5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in July 2015.
CVEID: CVE-2015-2601 **
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104733 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-2613 **
DESCRIPTION:** An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/104734 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2015-1931 **
DESCRIPTION:** IBM Java Security Components store plain text data in memory dumps, which could allow a local attacker to obtain information to aid in further attacks against the system.
CVSS Base Score: 2.1
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/102967 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)
IBM Security SiteProtector System 3.0 and 3.1.1
Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:
For SiteProtector 3.0:
SiteProtector Core Component: ServicePack3_0_0_8a.xpu
Event Collector Component: RSEvntCol_WINNT_ST_3_0_0_7.xpu
Agent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_48.xpu
For SiteProtector 3.1.1:
SiteProtector Core Component: ServicePack3_1_1_3a.xpu
Event Collector Component: RSEvntCol_WINNT_ST_3_1_1_3.xpu
Agent Manager Component: AgentManager_WINNT_XXX_ST_3_1_1_18.xpu
Update Server Component: UpdateServer_3_1_1_3.pkg
Event Archiver Component: EventArchiver_3_1_1_3.pkg
Event Archiver Importer Component: EventArchiverImporter_3_1_1_3.zip
Manual Upgrader Component: MU_3_1_1_4.xpu
These updates are also available to be manualy downloaded from the IBM Security License Key and Download Center at https://ibmss.flexnetoperations.com/service/ibms/login
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security siteprotector system | eq | 3.0 | |
ibm security siteprotector system | eq | 3.1.1 |
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N