Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD23B506F373F085D0D95234FF39AA0BCD38839F8B4D1BDF9584496C6B93F1F28
HistoryJun 16, 2018 - 1:18 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM SPSS Modeler (CVE-2015-0138, CVE-2015-0383, CVE-2015-0410, CVE-2014-6593)

2018-06-1613:18:27
www.ibm.com
12

5.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:P/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 6.0.15, 7.1.2, 7.0.8 that is used by IBM SPSS Modeler. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability.

Vulnerability Details

CVEID: CVE-2015-0138 DESCRIPTION: A vulnerability in various IBM SSL/TLS implementations could allow a remote attacker to downgrade the security of certain SSL/TLS connections. An IBM SSL/TLS client implementation could accept the use of an RSA temporary key in a non-export RSA key exchange ciphersuite. This could allow a remote attacker using man-in-the-middle techniques to facilitate brute-force decryption of TLS/SSL traffic between vulnerable clients and servers.
This vulnerability is also known as the FREAK attack.
CVSS Base Score: 4.3
CVSS Temporal Score: See <http://exchange.xforce.ibmcloud.com/#/vulnerabilities/100691&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2015-0410 DESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVEID: CVE-2014-6593 DESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100153&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2015-0383 DESCRIPTION: An unspecified vulnerability in Oracle Java SE and JRockit related to the Hotspot component has no confidentiality impact, partial integrity impact, and complete availability impact.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100148&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:C)

Affected Products and Versions

IBM SPSS Modeler 17 and earlier

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
IBM SPSS Modeler 14.2 PI37334 IBM SPSS Modeler 14.2 FP3 IF022_ _
IBM SPSS Modeler 15.0 PI37334 IBM SPSS Modeler 15.0 FP3 IF010_ _
IBM SPSS Modeler 16.0 PI37334 IBM SPSS Modeler 16.0 FP2
IBM SPSS Modeler 17.0 PI37334 IBM SPSS Modeler 17.0 IF 004_ _

Related

ibm 131
f5 4
nessus 14
openvas 14
threatpost 1
vmware 2
fedora 3
ubuntucve 3
cve 3
packetstorm 2
kaspersky 1
zdt 2
prion 3
veracode 3
debiancve 3
aix 1
redhat 2
osv 1
centos 1
debian 2
amazon 2
oraclelinux 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Tivoli Netcool/OMNIbus (Multiple CVEs)
2019-12-19 16:54:08
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Content Collector and IBM CommonStore for Lotus Domino (CVE-2015-0138, CVE-2014-6593, CVE-2015-0383, CVE-2015-0410)
2018-06-17 12:10:38
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects multiple IBM Rational products based on IBM Jazz technology (CVE-2014-6593, CVE-2015-0383, CVE-2015-0410, CVE-2015-0138)
2021-04-28 18:35:50
f5
f5
K16353 : Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16353 - Multiple JavaSE server-side vulnerabilities CVE-2015-0383, CVE-2015-0410, and CVE-2014-6593
2015-04-02 00:00:00
SOL16352 - Multiple OpenJDK vulnerabilities
2015-04-02 00:00:00
nessus
nessus
Oracle JRockit R27.8.4 / R28.3.4 Multiple Vulnerabilities (January 2015 CPU) (POODLE)
2015-01-21 00:00:00
Oracle Java SE 5 < Update 76 / 6 < Update 86 / 7 < Update 73 / 8 < Update 26 Multiple Vulnerabilities
2015-02-12 00:00:00
Fedora 20 : java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 (2015-8251)
2015-05-29 00:00:00
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Windows
2015-02-02 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-04 (Feb 2015) - Linux
2015-02-02 00:00:00
Fedora Update for java-1.8.0-openjdk FEDORA-2015-8251
2015-06-09 00:00:00
threatpost
threatpost
VMware Fixes Java Information Disclosure Vulnerability
2015-04-03 11:03:15
vmware
vmware
VMware product updates address critical information disclosure issue in JRE.
2015-04-02 00:00:00
VMware product updates address critical information disclosure issue in JRE
2015-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc21
2015-05-17 06:40:01
[SECURITY] Fedora 22 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc22
2015-05-26 03:54:26
[SECURITY] Fedora 20 Update: java-1.8.0-openjdk-1.8.0.45-38.b14.fc20
2015-05-27 16:03:58
ubuntucve
ubuntucve
CVE-2015-0383
2015-01-21 00:00:00
CVE-2014-6593
2015-01-21 00:00:00
CVE-2015-0410
2015-01-21 00:00:00
cve
cve
CVE-2015-0383
2015-01-21 18:59:00
CVE-2014-6593
2015-01-21 15:28:00
CVE-2015-0410
2015-01-21 18:59:00
packetstorm
packetstorm
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy
2015-08-12 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-06 00:00:00
kaspersky
kaspersky
KLA10530 JRE update for multiple VMware products
2015-04-02 00:00:00
zdt
zdt
Java Secure Socket Extension (JSSE) SKIP-TLS
2015-11-05 00:00:00
Java Secure Socket Extension (JSSE) SKIP-TLS MITM Proxy Exploit
2015-08-13 00:00:00
prion
prion
Design/Logic Flaw
2015-01-21 15:28:00
Design/Logic Flaw
2015-01-21 18:59:00
Security feature bypass
2015-01-21 18:59:00
veracode
veracode
Authorization Bypass
2019-05-02 05:07:16
Denial Of Service (DoS)
2019-05-02 05:07:17
Denial Of Service (DoS)
2019-05-02 05:07:17
debiancve
debiancve
CVE-2014-6593
2015-01-21 15:28:00
CVE-2015-0383
2015-01-21 18:59:00
CVE-2015-0410
2015-01-21 18:59:00
aix
aix
AIX IBM SDK Java JSSE vulnerability
2015-04-13 12:11:24
redhat
redhat
(RHSA-2015:0085) Important: java-1.6.0-openjdk security update
2015-01-26 00:00:00
(RHSA-2015:0068) Important: java-1.7.0-openjdk security update
2015-01-20 00:00:00
osv
osv
openjdk-6 - security update
2015-01-30 00:00:00
centos
centos
java security update
2015-01-26 19:17:49
debian
debian
[SECURITY] [DSA 3147-1] openjdk-6 security update
2015-01-30 15:57:23
[SECURITY] [DLA 157-1] openjdk-6 security update
2015-02-24 18:21:15
amazon
amazon
Important: java-1.6.0-openjdk
2015-02-11 19:38:00
Critical: java-1.7.0-openjdk
2015-01-22 14:18:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2015-01-26 00:00:00

5.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:P/A:C

JSON
Related for D23B506F373F085D0D95234FF39AA0BCD38839F8B4D1BDF9584496C6B93F1F28
ibm131f54nessus14openvas14threatpost1vmware2fedora3ubuntucve3cve3packetstorm2kaspersky1zdt2prion3veracode3debiancve3aix1redhat2osv1centos1debian2amazon2oraclelinux1