Lucene search

IBMD7EDBDD1AA8C38720CCAA0532E8A0938B3C0F41DA542DAAEA77BEAC40848B4DE

HistoryFeb 11, 2021 - 3:17 p.m.

Security Bulletin: A security vulnerability has been identified in Oracle Java shipped with IBM® Intelligent Operations Center (CVE-2020-2601)

2021-02-1115:17:13

www.ibm.com

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

Oracle Java is shipped with IBM® Intelligent Operations Center. Information about a security vulnerability affecting Oracle Java has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2020-2601
**DESCRIPTION:**An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174548 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
Intelligent Operations Center (IOC)	All
IBM® Intelligent Operations Center for Emergency Management	All

Remediation/Fixes

Download the correct version of the fix from the following link: IBM Intelligent Operations Center Version 5.2.1.2. Installation instructions for the fix are included in the readme document that is in the fix package.

Workarounds and Mitigations

None

CPENameOperatorVersion
intelligent operations center (ioc)eqany
ibm® intelligent operations center for emergency managementeqany

CPE	Name	Operator	Version
	intelligent operations center (ioc)	eq	any
	ibm® intelligent operations center for emergency management	eq	any

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Related for D7EDBDD1AA8C38720CCAA0532E8A0938B3C0F41DA542DAAEA77BEAC40848B4DE