 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nOMNIbus| 8.1.0.23| IJ24357| <https://www.ibm.com/support/pages/node/6244634> \n \n## Workarounds and Mitigations\n\nUpgrading the JRE is the only solution.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n28 Aug 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSSHTQ\",\"label\":\"Tivoli Netcool\\/OMNIbus\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF051\",\"label\":\"Linux on IBM Z Systems\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"8.1.0\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-09-04T16:18:46", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in IBM Java Runtime affecting Tivoli Netcool/OMNIbus (Multiple CVEs)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781"], "modified": "2020-09-04T16:18:46", "id": "90CEF1E75C1775A1853126DD1E56AC94C337C70F31E9F5DDB6230C09D518C5D0", "href": "https://www.ibm.com/support/pages/node/6326909", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-10-06T10:01:29", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, used by IBM Integration Bus &amp; IBM App Connect Enterprise v11. These issues were disclosed as part of the IBM Java SDK updates in April 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nIBM App Connect Enterprise V11 , V11.0.0.0 - V11.0.0.8\n\nIBM Integration Bus V10.0.0.0 - V10.0.0.20\n\nIBM Integration Bus V9.0.0.0 - V9.0.0.11\n\n \n\n\n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| APAR| \n\n**Remediation / Fix** \n \n---|---|---|--- \nIBM App Connect Enterprise V11| V11.0.0.0 - V11.0.0.8| IT33190 | \n\nThe APAR is available in fix pack 11.0.0.9\n\n[IBM App Connect Enterprise v11.0 - Fix Pack 11.0.0.9](<https://www.ibm.com/support/pages/node/6208344> \"IBM App Connect Enterprise v11.0 - Fix Pack 11.0.0.9\" ) \n \nIBM Integration Bus| V10.0.0.0 - V10.0.20| IT33190 | \n\nThe APAR is available in fix pack 10.0.0.21\n\n[IBM Integration Bus V10.0 - Fix Pack 10.0.0.21](<https://www.ibm.com/support/pages/node/6232482> \"IBM Integration Bus V10.0 - Fix Pack 10.0.0.21\" ) \n \nIBM Integration Bus| V9.0.0.0 - V9.0.0.11| IT33190 | Contact IBM support to request for fix \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n29 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSNQK6\",\"label\":\"IBM Integration Bus\"},\"Component\":\"-\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"},{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF010\",\"label\":\"HP-UX\"}],\"Version\":\"V10\",\"Edition\":\"-\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.8, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 2.5}, "published": "2020-08-04T05:26:03", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Integration Bus and IBM App Connect Enterpise v11.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2800"], "modified": "2020-08-04T05:26:03", "id": "CEF60AD20CB0AB9D5B4D09462D34BDC6009659176F9352CDDE3170E9D8AF536F", "href": "https://www.ibm.com/support/pages/node/6255962", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T02:02:07", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK, Java Technology Edition Quarterly CPU, Apr 2020, which Includes Oracle Apr 2020 CPU minus CVE-2020-2773. Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). These issues were disclosed as part of the IBM\u00ae SDK, Java Technology Edition Quarterly CPU - Apr 2020 updates.\n\n## Vulnerability Details\n\nRefer to the security bulletin(s) listed in the Remediation/Fixes section\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Operations Analytics Predictive Insights| All \n \n\n\n## Remediation/Fixes\n\nApply 1.3.6 Interim Fix 3 \n[https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&amp;release=1.3.6 \n](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/IBM+SmartCloud+Analytics+-+Predictive+Insights&release=1.3.6>) \nNote that for versions earlier than 1.3.6, ONLY the UI component should be updated using this interim fix. Nothing else in the interim fix is relevant to this bulletin. \n\nList of underlying vulnerabilities CVE-2020-2800, CVE-2020-2754, CVE-2020-2757, CVE-2020-2781, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830, CVE-2020-2755, CVE-2020-2756.\n\nRefer to the following security bulletin for vulnerability details and information about fixes addressed by IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights: [Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654](<https://www.ibm.com/support/pages/node/6206850> \"Multiple Vulnerabilities in IBM\u00ae Java SDK affect WebSphere Application Server April 2020 CPU plus deferred CVE-2019-2949 and CVE-2020-2654\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin](<https://www.ibm.com/support/pages/node/1120071>)\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n12 Aug 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSJQQ3\",\"label\":\"IBM Operations Analytics - Predictive Insights\"},\"Component\":\"Analytics\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"Version Independent\",\"Edition\":\"All Editions\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-08-20T18:48:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM Operations Analytics Predictive Insights", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2773", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-08-20T18:48:38", "id": "7D00342863B1B28E48CA30E36FCA81958BC7DACB93ACE050ED87341D3933AD65", "href": "https://www.ibm.com/support/pages/node/6262973", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T02:01:22", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition that is used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. These issues were disclosed as part of the IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020 - Includes Oracle Jan 2020 CPU minus CVE-2020-2585, CVE-2020-2654, and CVE-2020-2590. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n** DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nCloud Orchestrator| 2.5.0.10 \n \n\n\n## Remediation/Fixes\n\nThe recommended solution is to manually apply the fix on IBM Cloud Orchestrator 2.5.0.10. \n\nConsult the following security bulletin for the vulnerability details and information about their fixes:\n\n[Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/6206154> \"Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 Aug 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS4KMC\",\"label\":\"IBM SmartCloud Orchestrator\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"2.5.0.10\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2020-09-09T10:03:25", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-2585", "CVE-2020-2590", "CVE-2020-2654", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2020-09-09T10:03:25", "id": "EEB59CE81E88B6CE10F98C4A8F591D138F5BEAC293A1860A47F8A0A043ECDD49", "href": "https://www.ibm.com/support/pages/node/6327981", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-10-01T01:51:18", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 7 SR10-FP55 and Version 8 SR6-FP0 used by IBM Tivoli Application Dependency Discovery Manager (TADDM). These issues were disclosed as part of the IBM Java SDK updates in Jan2020 and April2020.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-2805](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2805>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-2803](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2803>) \n**DESCRIPTION: **An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-2830](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2830>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179728](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179728>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2781](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2781>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179681](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179681>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2800](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2800>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179698](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179698>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2020-2757](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2757>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179657](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179657>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2756](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2756>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179656](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179656>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2755](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2755>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179655](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179655>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2754](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2754>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/179654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/179654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2654](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2654>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174601](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174601>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-2949](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2949>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Kerberos component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 6.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169254](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169254>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N) \n \n**CVEID: **[CVE-2020-2604](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2604>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE could allow an unauthenticated attacker to take control of the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174551](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174551>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n**CVEID: **[CVE-2020-2593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2593>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 4.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174541](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174541>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N) \n \n**CVEID: **[CVE-2020-2659](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2659>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174606](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174606>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-2583](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2583>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/174531](<https://exchange.xforce.ibmcloud.com/vulnerabilities/174531>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2019-4732](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-4732>) \n**DESCRIPTION: **IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618. \nCVSS Base score: 7.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172618](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172618>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\n**Affected Product(s)** | **Version(s)** \n---|--- \nIBM Tivoli Application Dependency Discovery Manager | 7.3.0.0 - 7.3.0.7 \n \n## Remediation/Fixes\n\nThe remediation consists of 2 steps:\n\n 1. If there are existing efixes on TADDM 7.3.0.7 (ls -rlt etc/efix*) or if an eFix is required for any other TADDM version, please contact IBM Support and open a case for a custom version of the eFix in Table-1 as the efix involves TADDM code changes. Include the current eFix level (ls -rlt etc/efix*), TADDM version and a link to this bulletin. The eFix in **Table-1** below is created to be installed on the 7.3.0.7 FixPack only, without any previously applied eFixes.\n 2. Alongwith the above efix, apply efix for the new IBM SDK as per TADDM version given in **Table-2.**\n\n**Table-1:**\n\n**Fix** | \n\n**VRMF **\n\n| **APAR** | **How to acquire fix** \n---|---|---|--- \nefix_customJDK8.0.6.10_FP7200218.zip | \n\n7.3.0.7\n\n| None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=TFkSUFlWpwocu5gj2GMi9x78UD61yWCBn8BV96BNkFg> \"Download eFix\" ) \n \n**Table-2:**\n\nPlease get familiar with the eFix readme in etc/efix_readme.txt. These fixes for the respective FixPack(s) can be downloaded and applied directly.\n\n**Fix** | \n\n**VRMF **\n\n| **APAR** | **How to acquire fix** \n---|---|---|--- \nefix_jdk8.0.6.10_FP7200218.zip | \n\n7.3.0.5 - 7.3.0.7\n\n| None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=s2pQuqPLEtICjgtP1Rz3DqrVvKQq1Htg0dlewchrWVw> \"Download eFix\" ) \nefix_jdk7.0.10.65_FP420171214.zip | \n\n7.3.0.3 - 7.3.0.4 \n\n| None | [Download eFix](<https://www.secure.ecurep.ibm.com/download/?id=2JKFJ8sd3KXLYUnsWopgohVSAUBdaQ6A4sY8D9rPF4Q> \"Download eFix\" ) \n \nBelow are the JREs :\n\n**Fix** | \n\n**VRMF **\n\n| **APAR** | **How to acquire fix** \n---|---|---|--- \nibm-java-jre-80-win-i386 | \n\n7.3.0.5 - 7.3.0.7\n\n| None | [Download eFix](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=ibm-java-jre-80-win-i386&source=SAR> \"Download eFix\" ) \nibm-java-jre-70-win-i386 | \n\n7.3.0.3 - 7.3.0.4 \n\n| None | [Download eFix](<http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FTivoli+Application+Dependency+Discovery+Manager&fixids=ibm-java-jre-70-win-i386&source=SAR> \"Download eFix\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n17 Jul 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSPLFC\",\"label\":\"Tivoli Application Dependency Discovery Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"7.3.0.0 - 7.3.0.7\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.3, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 6.0}, "published": "2021-08-18T09:51:57", "type": "ibm", "title": "Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - Jan 2020, Apr 2020", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-2949", "CVE-2019-4732", "CVE-2020-2583", "CVE-2020-2593", "CVE-2020-2604", "CVE-2020-2654", "CVE-2020-2659", "CVE-2020-2754", "CVE-2020-2755", "CVE-2020-2756", "CVE-2020-2757", "CVE-2020-2781", "CVE-2020-2800", "CVE-2020-2803", "CVE-2020-2805", "CVE-2020-2830"], "modified": "2021-08-18T09:51:57", "id": "1D527A951F660BFCA1836671A2A328C87E8B448B01A672269419352520CFA6F1", "href": "https://www.ibm.com/support/pages/node/6254287", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-01T01:58:30", "description": "## Summary\n\nThere are multiple vulnerabilities in the IBM\u00ae Runtime Environment Java\u2122 Versions 7 and 8, which are used by IBM Rational ClearQuest. These issues were disclosed in the IBM Java SDK updates in July 2020. IBM Rational ClearQuest has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n**CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n**CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n**DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s) | Version(s) \n---|--- \nIBM Rational ClearQuest | 9.0.2 \nIBM Rational ClearQuest | 9.0 \nIBM Rational ClearQuest | 9.0.1 \n \n## Remediation/Fixes\n\nThe solution is to install a fix that includes an updated Java\u2122 Virtual Machine with fixes for the issues, and to apply fixes for WebSphere Application Server (WAS). \n\n**ClearQuest Eclipse Clients** \nApply the relevant fixes as listed in the table below.\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.2 through 9.0.2.2\n\n| Install [Rational ClearQuest Fix Pack 3 (9.0.2.3) for 9.0.2](<https://www.ibm.com/support/pages/node/6356569> \"Rational ClearQuest Fix Pack 3 \\(9.0.2.3\\) for 9.0.2\" ) | \n \n9.0.1 through 9.0.1.10 \n9.0 through 9.0.0.6\n\n| Install [Rational ClearQuest Fix Pack 11 (9.0.1.11) for 9.0.1](<https://www.ibm.com/support/pages/node/6356565> \"Rational ClearQuest Fix Pack 11 \\(9.0.1.11\\) for 9.0.1\" ) \n \n_For 8.0, and earlier releases, IBM recommends upgrading to a fixed, supported version/release/platform of the product._\n\n**ClearQuest Web/CQ OSLC Server/CM Server Component**\n\n 1. Determine the WAS version used by your CM server. Navigate to the CM profile directory (either the profile you specified when installing ClearQuest, or `<clearquest-home>/cqweb/cqwebprofile`), then execute the script: `bin/versionInfo.sh `(UNIX) or `bin\\versionInfo.bat `(Windows). The output includes a section \"IBM WebSphere Application Server\". Make note of the version listed in this section.\n 2. Review the following WAS security bulletin: \n[Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2020 CPU that is bundled with IBM WebSphere Application Server Patterns](<https://www.ibm.com/support/pages/node/6257557> \"Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server July 2020 CPU that is bundled with IBM WebSphere Application Server Patterns\" ) \nand apply the latest available fix for the version of WAS used for CM server.\n\n**Note: **there may be newer security fixes for WebSphere Application Server. Follow the link above (in the section \"Get Notified about Future Security Bulletins\") to subscribe to WebSphere product support alerts for additional Java SDK fixes.\n\n**Affected Versions**\n\n| \n\n**Applying the fix** \n \n---|--- \n \n9.0.0.x, 9.0.1.x, 9.0.2.x\n\n| Apply the appropriate WebSphere Application Server fix directly to your CM server host. No ClearQuest-specific steps are necessary. \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition](<https://www.ibm.com/support/pages/node/6256562> \"Security Bulletin: Multiple vulnerabilities may affect IBM\u00ae SDK, Java\u2122 Technology Edition\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n18 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SSSH5A\",\"label\":\"Rational ClearQuest\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF027\",\"label\":\"Solaris\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.0.0, 9.0.1, 9.0.2\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-18T01:33:50", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621"], "modified": "2020-12-18T01:33:50", "id": "7C541603826EE8F92E00EFCBD3D70DEFA61FC360840BE8817CA62874690580BC", "href": "https://www.ibm.com/support/pages/node/6380696", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:59:17", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, used by IBM Cast Iron &amp; App Connect Professional . These issues were disclosed as part of the IBM Java SDK updates in July 2020 have been addressed the applicable CVEs\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nWebSphere Cast Iron v 7.5.0.0, 7.5.0.1, 7.5.1.0\n\nWebSphere Cast Iron v 7.0.0.0, 7.0.0.1, 7.0.0.2\n\nApp Connect Professional v 7.5.2.0\n\nApp Connect Professional v 7.5.3.0\n\nApp Connect Professional v 7.5.4.0\n\n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _APAR_| _Remediation/First Fix_ \n---|---|---|--- \nIBM WebSphere Cast Iron| 7.0.0.0 \n7.0.0.1 \n7.0.0.2| LI81780| [7002 Fixcentral Link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.0.0.2&platform=All&function=fixId&fixids=7.0.0.2-WS-WCI-20200601-1353_H9_64-CUMUIFIX-050.scrypt2,7.0.0.2-WS-WCI-20201028-0422_H9_64-CUMUIFIX-052.vcrypt2,7.0.0.2-WS-WCI-20201028-0422_H9_64-CUMUIFIX-052.32bit.sc-linux,7.0.0.2-WS-WCI-20201028-0422_H9_64-CUMUIFIX-052.32bit.sc-win,7.0.0.2-WS-WCI-20201028-0422_H9_64-CUMUIFIX-052.sc-linux,7.0.0.2-WS-WCI-20201028-0422_H9_64-CUMUIFIX-052.sc-win,7.0.0.2-WS-WCI-20201028-0421_H8_64-CUMUIFIX-052.32bit.studio,7.0.0.2-WS-WCI-20201028-0421_H8_64-CUMUIFIX-052.studio&includeSupersedes=0&_ga=2.156944115.930120759.1604977322-297601872.1571049771> \"7002 Fixcentral Link\" ) \nIBM WebSphere Cast Iron| 7.5.0.0 \n7.5.0.1 \n7.5.1.0| LI81780| [7510 fixcentral Link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm/WebSphere/WebSphere+Cast+Iron+Cloud+integration&release=7.5.1.0&platform=All&function=fixId&fixids=7.5.1.0-WS-WCI-20201029-0544_H7_64-CUMUIFIX-032.vcrypt2,7.5.1.0-WS-WCI-20201029-0544_H7_64-CUMUIFIX-032.32bit.sc-linux,7.5.1.0-WS-WCI-20201029-0544_H7_64-CUMUIFIX-032.sc-linux,7.5.1.0-WS-WCI-20201029-0544_H7_64-CUMUIFIX-032.32bit.sc-win,7.5.1.0-WS-WCI-20201029-0544_H7_64-CUMUIFIX-032.sc-win,7.5.1.0-WS-ACP-20201029-0544_H8_64-CUMUIFIX-032.32bit.studio,7.5.1.0-WS-ACP-20201029-0544_H8_64-CUMUIFIX-032.studio&includeSupersedes=0&_ga=2.156944115.930120759.1604977322-297601872.1571049771> \"7510 fixcentral Link\" ) \nApp Connect Professional| 7.5.2.0| LI81780| [7520 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.2.0&platform=All&function=fixId&fixids=7.5.2.0-WS-ACP-20201030-0736_H8_64-CUMUIFIX-028.vcrypt2,7.5.2.0-WS-ACP-20201030-0736_H8_64-CUMUIFIX-028.32bit.sc-linux,7.5.2.0-WS-ACP-20201030-0736_H8_64-CUMUIFIX-028.sc-linux,7.5.2.0-WS-ACP-20201030-0736_H8_64-CUMUIFIX-028.32bit.sc-win,7.5.2.0-WS-ACP-20201030-0736_H8_64-CUMUIFIX-028.sc-win,7.5.2.0-WS-ACP-20201030-0736_H9_64-CUMUIFIX-028.32bit.studio,7.5.2.0-WS-ACP-20201030-0736_H9_64-CUMUIFIX-028.studio&includeSupersedes=0> \"7520 Fixcentral link\" ) \nApp Connect Professional| 7.5.3.0| LI81780| [7530 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.3.0&platform=All&function=fixId&fixids=7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.builtDockerImage,7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.docker,7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.vcrypt2,7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.sc-linux,7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.32bit.sc-linux,7.5.3.0-WS-ACP-20201109-0808_H9_64-CUMUIFIX-017.studio,7.5.3.0-WS-ACP-20201109-0808_H9_64-CUMUIFIX-017.32bit.studio,7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.sc-win,7.5.3.0-WS-ACP-20201109-0808_H17_64-CUMUIFIX-017.32bit.sc-win,&includeSupersedes=0> \"7530 Fixcentral link\" ) \nApp Connect Professional| 7.5.4.0| LI81780| [7540 Fixcentral link](<http://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~WebSphere&product=ibm%2FWebSphere%2FApp+Connect+Professional&release=7.5.4.0&platform=All&function=fixId&fixids=7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.builtDockerImage,7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.docker,7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.vcrypt2,7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.sc-linux,7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.32bit.sc-linux,7.5.4.0-WS-ACP-20201109-0646_H8_64-CUMUIFIX-005.studio,7.5.4.0-WS-ACP-20201109-0646_H8_64-CUMUIFIX-005.32bit.studio,7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.32bit.sc-win,7.5.4.0-WS-ACP-20201109-0146_H28_64-CUMUIFIX-005.sc-win,&includeSupersedes=0> \"7540 Fixcentral link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n10 Nov 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud &amp; Data Platform\"},\"Product\":{\"code\":\"SS3LC4\",\"label\":\"App Connect Professional\"},\"Component\":\"-\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"-\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB45\",\"label\":\"Automation\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-12T06:32:01", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM WebSphere Cast Iron Solution & App Connect Professional", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621"], "modified": "2020-11-12T06:32:01", "id": "021D820AD16A576E5FDD576972F5D4413AAA3EEB77F2CE672632AF14321E859E", "href": "https://www.ibm.com/support/pages/node/6367175", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:55:18", "description": "## Summary\n\nThere are vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 used by Financial Transaction Manager for Corporate Payment Services. The applicable CVEs have been addressed. If you run your own Java code using the IBM Java Runtime delivered with this product, you should evaluate your code to determine whether additional Java vulnerabilities are applicable to your code. For a complete list of vulnerabilities, refer to the \"IBM Java SDK Security Bulletin\", located in the References section for more information.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nFinancial Transaction Manager for Corporate Payment Services for MP| 3.2.4 \nFinancial Transaction Manager for Corporate Payment Services for MP| 3.0.2 \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Issue| Remediation / First Fix \n---|---|---|--- \nFTM CPS| 3.2.4.0| 112687| [3.2.4.0-FTM-CPS-MP-iFix0002](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.2.4.0-FTM-CPS-MP-iFix0002&includeSupersedes=0&source=fc>) \nFTM CPS| 3.0.2.0 - 3.0.2.1| 112687| [3.0.2.1-FTM-CPS-MP-iFix0022](<https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=Financial%2BOperations&product=ibm/Other+software/Financial+Transaction+Manager&release=All&platform=All&function=fixId&fixids=3.0.2.1-FTM-CPS-MP-iFix0022&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM Java SDK Security Bulletin](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK Security Bulletin\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n14 April 2021: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSPKQ5\",\"label\":\"IBM Financial Transaction Manager\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"3.0.2,3.2.1,3.2.4\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-04-15T00:40:22", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621"], "modified": "2021-04-15T00:40:22", "id": "98B644E3B04EE8FE2C9E432EE2AE371092A4DC595E254864C5B6EA44402447E5", "href": "https://www.ibm.com/support/pages/node/6443607", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:59:01", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDKs Java\u2122 Technology Edition, Versions 7 and 8, as used by IBM Virtualization Engine TS7700. These issues were disclosed as part of the IBM Java SDK updates in July 2020. IBM Virtualization Engine TS7700 has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAll versions of microcode for the IBM Virtualization Engine TS7700 (3957-VEC and 3957-VED) prior to and including the following are affected:\n\n**Machine Type**| **Model**| **Version** \n---|---|--- \n3957| VEC| 8.50.2.6 \n3957| VED| 8.50.2.6 \n \n## Remediation/Fixes\n\nContact IBM Service at 1-800-IBM-SERV to arrange an upgrade to the latest microcode version followed by the installation of VTD_EXEC.269 as needed. Minimum microcode versions are shown below:\n\n**Machine Type**| **Model**| **Fix** \n---|---|--- \n3957| VEC| \n\nUpgrade to 8.42.2.12 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.0.134 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.0.140 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.1.25 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.2.6 + VTD_EXEC.269 _(Recommended)_\n\n\\- OR -\n\nUpgrade to 8.51.0.63 \n \n3957| VED| \n\nUpgrade to 8.50.0.134 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.0.140 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.1.25 + VTD_EXEC.269\n\n\\- OR -\n\nUpgrade to 8.50.2.6 + VTD_EXEC.269 _(Recommended)_\n\n\\- OR -\n\nUpgrade to 8.51.0.63 \n \nThe minimum VTD_EXEC version is shown below:\n\n**VTD_EXEC Package**| **Version** \n---|--- \nVTD_EXEC.269| v1.17 \n \n## Workarounds and Mitigations\n\nAlthough IBM recommends that you upgrade to the fixes identified above, you can mitigate, but not eliminate the risk of these vulnerabilities by restricting physical and network access to the TS7700 to authorized users and IBM Service Personnel only.\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n[IBM\u00ae SDK, Java\u2122 Technology Edition Security Bulletin - July 2020](<https://www.ibm.com/support/pages/node/6256562> \"IBM\u00ae SDK, Java\u2122 Technology Edition Security Bulletin - July 2020\" )\n\n[TS7700 Code Update Recommendation](<https://www.ibm.com/support/pages/node/6334607> \"TS7700 Code Update Recommendation\" )\n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n01 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Product\":{\"code\":\"STFS69\",\"label\":\"TS7700\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"N\\/A\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB26\",\"label\":\"Storage\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-12-01T21:41:44", "type": "ibm", "title": "Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Virtualization Engine TS7700 - July 2020", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621"], "modified": "2020-12-01T21:41:44", "id": "1331C130BFA13DB642E8F77CF94F82A82ABD7E82C8F47A74C25626EEFC1FA2A6", "href": "https://www.ibm.com/support/pages/node/6374032", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:59:08", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae SDK Java\u2122 Technology Edition, Version 8 and IBM\u00ae Runtime Environment Java\u2122 Version 8 used by Rational Business Developer. Rational Business Developer has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK and Runtime Environment updates in July 2020.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nRBD| 9.5 \nRBD| 9.6 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \n \n_Rational Business Developer_\n\n| \n\n_9.5.x_\n\n| \n\n_None_\n\n| \n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.5.1.2&amp;platform=All&amp;function=all](<https://urldefense.proofpoint.com/v2/url?u=https-3A__apc01.safelinks.protection.outlook.com_-3Furl-3Dhttps-3A-252F-252Fwww.ibm.com-252Fsupport-252Ffixcentral-252Fswg-252FselectFixes-253Fparent-253Dibm-7ERational-2526product-253Dibm-252FRational-252FRational-252BBusiness-252BDeveloper-2526release-253D9.5.1.2-2526platform-253DAll-2526function-253Dall-26data-3D04-257C01-257Cilaiyaraja.g-2540hcl.com-257Cdfee51764bb648b5423a08d8879e2cae-257C189de737c93a4f5a8b686f4ca9941912-257C0-257C0-257C637408460708814972-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C1000-26sdata-3DNMz10-252BdnqfiqAJ2AvnOou-252FyLotlY-252B08i28D8WQ74CWc-253D-26reserved-3D0&d=DwMGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=rOvE7F1CDw4POp2uk9OMTg&m=4m3EgwIepmEG2zhyI823BDTgffcnKB-62IbVQ_O80F8&s=U1nXnt3IOlrpETs_0tbM-IUpiy3T8tN84idF63nLKgU&e=>) \n \n_Rational Business Developer_\n\n| \n\n_9.6.x_\n\n| \n\n_None_\n\n| \n\n\n[https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm%7ERational&amp;product=ibm/Rational/Rational+Business+Developer&amp;release=9.6&amp;platform=All&amp;function=all](<https://urldefense.proofpoint.com/v2/url?u=https-3A__apc01.safelinks.protection.outlook.com_-3Furl-3Dhttps-3A-252F-252Fwww.ibm.com-252Fsupport-252Ffixcentral-252Fswg-252FselectFixes-253Fparent-253Dibm-7ERational-2526product-253Dibm-252FRational-252FRational-252BBusiness-252BDeveloper-2526release-253D9.6-2526platform-253DAll-2526function-253Dall-26data-3D04-257C01-257Cilaiyaraja.g-2540hcl.com-257Cdfee51764bb648b5423a08d8879e2cae-257C189de737c93a4f5a8b686f4ca9941912-257C0-257C0-257C637408460708824962-257CUnknown-257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0-253D-257C1000-26sdata-3DUInjCFF2yfn9Pg-252FFOLTGTVYp1Dr-252FlR4JoLnmClWd2x8-253D-26reserved-3D0&d=DwMGaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=rOvE7F1CDw4POp2uk9OMTg&m=4m3EgwIepmEG2zhyI823BDTgffcnKB-62IbVQ_O80F8&s=4wDnPHKTZn2u2yJ7Msj4TlGjNdxPwkPxbIigqu7QQGk&e=>) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n[IBM Java SDK security bulletin](<https://www.ibm.com/support/pages/node/6256562> \"IBM Java SDK security bulletin\" )\n\n## Acknowledgement\n\n## Change History\n\n18 Nov 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU058\",\"label\":\"IBM Infrastructure w\\/TPS\"},\"Product\":{\"code\":\"SSMQ79\",\"label\":\"Rational Business Developer\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\",\"label\":\"Windows\"}],\"Version\":\"9.5.x, 9.6.x\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB35\",\"label\":\"Mainframe SW\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2020-11-19T15:45:43", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect Rational Business Developer", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14577", "CVE-2020-14578", "CVE-2020-14579", "CVE-2020-14621"], "modified": "2020-11-19T15:45:43", "id": "30C8E70A426A2AEE76446C5BCE898EE543CA89AAEAC54D0BAFC5794D7065AE49", "href": "https://www.ibm.com/support/pages/node/6370639", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-10-01T01:59:00", "description": "## Summary\n\nThere are multiple vulnerabilities in IBM\u00ae Runtime Environment Java\u2122 Version 8 and Version 7 used by Watson Explorer and Watson Explorer Content Analytics Studio. Watson Explorer and Watson Explorer Content Analytics Studio have addressed the applicable CVEs. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2020-14579](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14579>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185057](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185057>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14578](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14578>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185056](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185056>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-14577](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14577>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2020-14621](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14621>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185099](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185099>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s)| Applicable Vulnerabilities \n---|---|--- \nIBM Watson Explorer Deep Analytics Edition Foundational Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4| \n\nCVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \n \nIBM Watson Explorer Deep Analytics Edition Analytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Deep Analytics Edition oneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.8| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Foundational Components| 10.0.0.0 - 10.0.0.9| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Foundational Components Annotation Administration Console| \n\n12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4\n\n| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - 11.0.2.8| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0.0.0 - 10.0.0.6| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.8| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nCVE-2020-14621 \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \nIBM Watson Explorer Content Analytics Studio| \n\n11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2\n\n| CVE-2020-14579 \nCVE-2020-14578 \nCVE-2020-14577 \n \n## Remediation/Fixes\n\n**Affected Produc****t**| **Affected Versions**| **Required IBM Java Runtime**| **How to acquire and apply the fix** \n---|---|---|--- \nIBM Watson Explorer DAE \nFoundational Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V12.0.3.4 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244514>)). If you upgrade to Version 12.0.3.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.4&platform=All&function=all>): interim fix **12.0.3.4-WS-WatsonExplorer-DAEFoundational-&lt;OS&gt;-8SR6FP16** or later (for example, 12.0.3.4-WS-WatsonExplorer-DAEFoundational-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/727497>). \nIBM Watson Explorer DAE \nAnalytical Components| 12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V12.0.3.4 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244516>)). If you upgrade to Version 12.0.3.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.4&platform=All&function=all>): interim fix **12.0.3.4-WS-WatsonExplorer-DAEAnalytical-&lt;OS&gt;-8SR6FP16** or later (for example, 12.0.3.4-WS-WatsonExplorer-DAEAnalytical-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer DAE \noneWEX| 12.0.0.0, 12.0.0.1, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V12.0.3.4 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244512>)). If you upgrade to Version 12.0.3.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.4&platform=All&function=all>): interim fix **12.0.3.4-WS-WatsonExplorer-DAEoneWEX-8SR6FP16**.\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/6372500>). \nIBM Watson Explorer \nFoundational Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.8| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 8 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244520>)). If you upgrade to Version 11.0.2.8 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.8&platform=All&function=all>): interim fix **11.0.2.8-WS-WatsonExplorer-&lt;Edition&gt;Foundational-&lt;OS&gt;-8SR6FP16** or later (for example, 11.0.2.8-WS-WatsonExplorer-EEFoundational-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/727497>). \nIBM Watson Explorer Foundational Components| 10.0.0.0 - 10.0.0.9| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 9 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244528>)). If you upgrade to Version 10.0.0.9 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.9&platform=All&function=all#Others>): interim fix **10.0.0.9-WS-WatsonExplorer-&lt;Edition&gt;Foundational-&lt;OS&gt;-8SR6FP16** or later (for example, 10.0.0.9-WS-WatsonExplorer-EEFoundational-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/727497>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| \n\n12.0.0.0, 12.0.1, 12.0.2.0 - 12.0.2.2, 12.0.3.0 - 12.0.3.4\n\n| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V12.0.3.4 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244514>)). If you upgrade to Version 12.0.3.4 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.4&platform=All&function=all>): interim fix **12.0.3.4-WS-WatsonExplorer-DAEFoundationalAAC-&lt;OS&gt;-8SR6FP16** or later (for example, 12.0.3.4-WS-WatsonExplorer-DAEFoundationalAAC-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.8| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 8 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244520>)). If you upgrade to Version 11.0.2.8 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.8&platform=All&function=all>): interim fix **11.0.2.8-WS-WatsonExplorer-&lt;Edition&gt;FoundationalAAC-&lt;OS&gt;-8SR6FP16** or later (for example, 11.0.2.8-WS-WatsonExplorer-EEFoundationalAAC-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Foundational Components Annotation Administration Console| 10.0.0.0 - 10.0.0.6| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 6 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=ibm10877462>)). If you upgrade to Version 10.0.0.6 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. If you have not upgraded IBM Java Runtime from Version 7 to Version 8, download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.6&platform=All&function=all#Others>): interim fix **10.0.0.6-WS-WatsonExplorer-&lt;Edition&gt;FoundationalAAC-&lt;OS&gt;-8SR6FP1****0 **(for example, 10.0.0.6-WS-WatsonExplorer-AEFoundationalAAC-Linux-8SR6FP10, which includes 64-bit version of IBM Java Runtime). Follow the steps in [Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components](<https://www.ibm.com/support/pages/node/6250385> \"\" ) to upgrade IBM Java Runtime from Version 7 to Version 8.\n 3. Download the 32-bit and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.6&platform=All&function=all#Others>): interim fix **10.0.0.6-WS-WatsonExplorer-&lt;Edition&gt;FoundationalAAC-&lt;OS&gt;-8SR6FP16 **or later (for example, 10.0.0.6-WS-WatsonExplorer-AEFoundationalAAC-Linux-8SR6FP16, which includes 64-bit version of IBM Java Runtime).\n 4. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \n \nIBM Watson Explorer Analytical Components| 11.0.0.0 - 11.0.0.3, \n11.0.1, \n11.0.2.0 - \n11.0.2.8| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V11.0.2 Fix Pack 8 (see the Fix Pack [download document](<http://www.ibm.com/support/pages/node/6244518>)). If you upgrade to Version 11.0.2.8 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. Download the IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.8&platform=All&function=all>): interim fix **11.0.2.8-WS-WatsonExplorer-&lt;Edition&gt;Analytical-&lt;OS&gt;-8SR6FP16** or later (for example, 11.0.2.8-WS-WatsonExplorer-EEAnalytical-Linux-8SR6FP16).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Analytical Components| 10.0.0.0 - 10.0.0.2| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install V10.0 Fix Pack 2 (see the Fix Pack [download document](<http://www.ibm.com/support/docview.wss?uid=swg24039430>)). If you upgrade to Version 10.0.0.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps.\n 2. If you have not upgraded IBM Java Runtime from Version 7 to Version 8, download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-&lt;Edition&gt;Analytical-&lt;OS&gt;[32|31]-8SR6FP10 **(for example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-8SR6FP10, which includes 64-bit version of IBM Java Runtime). Follow the steps in [Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components](<https://www.ibm.com/support/pages/node/6250385> \"Updating WebSphere Liberty and IBM Java Runtime used in IBM Watson Explorer Analytical Components\" ) to upgrade IBM Java Runtime from Version 7 to Version 8.\n 3. Download the 32-bit (or 31-bit, if you use Linux on System z) and 64-bit packages of IBM Java Runtime, Version 8 package for your edition (Enterprise or Advanced) and operating system from [Fix Central](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=10.0.0.2&platform=All&function=all#Others>): interim fix **10.0.0.2-WS-WatsonExplorer-&lt;Edition&gt;Analytical-&lt;OS&gt;[32|31]-8SR6FP16 **or later (for example, 10.0.0.2-WS-WatsonExplorer-AEAnalytical-Linux-8SR6FP16, which includes 64-bit version of IBM Java Runtime).\n 4. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/259439>). \nIBM Watson Explorer Content Analytics Studio| 12.0.0, 12.0.1, 12.0.2, 12.0.3| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install Version 12.0.3. For information about Version 12.0.3, and links to the software and release notes, see the [download document](<https://www.ibm.com/support/docview.wss?uid=ibm10880811>). If you upgrade to Version 12.0.3 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n 2. Download the IBM Java Runtime, Version 8 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=12.0.3.0&platform=All&function=all>): interim fix **12.0.3.0-WS-WatsonExplorer-DAEAnalytical-CAStudio-8SR6FP16** or later (for example, 12.0.3.0-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR6FP16, which includes 64-bit version of IBM Java Runtime).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/561503>). \nIBM Watson Explorer Content Analytics Studio| \n\n11.0.0.0 - 11.0.0.3, \n11.0.1, 11.0.2.0 - 11.0.2.2\n\n| JVM 8 SR6 FP15 or later| \n\n 1. If you have not already installed, install Version 11.0.2.2. If you upgrade to Version 11.0.2.2 after you update IBM Java Runtime, your changes are lost and you must repeat the steps. \n * For information about Version 11.0.2, and links to the software and release notes, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24042893>).\n * For information about upgrading, see the [upgrade procedures](<http://www.ibm.com/support/docview.wss?uid=swg27049072>).For information about Version 11.0.2.2, see the [download document](<http://www.ibm.com/support/docview.wss?uid=swg24044331>).\n 2. Download the IBM Java Runtime, Version 8 package and operating system from [Fix Central](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Watson%2BGroup&product=ibm/Information+Management/InfoSphere+Data+Explorer&release=11.0.2.2&platform=All&function=all>): interim fix **11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR6FP16** or later (for example, 11.0.2.2-WS-WatsonExplorer-AEAnalytical-CAStudio-8SR6FP16, which includes 64-bit version of IBM Java Runtime).\n 3. To apply the fix, follow the steps in [Updating IBM Java Runtime](<https://www.ibm.com/support/pages/node/561503>). \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n3 Dec 2020: Initial Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nReview the [IBM security bulletin disclaimer and definitions](<https://www.ibm.com/support/pages/node/6610583#disclaimer>) regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SS8NLW\",\"label\":\"IBM Watson Explorer\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF002\",\"label\":\"AIX\"},{\"code\":\"PF016\",\"label\":\"Linux\"},{\"code\":\"PF033\