Lucene search

K
ibmIBME1CD32BD9F91BBD42336CF9972C1DF18FC5977D57499520A6A97DE2B4C471DCE
HistoryJul 17, 2019 - 10:00 p.m.

Security Bulletin: Security vulnerability in IBM Java SDK affects IBM Security Identity Governance and Intelligence (CVE-2019-2684)

2019-07-1722:00:01
www.ibm.com
9

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Summary

There is one security vulnerability in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Identity Governance and Intelligence (IGI).

Vulnerability Details

CVEID: CVE-2019-2684

DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/159776&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

IBM Security Identity Governance and Intelligence (IGI) 5.2, 5.2.1, 5.2.2, 5.2.2.1, 5.2.3, 5.2.3.1, 5.2.3.2, 5.2.4, 5.2.4.1, 5.2.5.0;

Remediation/Fixes

Product Name

| VRMF | First Fix
—|—|—
IGI | 5.2 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.1 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.2 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.2.1 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.3 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.3.1 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.3.2 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.4 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.4.1 | 5.2.5.0-ISS-SIGI-FP0001
IGI | 5.2.5.0 | 5.2.5.0-ISS-SIGI-FP0001

Workarounds and Mitigations

None

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N