A vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.40 used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. The issue is disclosed as a part of the IBM Java SDK updates in January 2020.
CVEID:CVE-2020-2654
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
Cloud Orchestrator | 2.5.0.10 |
The recommended solution is to manually apply the fix on IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5.0.10.
Consult the following security bulletin for the vulnerability details and information about their fixes:
Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition
None