Lucene search

K
ibm
IBMF35F5FE0DA298C18416599A44F6A3AC496F0F4FEC9098F354459A1FB95F4A01E
HistoryJun 16, 2018 - 2:01 p.m.

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2016-3426, CVE- 2016-3427)

2018-06-1614:01:57
www.ibm.com
2

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6
that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in April 2016.

Vulnerability Details

CVEID: CVE-2016-3427** *DESCRIPTION: An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

These vulnerabilities are known to affect the following offerings:

IBM Initiate Master Data Service versions 9.5, 9.7, 10.0, 10.1 (impacts Master Data Engine component, Message Brokers component and Workbench component)

Remediation/Fixes

The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.

Product VRMF APAR Remediation/First Fix
IBM Initiate Master Data Service

9.5

| None| 9.5.052516_IM_Initiate_MasterDataService_ALL_InterimFix
IBM Initiate Patient|

9.5

| None| 9.5.052516_IM_Initiate_Patient_ALL_InterimFix
IBM Initiate Provider|

9.5

| None| 9.5.052516_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service |

9.7

| None| 9.7.052516_IM_Initiate_MasterDataService_ALL_InterimFix
IBM Initiate Patient|

9.7

| None| 9.7.052516_IM_Initiate_Patient_ALL_InterimFix
IBM Initiate Provider|

9.7

| None| 9.7.052516_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service|

10.0

| None| 10.0.052516_IM_Initiate_MasterDataService_ALL_InterimFix
IBM Initiate Patient|

10.0

| None| 10.0.052516_IM_Initiate_Patient_ALL_InterimFix
IBM Initiate Provider|

10.0

| None| 10.0.052516_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service|

10.1

| None| 10.1.052516_IM_Initiate_MasterDataService_ALL_InterimFix

Workarounds and Mitigations

None.

How to protect your server from attacks?

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

Related for F35F5FE0DA298C18416599A44F6A3AC496F0F4FEC9098F354459A1FB95F4A01E