5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server as a component of IBM Tivoli Network Performance Manager Wireline Platform. These issues were disclosed as part of the IBM Java SDK updates in January 2015.
CVE-ID: CVE-2014-6593
DESCRIPTION: An unspecified vulnerability related to the JSSE component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/10053> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVE-ID: CVE-2015-0400
DESCRIPTION: An unspecified vulnerability related to the Libraries component could allow a remote attacker to obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100149> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVE-ID: CVE-2015-0410
DESCRIPTION: An unspecified vulnerability related to the Security component could allow a remote attacker to cause a denial of service.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/100151> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Affected eWAS Versions: IBM SDK, Java Technology Editions shipped with IBM WebSphere Application Server Version 8.5.0.0 through 8.5.5.4, Version 8.0.0.0 through 8.0.0.10, Version 7.0.0.0 through 7.0.0.35, Version 6.1.0.0 through 6.1.0.47 are affected. This does not occur on IBM SDK, Java Technology Editions shipped with WebSphere Application Servers Fix Packs 8.5.5.5, 8.0.0.11 and 7.0.0.37 or later.
Please consult the security bulletin Multiple vulnerabilities in IBM Java SDK affect WebSphere Application Server January 2015 CPU for vulnerability details.
Principal Product and Version(s)
| Affected IBM WebSphere Application Server Version
—|—
Tivoli Netcool Performance Manager version 1.3.1, 1.3.2, 1.3.3, 1.4.0| WAS version 6.1, 7.0, 8.0, 8.5