6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
There are multiple vulnerabilities in IBM® Runtime Environment Java™ which is used by IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020.
CVEID:CVE-2019-4732
**DESCRIPTION:**IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)
CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)
CVEID:CVE-2019-2964
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Protect Operations Center | 8.1.0.000-8.1.9.000 |
7.1.0.000-7.1.9.300 | |
IBM Spectrum Protect Client Management Service (CMS) | 8.1.0.000-8.1.9.000 |
7.1.0.000-7.1.9.300 |
Spectrum Protect Operations Center Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
8.1 | 8.1.10.000 | AIX | |
Linux | |||
Windows | <http://www.ibm.com/support/pages/node/6229104> | ||
7.1 | 7.1.10.000 | AIX | |
Linux | |||
Windows |
<https://www.ibm.com/support/pages/node/6150825>
Spectrum Protect Client Management Service Release | First Fixing VRM Level | Platform | Link to Fix |
---|---|---|---|
8.1 | 8.1.10.000 | Linux | |
Windows | <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1/> | ||
7.1 | 7.1.10.000 | Linux | |
Windows | <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v7r1/> |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum protect extended edition | eq | 8.1 | |
ibm spectrum protect extended edition | eq | 7.1 |
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C