4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.6%
There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0.5.15 and earlier that is used by IMS™ Enterprise Suite: Explorer for Development. This issue was disclosed as part of the IBM Java SDK updates in July 2018.
The IBM Java Runtime Environment’s Diagnostic Tooling Framework for Java (DTFJ) does not protect against path traversal attacks when extracting compressed dump files.
The fix ensures that malicious zip files are handled gracefully.
The IBM Java Runtime Environment’s Late Attach mechanism can be compromised by an attacker with access to the same local environment as the target JVM. The attack allows arbitrary code to be injected.
Various security enhancements ensure that the Late Attach mechanism cannot be compromised in this way.
Explorer for Development of the IMS™ Enterprise Suite Versions 3.3.1 and earlier.
Product
|
VRMF
|
APAR
|
Download URL
—|—|—|—
IMS Enterprise Suite Explorer for Development V3.3
|
3.3.1.10
|
N/A
|
_https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/_
IMS Enterprise Suite Explorer for Development V3.2
|
_ 3.2.1.16_
|
N/A
|
_https://developer.ibm.com/mainframe/products/downloads/eclipse-tools/_
CPE | Name | Operator | Version |
---|---|---|---|
ibm ims enterprise suite for z/os | eq | 3.3.1 | |
ibm ims enterprise suite for z/os | eq | 3.2 |
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
58.6%