4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
Security vulnerabilities have been discovered in Java
**CVE-ID:**CVE-2014-0411
**DESCRIPTION:**FlashSystem V840-AE1 uses an affected version of Oracle Java:
CVE-2014-0411 (Unspecified Oracle Java vulnerability)
In Oracle’s January 2014 Critical Patch Update (CPU) they disclosed, but did not fully specify, a vulnerability in Oracle Java SE related to the JSSE component that has partial confidentiality impact, partial integrity impact, and no availability impact. This unspecified vulnerability in Oracle Java SE allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. For further information on this vulnerability see: <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0411>
CVSS v2 Base Score: 4.0
CVSS Temporal Score: See <http://xforce.iss.net/xforce/xfdb/90357>
CVSS Vector: (AV:N/AC:H/AU:N/C:P/I:P/A:N)
_FlashSystem V840 including machine type models (all available code levels) _
9846-AE1 & 9848-AE1
Products
| VRMF| APAR| Remediation/First Fix
—|—|—|—
9846-AE1,
9848-AE1,| A code fix is now available, the VRMF of this code level is 1.1.2.2| N/A| _The recommended remediation is to apply this code fix for this Java vulnerability. _
Close GUI sessions when they approach 20 hours open, preferably closing the session at the end of each working day. Ensure that all users who have access to the system are authenticated by another security system such as a firewall.
CPE | Name | Operator | Version |
---|---|---|---|
ibm flashsystem software | eq | any |