Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD6F0E984E380123D9BBF2B62BF44722BDB509A9B9B33AE7275CD298D194F5B74
HistoryApr 13, 2020 - 2:47 p.m.

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM SPSS Statistics

2020-04-1314:47:31
www.ibm.com
10

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

There is a vulnerability in IBM® Runtime Environment Java™ Versions 7.0, 7.1, and 8.0 used by IBM SPSS Statistics. IBM SPSS Statistics has addressed the applicable CVE.

Vulnerability Details

CVEID:CVE-2018-12547
**DESCRIPTION:**In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157512 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Products Versions
SPSS Statistics 26.0
SPSS Statistics 25.0
SPSS Statistics 24.0
SPSS Statistics 23.0

Remediation/Fixes

Affected Products Versions Fixes
SPSS Statistics 26.0 Install Statistics 26 FP001
SPSS Statistics 25.0 Install Statistics 25 FP002-IF006
SPSS Statistics 24.0 Install Statistics 24 FP002-IF019
SPSS Statistics 23.0 Install Statistics 23 FP003-IF017

Workarounds and Mitigations

None

Related

cve 1
redhatcve 1
ibm 126
cvelist 1
prion 1
osv 1
veracode 1
nessus 6
redhat 6
aix 1
cve
cve
CVE-2018-12547
2019-02-11 15:29:00
redhatcve
redhatcve
CVE-2018-12547
2020-01-03 15:30:50
ibm
ibm
Security Bulletin: WebSphere MQ Internet Pass-Thru is affected by a vulnerability in IBM Java Runtime
2019-09-10 10:00:55
Security Bulletin: A Vulnerability in IBM Java Runtime Affects IBM Sterling Connect:Direct for Microsoft Windows
2020-07-24 22:19:08
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational DOORS Web Access
2019-03-28 17:45:01
cvelist
cvelist
CVE-2018-12547
2019-02-11 15:00:00
prion
prion
Code injection
2019-02-11 15:29:00
osv
osv
CVE-2018-12547
2019-02-11 15:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:57:00
nessus
nessus
RHEL 6 : java-1.7.1-ibm (RHSA-2019:0474)
2019-03-08 00:00:00
RHEL 7 : java-1.7.1-ibm (RHSA-2019:0473)
2019-03-08 00:00:00
RHEL 6 : java-1.8.0-ibm (RHSA-2019:0469)
2019-03-07 00:00:00
redhat
redhat
(RHSA-2019:0474) Critical: java-1.7.1-ibm security update
2019-03-07 15:44:12
(RHSA-2019:0473) Critical: java-1.7.1-ibm security update
2019-03-05 12:42:15
(RHSA-2019:0472) Critical: java-1.8.0-ibm security update
2019-03-05 12:14:26
aix
aix
Multiple vulnerabilities in IBM Java SDK affect AIX
2019-04-16 10:52:12

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for D6F0E984E380123D9BBF2B62BF44722BDB509A9B9B33AE7275CD298D194F5B74
cve1redhatcve1ibm126cvelist1prion1osv1veracode1nessus6redhat6aix1