Lucene search

K
ibmIBMFE752375F93FC92B2A9739798BAB02AD01A97863DA8F24EEBD0ACD3ABB213574
HistoryJun 15, 2018 - 6:56 a.m.

IBM WebSphere Cast Iron Security Bulletin: Multiple security vulnerabilities in IBM JRE 6

2018-06-1506:56:07
www.ibm.com
38

0.156 Low

EPSS

Percentile

96.0%

Abstract

Multiple security vulnerabilities exist in the IBM Java Runtime Environment component of WebSphere Cast Iron in IBM JRE 6.0 SR12 (and earlier).

Content

VULNERABILITY DETAILS

There are multiple security vulnerabilities in the IBM Java Runtime Environment used in WebSphere Cast Iron.

CVE ID: CVE-2013-1478

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81754&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

**CVE ID:**CVE-2013-0445

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81756&gt; *CVSS Environmental Score: **Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-1480

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81757&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE****ID: CVE-2013-1475

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81759&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-1476

Description: Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2013-0441 and CVE-2013-1475.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81760&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

**CVE ID:**CVE-2012-1541

Description: Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81761&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0446

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

CVSS Base Score: 10 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81762&gt; *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C)

**CVE ID:**CVE-2012-3342

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment

CVSS Base Score: 9.3 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/78334&gt; *CVSS Environmental Score:**Undefined **CVSS Vector: **undefined

**CVE ID:**CVE-2013-0442

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT

CVSS Base Score: 10 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81755&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0450

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX

CVSS Base Score: 10 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81764&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0425

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0428 and CVE-2013-0426

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81766&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0426

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428.

**CVSS Base Score:**10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81767&gt; *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0428

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0426

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81768&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2012-3213

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

CVSS Base Score: 10 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81769&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-1481

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.

**CVSS Base Score:**10
**CVSS Temporal Score:*See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81770&gt;
CVSS Environmental Score:
Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0419

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS Base Score: 7.6 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81783&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0423

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

CVSS Base Score: 7.6 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81784&gt; *CVSS Environmental Score: **Undefined **CVSS Vector: **(AV:N/AC:H/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-0351

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU.

**CVSS Base Score:**7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81786&gt; *CVSS Environmental Score: **Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVE ID: CVE-2013-0432

**Description:**Allows remote attackers to affect confidentiality and integrity via vectors related to AWT

CVSS Base Score: 6.4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81788&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-1473

**Description:**Allows remote attackers to affect integrity via unknown vectors related to Deployment.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81790&gt; *CVSS Environmental Score: **Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0435

**Description:**Allows remote attackers to affect confidentiality via vectors related to JAX-WS.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81791&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-0434

**Description:**Allows remote attackers to affect confidentiality via vectors related to JAXP

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81792&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-0409

**Description:**Allows remote attackers to affect confidentiality via vectors related to JMX.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81793&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-0427

**Description:**Allows remote attackers to affect integrity via unknown vectors related to Libraries.

CVSS Base Score: 5 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81795&gt; *CVSS Environmental Score: **Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0433

**Description:**Allows remote attackers to affect integrity via unknown vectors related to Networking.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81797&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0424

**Description:**Allows remote attackers to affect integrity via vectors related to RMI.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81798&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE ID: CVE-2013-0440

**Description:**Allows remote attackers to affect availability via vectors related to JSSE.

CVSS Base Score: 5 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81799&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVE ID: CVE-2013-0438

**Description:**Allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81800&gt; *CVSS Environmental Score: **Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE ID: CVE-2013-0443

**Description:**Allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

CVSS Base Score: 4 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/81801&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:N)

CVE ID: CVE-2013-1487

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82177&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVE ID: CVE-2013-1486

**Description:**Allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.

CVSS Base Score: 10 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82178&gt; *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.

AFFECTED PLATFORMS:
IBM WebSphere Cast Iron v6.3 Studio, Virtual Appliance and Physical Appliance
IBM WebSphere Cast Iron v6.3 Live SaaS offering.

WORKAROUND
None available; Apply the fix detailed below.

REMEDIATION:
Apply the fix detailed below.

FIX

For IBM WebSphere Cast Iron v6.3:
Apply the v6.3.0.1 interim fix.

The WebSphere Cast Iron V6.3 interim fix can be obtained via this link

SaaS offering (WebSphere Cast Iron Live v6.3)
Customers still on the lower versions of SaaS offering can request from the WebSphere Cast Iron cloud operations team that their tenant is migrated to the Cast Iron v6.3 Live offering.

APAR LI77261 is targeted for availability in IBM WebSphere Cast Iron v6.3.0.2 fixPacks.

MITIGATION:
None known

REFERENCES:
Complete CVSS Guide (<http://www.first.org/cvss/v2/guide&gt;)
On-line Calculator V2 (<https://nvd.nist.gov/CVSS-v2-Calculator&gt;)

CVE-2013-1478 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1478&gt;)
CVE-2013-0445 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0445&gt;)
CVE-2013-1480 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1480&gt;)
CVE-2013-1475 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1475&gt;)
CVE-2013-1476 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1476&gt;)
CVE-2012-1541 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1541&gt;)
CVE-2013-0446 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0446&gt;)
CVE-2012-3342 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3342&gt;)
CVE-2013-0442 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0442&gt;)
CVE-2013-0450 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0450&gt;)
CVE-2013-0425 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0425&gt;)
CVE-2013-0426 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0426&gt;)
CVE-2013-0428 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0428&gt;)
CVE-2012-3213 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3213&gt;)
CVE-2013-1481 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1481&gt;)
CVE-2013-0419 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0419&gt;)
CVE-2013-0423 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0423&gt;)
CVE-2013-0351 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0351&gt;)
CVE-2013-0432 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0432&gt;)
CVE-2013-1473 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1473&gt;)
CVE-2013-0435 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0435&gt;)
CVE-2013-0434 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0434&gt;)
CVE-2013-0409 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0409&gt;)
CVE-2013-0427 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0427&gt;)
CVE-2013-0433 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0433&gt;)
CVE-2013-0424 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0424&gt;)
CVE-2013-0440 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0440&gt;)
CVE-2013-0438 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0438&gt;)
CVE-2013-0443 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0443&gt;)
CVE-2013-1487 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1487&gt;)
CVE-2013-1486 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1486&gt;)
CVE-2013-0169 (<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0169&gt;)

CHANGE HISTORY:
<2013/04/30>: Original Copy Published
<2017/03/02>: Support information related to version 6.0 and 6.1 removed as not these version not supported.

Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an “industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.” IBM PROVIDES THE CVSS SCORES “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

[{“Product”:{“code”:“SSGR73”,“label”:“IBM Cast Iron Cloud Integration”},“Business Unit”:{“code”:“BU053”,“label”:“Cloud & Data Platform”},“Component”:“Not Applicable”,“Platform”:[{“code”:“PF016”,“label”:“Linux”},{“code”:“PF033”,“label”:“Windows”},{“code”:“PF009”,“label”:“Firmware”}],“Version”:“6.3”,“Edition”:“Virtual;Physical;Cloud”,“Line of Business”:{“code”:“LOB45”,“label”:“Automation”}}]

CPENameOperatorVersion
IBM Cast Iron Cloud Integrationeq6.3

0.156 Low

EPSS

Percentile

96.0%