Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD7B1C15A62F7B531F511A5EF0469D5FE65B9DE7B0ECEECEAB48E9146B08B3514
HistoryJun 16, 2018 - 9:23 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System (CVE-2014-6512, CVE-2014-6457)

2018-06-1621:23:11
www.ibm.com
12

EPSS

0.034

Percentile

91.5%

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7 that is used by IBM Security SiteProtector System. These issues were disclosed as part of the IBM Java SDK updates in October 2014.

Vulnerability Details

CVEID: CVE-2014-6512

DESCRIPTION: An unspecified vulnerability related to the Libraries component has no confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97147 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVEID: CVE-2014-6457

DESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.

CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/97148 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1

Remediation/Fixes

Apply the appropriate eXPress Updates (XPUs) as identified in the SiteProtector Console Agent view:

For SiteProtector 3.0:

SiteProtector Core Component: ServicePack3_0_0_7.xpu
Event Collector Component: RSEvntCol_WINNT_ST_3_0_0_6.xpu
Agent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_37.xpu

For SiteProtector 3.1.0:

SiteProtector Core Component: ServicePack3_1_0_4.xpu
Event Collector Component: RSEvntCol_WINNT_ST_3_1_0_4.xpu
Agent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_19.xpu

For SiteProtector 3.1.1:

SiteProtector Core Component: ServicePack3_1_1_2.xpu
Event Collector Component: RSEvntCol_WINNT_ST_3_1_1_2.xpu
Agent Manager Component: AgentManager_WINNT_XXX_ST_3_0_0_7.xpu
Update Server Component: UpdateServer_3_1_1_2.pkg
Event Archiver Component: EventArchiver_3_1_1­_2.pkg
Event Archiver Importer Component: EventArchiverImporter_3_1_1_2.zip
Manual Upgrader Component: MU_3_1_1_3.xpu

Workarounds and Mitigations

None

Related

ibm 59
nessus 43
ubuntucve 2
veracode 7
prion 2
cvelist 2
nvd 2
debiancve 2
cve 2
openvas 36
redhat 11
centos 4
amazon 3
osv 3
oraclelinux 4
mageia 1
debian 3
suse 6
ubuntu 3
aix 1
f5 2
kaspersky 1
ibm
ibm
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM System Storage Storwize V7000 Unified (CVE-2014-6512 and CVE-2014-6457)
2018-06-18 00:09:04
Security Bulletin: Vulnerabilities in IBM Java SDK affect IBM System Storage Storwize SONAS (CVE-2014-6512 and CVE-2014-6457)
2018-06-18 00:09:26
Security Bulletin: Vulnerability in SSLv3 and multiple vulnerabilities in IBM Java Runtime affect IBM Systems Director (CVE-2014-6512, CVE-2014-6457 and CVE-2014-3566)
2019-01-31 01:45:01
nessus
nessus
Oracle JRockit R27.8.3 / R28.3.3 Multiple Vulnerabilities (October 2014 CPU)
2014-10-15 00:00:00
RHEL 5 / 6 : java-1.5.0-ibm (RHSA-2014:1881) (POODLE)
2014-11-21 00:00:00
IBM WebSphere Application Server 7.0 < Fix Pack 37 Multiple Vulnerabilities (POODLE)
2015-03-17 00:00:00
ubuntucve
ubuntucve
CVE-2014-6457
2014-10-15 00:00:00
CVE-2014-6512
2014-10-15 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-01-15 09:02:24
Authorization Bypass
2019-05-02 05:05:22
Information Disclosure
2019-05-02 05:12:51
prion
prion
Design/Logic Flaw
2014-10-15 15:55:00
Buffer overflow
2014-10-15 22:55:00
cvelist
cvelist
CVE-2014-6457
2014-10-15 15:15:00
CVE-2014-6512
2014-10-15 22:03:00
nvd
nvd
CVE-2014-6457
2014-10-15 15:55:07
CVE-2014-6512
2014-10-15 22:55:06
debiancve
debiancve
CVE-2014-6512
2014-10-15 22:55:06
CVE-2014-6457
2014-10-15 15:55:07
cve
cve
CVE-2014-6512
2014-10-15 22:55:06
CVE-2014-6457
2014-10-15 15:55:07
openvas
openvas
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2014) - Windows
2014-10-20 00:00:00
Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Oct 2014) - Linux
2014-10-20 00:00:00
CentOS Update for java CESA-2014:1620 centos7
2014-10-16 00:00:00
redhat
redhat
(RHSA-2014:1881) Important: java-1.5.0-ibm security update
2014-11-20 00:00:00
(RHSA-2014:1634) Important: java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
(RHSA-2014:1633) Important: java-1.7.0-openjdk security and bug fix update
2014-10-14 00:00:00
centos
centos
java security update
2014-10-15 11:42:17
java security update
2014-10-15 12:22:05
java security update
2014-10-15 11:48:47
amazon
amazon
Important: java-1.6.0-openjdk
2014-10-16 22:15:00
Important: java-1.7.0-openjdk
2014-10-16 22:16:00
Important: java-1.8.0-openjdk
2014-10-16 22:16:00
osv
osv
openjdk-6 - security update
2014-11-26 00:00:00
openjdk-7 - security update
2014-11-29 00:00:00
openjdk-6 - security update
2014-11-28 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
java-1.6.0-openjdk security and bug fix update
2014-10-14 00:00:00
java-1.7.0-openjdk security and bug fix update
2014-10-15 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix security vulnerabilities
2014-10-26 00:23:09
debian
debian
[SECURITY] [DSA 3080-1] openjdk-7 security update
2014-11-29 12:43:45
[SECURITY] [DSA 3077-1] openjdk-6 security update
2014-11-26 19:10:21
[SECURITY] [DLA 96-1] openjdk-6 security update
2014-11-28 10:25:51
suse
suse
Security update for java-1_7_0-openjdk (important)
2014-11-13 17:04:46
Security update for java-1_5_0-ibm (important)
2015-02-25 19:05:32
Security update for IBM Java (important)
2014-11-28 19:05:41
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2014-10-17 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
OpenJDK 7 vulnerabilities
2014-10-23 00:00:00
aix
aix
Multiple vulnerabilities in current releases of the IBM SDK Java Technology Edition; issues in the Oracle October 2014 Critical Patch Update plus the POODLE SSLv3 vulnerability and
2014-11-14 15:40:48
f5
f5
SOL15745 - Multiple Oracle Java vulnerabilities
2014-10-27 00:00:00
K15745 : Multiple Oracle Java vulnerabilities
2014-10-28 00:00:00
kaspersky
kaspersky
KLA10505 Multiple vulnerabilities in Oracle products
2014-10-15 00:00:00

EPSS

0.034

Percentile

91.5%

JSON
Related for D7B1C15A62F7B531F511A5EF0469D5FE65B9DE7B0ECEECEAB48E9146B08B3514
ibm59nessus43ubuntucve2veracode7prion2cvelist2nvd2debiancve2cve2openvas36redhat11centos4amazon3osv3oraclelinux4mageia1debian3suse6ubuntu3aix1f52kaspersky1