Lucene search

K
ibmIBMCA3C9AADA39680360DAEA4E8792E1017895CFD055E35AC85B4646686615108DA
HistorySep 09, 2020 - 10:09 a.m.

Security Bulletin: Vulnerability in IBM Java SDK affect IBM Cloud Orchestrator (CVE-2020-2654)

2020-09-0910:09:55
www.ibm.com
19
ibm
java sdk
cloud orchestrator
vulnerability
version 8.0.5.40
cve-2020-2654

EPSS

0.001

Percentile

28.7%

Summary

A vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.40 used by IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. The issue is disclosed as a part of the IBM Java SDK updates in January 2020.

Vulnerability Details

CVEID:CVE-2020-2654
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174601 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Cloud Orchestrator 2.5.0.10

Remediation/Fixes

The recommended solution is to manually apply the fix on IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5.0.10.

Consult the following security bulletin for the vulnerability details and information about their fixes:

Security Bulletin: CVE-2020-2654 may affect IBM® SDK, Java™ Technology Edition

Workarounds and Mitigations

None