Lucene search

K
ibmIBMD9796BED4A99D7BD7ED887217368BE5705A58E6AA2F835F4FEFBF0DBADDB1EC7
HistoryAug 24, 2020 - 11:15 a.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

2020-08-2411:15:15
www.ibm.com
21

EPSS

0.004

Percentile

72.5%

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. These issues were disclosed as part of the IBM Java SDK updates in April 2020.

Vulnerability Details

CVEID:CVE-2020-2805
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179703 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-2803
**DESCRIPTION:**An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system.
CVSS Base score: 8.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179701 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID:CVE-2020-2830
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179728 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-2781
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE JSSE component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179681 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-2800
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Lightweight HTTP Server component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
CVSS Base score: 4.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179698 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2020-2757
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179657 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-2756
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-2755
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179655 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-2754
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Java SE Scripting component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/179654 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Netcool Agile Service Manager 1.1

Remediation/Fixes

Update to IBM Netcool Agile Service Manager 1.1.3

To install Netcool® Agile Service Manager Version 1.1.6.1, you download the installation images from IBM® Passport Advantage®. You then follow standard installation procedures, whether you install a new instance of Agile Service Manager, or upgrade an existing version.

Download Netcool Agile Service Manager v1.1.8 (updated 26 June 2020)

Workarounds and Mitigations

None

EPSS

0.004

Percentile

72.5%

Related for D9796BED4A99D7BD7ED887217368BE5705A58E6AA2F835F4FEFBF0DBADDB1EC7