IBMF35F5FE0DA298C18416599A44F6A3AC496F0F4FEC9098F354459A1FB95F4A01ESecurity Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2016-3426, CVE- 2016-3427)
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Summary
There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6
that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in April 2016.
Vulnerability Details
CVEID: CVE-2016-3427** *DESCRIPTION: An unspecified vulnerability related to the JMX component has complete confidentiality impact, complete integrity impact, and complete availability impact.
CVSS Base Score: 10
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112459 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVEID: CVE-2016-3426** *DESCRIPTION: An unspecified vulnerability related to the JCE component could allow a remote attacker to obtain sensitive information resulting in a partial confidentiality impact using unknown attack vectors.
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/112457 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Affected Products and Versions
These vulnerabilities are known to affect the following offerings:
IBM Initiate Master Data Service versions 9.5, 9.7, 10.0, 10.1 (impacts Master Data Engine component, Message Brokers component and Workbench component)
Remediation/Fixes
The recommended solution is to apply the fix as soon as practical. Please see below for information on the fixes available.
| Product | VRMF | APAR | Remediation/First Fix |
|---|---|---|---|
| IBM Initiate Master Data Service |
9.5
| None| 9.5.052516_IM_Initiate_MasterDataService_ALL_InterimFix
IBM Initiate Patient|
9.5
| None| 9.5.052516_IM_Initiate_Patient_ALL_InterimFix
IBM Initiate Provider|
9.5
| None| 9.5.052516_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service |
9.7
| None| 9.7.052516_IM_Initiate_MasterDataService_ALL_InterimFix
IBM Initiate Patient|
9.7
| None| 9.7.052516_IM_Initiate_Patient_ALL_InterimFix
IBM Initiate Provider|
9.7
| None| 9.7.052516_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service|
10.0
| None| 10.0.052516_IM_Initiate_MasterDataService_ALL_InterimFix
IBM Initiate Patient|
10.0
| None| 10.0.052516_IM_Initiate_Patient_ALL_InterimFix
IBM Initiate Provider|
10.0
| None| 10.0.052516_IM_Initiate_Provider_ALL_InterimFix
IBM Initiate Master Data Service|
10.1
| None| 10.1.052516_IM_Initiate_MasterDataService_ALL_InterimFix
Workarounds and Mitigations
None.
Related
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C