Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEB45A8E705CAB75A8A682F4C535E5DF1F11699C5A407F872CBE6FC0D6957080D
HistoryJun 12, 2020 - 10:23 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Operations Center and Client Management Service (CVE-2019-4732, CVE-2019-2989, CVE-2019-2964)

2020-06-1222:23:51
www.ibm.com
8

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON

Summary

There are multiple vulnerabilities in IBM® Runtime Environment Java™ which is used by IBM Spectrum Protect Operations Center and IBM Spectrum Protect Client Management Service. These issues were disclosed as part of the IBM Java SDK updates in October 2019 and January 2020.

Vulnerability Details

CVEID:CVE-2019-4732
**DESCRIPTION:**IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
CVSS Base score: 7.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172618 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H)

CVEID:CVE-2019-2989
**DESCRIPTION:**An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)

CVEID:CVE-2019-2964
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169270 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Operations Center 8.1.0.000-8.1.9.000
7.1.0.000-7.1.9.300
IBM Spectrum Protect Client Management Service (CMS) 8.1.0.000-8.1.9.000
7.1.0.000-7.1.9.300

Remediation/Fixes

Spectrum Protect Operations Center Release First Fixing VRM Level Platform Link to Fix
8.1 8.1.10.000 AIX
Linux
Windows <http://www.ibm.com/support/pages/node/6229104&gt;
7.1 7.1.10.000 AIX
Linux
Windows

<https://www.ibm.com/support/pages/node/6150825&gt;

Spectrum Protect Client Management Service Release First Fixing VRM Level Platform Link to Fix
8.1 8.1.10.000 Linux
Windows <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v8r1/&gt;
7.1 7.1.10.000 Linux
Windows <https://public.dhe.ibm.com/storage/tivoli-storage-management/maintenance/cms/v7r1/&gt;

Workarounds and Mitigations

None

Related

ibm 147
nessus 18
redhatcve 3
cve 3
prion 3
ubuntucve 2
symantec 2
alpinelinux 2
veracode 2
debiancve 2
f5 2
openvas 4
redhat 4
oraclelinux 2
centos 2
amazon 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security SiteProtector System
2020-05-28 08:23:20
Security Bulletin: Vulnerabilities in Java runtime environment that IBM provides affect WebSphere eXtreme Scale
2020-03-31 11:30:15
Security Bulletin: Java vulnerabilities affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
nessus
nessus
IBM Java 8.0 < 8.0.6.5
2022-04-29 00:00:00
RHEL 6 : java-1.7.1-ibm (RHSA-2019:4109)
2019-12-06 00:00:00
SUSE SLES12 Security Update : java-1_7_1-ibm (SUSE-SU-2020:0051-1)
2020-01-10 00:00:00
redhatcve
redhatcve
CVE-2019-4732
2020-01-31 23:36:37
CVE-2019-2989
2020-02-06 20:13:00
CVE-2019-2964
2020-04-08 05:12:17
cve
cve
CVE-2019-4732
2020-02-03 17:15:00
CVE-2019-2989
2019-10-16 18:15:00
CVE-2019-2964
2019-10-16 18:15:00
prion
prion
Spoofing
2020-02-03 17:15:00
Design/Logic Flaw
2019-10-16 18:15:00
Design/Logic Flaw
2019-10-16 18:15:00
ubuntucve
ubuntucve
CVE-2019-2989
2019-10-16 00:00:00
CVE-2019-2964
2019-10-16 00:00:00
symantec
symantec
Oracle Java SE/Java SE Embedded CVE-2019-2964 Remote Security Vulnerability
2019-10-15 00:00:00
Oracle Java SE/Java SE Embedded CVE-2019-2989 Remote Security Vulnerability
2019-10-15 00:00:00
alpinelinux
alpinelinux
CVE-2019-2964
2019-10-16 18:15:00
CVE-2019-2989
2019-10-16 18:15:00
veracode
veracode
Authentication Bypass
2019-10-17 00:22:20
Denial Of Service (DoS)
2019-10-17 00:22:19
debiancve
debiancve
CVE-2019-2989
2019-10-16 18:15:00
CVE-2019-2964
2019-10-16 18:15:00
f5
f5
K01106224 : Java SE vulnerability CVE-2019-2964
2022-06-10 00:00:00
K55136511 : Java SE vulnerabilities CVE-2019-2978 and CVE-2019-2989
2022-06-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:14263-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0051-1)
2021-04-19 00:00:00
CentOS Update for java CESA-2019:3157 centos7
2019-10-24 00:00:00
redhat
redhat
(RHSA-2019:4109) Moderate: java-1.7.1-ibm security update
2019-12-05 15:01:31
(RHSA-2019:4110) Moderate: java-1.7.1-ibm security update
2019-12-05 15:03:45
(RHSA-2019:3157) Moderate: java-1.7.0-openjdk security update
2019-10-21 12:42:38
oraclelinux
oraclelinux
java-1.7.0-openjdk security update
2019-10-21 00:00:00
java-1.7.0-openjdk security update
2019-10-21 00:00:00
centos
centos
java security update
2019-10-22 23:51:11
java security update
2019-10-23 13:04:50
amazon
amazon
Medium: java-1.7.0-openjdk
2019-12-13 19:13:00

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

JSON
Related for EB45A8E705CAB75A8A682F4C535E5DF1F11699C5A407F872CBE6FC0D6957080D
ibm147nessus18redhatcve3cve3prion3ubuntucve2symantec2alpinelinux2veracode2debiancve2f52openvas4redhat4oraclelinux2centos2amazon1