Lucene search

K
ibmIBMCF48CF2E4C992D03050AD1B86709314A91AFBCF3E0EBBD84A154D83BCFCA4496
HistoryJun 17, 2018 - 5:02 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Administrator (CVE-2015-0488, CVE-2015-1916)

2018-06-1705:02:29
www.ibm.com
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

There are multiple vulnerabilities in IBM Runtime Environment Java Technology Edition, Version 6 that is used by Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in April 2015.

Vulnerability Details

CVEID:CVE-2015-0488**
DESCRIPTION: *An unspecified vulnerability related to the JSSE component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/102336&gt; for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2015-1916**
DESCRIPTION: *Server applications which use the IBM Java Secure Socket Extension provider to accept SSL/TLS connections are vulnerable to a denial of service attack due to an unspecified vulnerability.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/101995&gt; for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Affected Products and Versions

Product

| Version
—|—
Rational Directory Administrator| 6.0 - 6.0.0.2_iFix02

Remediation/Fixes

Product

| Download link
—|—
IBM Rational Directory Administrator 6.0 and above| RDA 6.0.0.2 iFix03

Workarounds and Mitigations

None

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P