CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.3%
Multiple security vulnerablilities exist in the JREs shipped with CICS TG for client applications. CICS TG itself is not vulnerable to these risks but client side applications using the JREs might be. You will need to evaluate your own code to determine if you are vulnerable.
VULNERABILITY DETAILS:
**CVEID:**CVE-2013-2468 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85034 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2469 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âIncorrect image layout verificationâ in 2D.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85032 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2465 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âIncorrect image channel verificationâ in 2D.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85031 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2464 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, and CVE-2013-2473.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85030 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
**** **CVEID:**CVE-2013-2463 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âIncorrect image attribute verificationâ in 2D.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85029 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2473 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âIncorrect ByteBandedRaster size checksâ in 2D.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85028 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2472 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âIncorrect ShortBandedRaster size checksâ in 2D.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85027 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2471 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âIncorrect IntegerComponentRaster size checks.â
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85026 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2470 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âImagingLib byte lookup processing.â
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85025 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2459 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to âinteger overflow checks.â
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85033 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2466 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85035 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
CVEID: CVE-2013-2462 DESCRIPTION:
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/85037 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:X/AC:X/Au:X/C:X/I:X/A:X)
AFFECTED PRODUCTS AND VERSIONS:
CICS Transaction Gateway for Multiplatforms v9.0 and earlier
REMEDIATION:
Updated client side JREâs have been made available on Fix Central. Upgrade the JRE being used by CICS TG Java client applications. Updated JREs for use with CICS TG Java client applications are made available on Fix Central:
http://www-933.ibm.com/support/fixcentral/options?selection=Software%3Bibm%2FOther+software%3Bibm%2FWebSphere%2FCICS+Transaction+Gateway+for+Multiplatforms
Workaround(s):
None
Mitigation(s):
None
RELATED INFORMATION:
īˇ Complete CVSS v2 Guide
īˇ On-line Calculator v2
[{âProductâ:{âcodeâ:âSSGMJ2â,âlabelâ:âCICS Transaction Gatewayâ},âBusiness Unitâ:{âcodeâ:âBU058â,âlabelâ:âIBM Infrastructure w/TPSâ},âComponentâ:âCTGâ,âPlatformâ:[{âcodeâ:âPF002â,âlabelâ:âAIXâ},{âcodeâ:âPF010â,âlabelâ:âHP-UXâ},{âcodeâ:âPF016â,âlabelâ:âLinuxâ},{âcodeâ:âPF027â,âlabelâ:âSolarisâ},{âcodeâ:âPF033â,âlabelâ:âWindowsâ}],âVersionâ:â9.0;8.1;8.0;7.2;7.1â,âEditionâ:âAllâ,âLine of Businessâ:{âcodeâ:âLOB35â,âlabelâ:âMainframe SWâ}}]
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cics_transaction_gateway | 9.0 | cpe:2.3:a:ibm:cics_transaction_gateway:9.0:*:*:*:*:*:*:* |
ibm | cics_transaction_gateway | 8.1 | cpe:2.3:a:ibm:cics_transaction_gateway:8.1:*:*:*:*:*:*:* |
ibm | cics_transaction_gateway | 8.0 | cpe:2.3:a:ibm:cics_transaction_gateway:8.0:*:*:*:*:*:*:* |
ibm | cics_transaction_gateway | 7.2 | cpe:2.3:a:ibm:cics_transaction_gateway:7.2:*:*:*:*:*:*:* |
ibm | cics_transaction_gateway | 7.1 | cpe:2.3:a:ibm:cics_transaction_gateway:7.1:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.3%