Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME05BB8F45DC047A2895F7AC85F4B8A9F55D22D985F0D4F65E95F3141873851DC
HistoryMay 16, 2022 - 4:03 p.m.

Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities

2022-05-1616:03:13
www.ibm.com
24

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

Summary

Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM.

Vulnerability Details

Abstract

Multiple security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FSM.

Content

VULNERABILITY DETAILS:

CVE ID: CVE-2013-2468
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85034&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2469
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85032&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2465
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85031&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2464
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85030&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2463
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85029&gt;
CVSS Environmental Score: Undefined
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2473
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85028&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2472
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85027&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2471
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85026&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2470
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85025&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2459
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85033&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2466
CVSS Base Score:Â 10
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85035&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2462
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85037&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2460
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85038&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3006
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/84147&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3007
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/84148&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3008
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/84149&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3009
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/84150&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-3010
CVSS Base Score:Â 9.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/84151&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-3743
CVSS Base Score:Â 7.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85036&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2448
CVSS Base Score:Â 7.6
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85040&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-2442
CVSS Base Score:Â 7.5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85041&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-4002
CVSS Base Score:Â 7.1
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85260&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C)

CVE ID: CVE-2013-2407
CVSS Base Score:Â 6.4
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85044&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:P)

CVE ID: CVE-2013-2454
CVSS Base Score:Â 5.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85045&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-2458
CVSS Base Score:Â 5.8
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85046&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-3744
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85051&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2400
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85050&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2456
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85058&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2453
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85053&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2457
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85052&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-2455
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/84146&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2443
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85054&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2447
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85056&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2437
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85049&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-2444
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85047&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-2452
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85055&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2446
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85048&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2450
CVSS Base Score:Â 5
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85057&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-0169
CVSS Base Score:Â 4.3
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/81902&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-2451
CVSS Base Score:Â 3.7
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85057&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-1500
CVSS Base Score:Â 3.6
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/85062&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-2415
CVSS Base Score:Â 2.1
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/83592&gt;
CVSS Environmental Score: Undefined
CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Affected products and versions

IBM Flex System Manager Node, Types 7955, 8731, 8734 all models, 1.1.0 - 1.3

Remediation:

Install FSMApplianceUpdate-1-3-1 update packagefor Flex System Manager Node. The package is available on IBM Fix Central.

Workaround(s) & Mitigation(s):

None

References:

Related Information:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

Acknowledgement
None

Change History
06 December 2013: Original Copy Published

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Related

veracode 10
openvas 47
ibm 20
suse 13
nessus 46
redhat 8
securityvulns 1
oraclelinux 3
mageia 2
amazon 2
centos 3
debian 2
ubuntu 3
prion 13
cve 13
attackerkb 1
ubuntucve 9
threatpost 1
thn 2
veracode
veracode
Privilege Escalation
2019-05-02 04:46:31
Information Disclosure
2019-05-02 04:46:29
Privilege Escalation
2019-05-02 04:46:31
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1257-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1256-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1263-1)
2021-06-09 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Composite Application Manager for Transactions affected by vulnerabilities in IBM JRE (Multiple CVEs)
2022-09-25 21:06:56
Security Bulletin: WebSphere Application Server - Oracle CPU shipped with Rational Application Developer for WebSphere Software June 2013 (CVE-2013-1571)
2020-02-05 00:09:48
Security Bulletin: WebSphere Application Server - Oracle CPU shipped with Rational Developer for System z June 2013 (CVE-2013-1571)
2020-10-27 15:51:50
suse
suse
Security update for java-1_7_0-ibm (important)
2013-07-25 20:04:26
Security update for java-1_6_0-ibm (important)
2013-07-27 17:04:18
Security update for java-1_7_0-ibm (important)
2013-07-25 20:04:17
nessus
nessus
SuSE 10 Security Update : java-1_6_0-ibm (ZYPP Patch Number 8657)
2013-07-26 00:00:00
SUSE SLES11 Security Update : java-1_7_0-ibm (SUSE-SU-2013:1256-1)
2015-05-20 00:00:00
SuSE 11.2 / 11.3 Security Update : java-1_7_0-ibm (SAT Patch Numbers 8106 / 8108)
2013-07-26 00:00:00
redhat
redhat
(RHSA-2013:1060) Critical: java-1.7.0-ibm security update
2013-07-15 00:00:00
(RHSA-2013:0963) Critical: java-1.7.0-oracle security update
2013-06-20 00:00:00
(RHSA-2013:1059) Critical: java-1.6.0-ibm security update
2013-07-15 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
mageia
mageia
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
centos
centos
java security update
2013-06-20 06:43:01
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:46:44
debian
debian
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:53:07
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:12:25
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
cve
cve
CVE-2013-2464
2013-06-18 22:55:00
CVE-2013-2466
2013-06-18 22:55:00
CVE-2013-2468
2013-06-18 22:55:00
attackerkb
attackerkb
CVE-2013-2464
2013-06-18 00:00:00
ubuntucve
ubuntucve
CVE-2013-2464
2013-06-18 00:00:00
CVE-2013-2468
2013-06-18 00:00:00
CVE-2013-2442
2013-06-18 00:00:00
threatpost
threatpost
Many Flash, Java Users Running Older, Vulnerable Versions
2013-09-06 07:40:52
thn
thn
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 04:15:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 15:15:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for E05BB8F45DC047A2895F7AC85F4B8A9F55D22D985F0D4F65E95F3141873851DC
veracode10openvas47ibm20suse13nessus46redhat8securityvulns1oraclelinux3mageia2amazon2centos3debian2ubuntu3prion13cve13attackerkb1ubuntucve9threatpost1thn2