6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 6 and 7 that affect the WebSphere DataPower XC10 Appliance. These issues were disclosed as part of the IBM Java SDK updates in Jan 2017.
CVEID: CVE-2016-5548
DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120864 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID: CVE-2016-5547 DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120871 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID: CVE-2016-5552 DESCRIPTION: An unspecified vulnerability related to the Networking component has no confidentiality impact, low integrity impact, and no availability impact.
CVSS Base Score: 5.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/120872 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
WebSphere DataPower XC10 Appliance Version 2.1
WebSphere DataPower XC10 Appliance Version 2.5
Product
| VRMF| APAR| Remediation/First Fix
—|—|—|—
WebSphere DataPower XC10 Appliance V2.1 on appliance 9235-92X| 2.1| IT19816| Refer to the Version 2.1 table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.1 on appliance 7199-92X| 2.1| IT19816| Refer to the** Version 2.1** table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.5 on appliance 7199-92X| Version 2.5 with SSD drivers **
Important**: See More Information link and follow instructions to determine if you have an old or newer SSD driver on your appliance using the show ssd-version command.| IT19816| Refer to theVersion 2.5 table in Recommended fixes for WebSphere DataPower XC10 Appliance.
WebSphere DataPower XC10 Appliance V2.5 virtual image| 2.5| IT19816| Refer to the** Version 2.5** table in Recommended fixes for WebSphere DataPower XC10 Appliance.
None
CPE | Name | Operator | Version |
---|---|---|---|
websphere datapower xc10 appliance | eq | 2.5 | |
websphere datapower xc10 appliance | eq | 2.1 |
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P