Lucene search

IBMFA053090EC72B4B22D26600960D138D5FE7F871074B1BFED4F4D77F3DF12C308

HistoryJun 16, 2018 - 7:39 p.m.

Security Bulletin: Multiple Vulnerabilities in IBM Java SDK affect IBM Multi-Enterprise Integration Gateway (CVE-2014-4263, CVE-2014-4244)

2018-06-1619:39:08

www.ibm.com

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

Summary

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway. These issues were disclosed as part of the IBM Java SDK updates in July 2014.

Vulnerability Details

CVEID: CVE-2014-4263 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94606 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVEID: CVE-2014-4244 DESCRIPTION: An unspecified vulnerability related to the Security component has partial confidentiality impact, partial integrity impact, and no availability impact.
CVSS Base Score: 4
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/94605 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

Affected Products and Versions

IBM Multi-Enterprise Integration Gateway 1.0 - 1.0.0.1

Remediation/Fixes

The recommended solution is to upgrade to the current release as soon as practical. Please see below for information about the fixes available.

_Fix_*	*VRMF*	*APAR*	*How to acquire fix*
Interim Fix 1.0.0.1_3	1.0.0.1	IT03591	IBM Fix Central > IBM_Multi-Enterprise_Integration_Gateway_V1.0.0.1_3_iFix_Media

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm multi-enterprise integration gatewayeq1.0.0

CPE	Name	Operator	Version
	ibm multi-enterprise integration gateway	eq	1.0.0

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

JSON

Related for FA053090EC72B4B22D26600960D138D5FE7F871074B1BFED4F4D77F3DF12C308